Published on 10 May 2023 | Updated on 10 May 2023
SingCERT's Security Bulletin summarises the list of vulnerabilities collated from the National Institute of Standards and Technology (NIST)'s National Vulnerability Database (NVD) in the past week.
The vulnerabilities are tabled based on severity, in accordance to their CVSSv3 base scores:
Critical | vulnerabilities with a base score of 9.0 to 10.0 |
High | vulnerabilities with a base score of 7.0 to 8.9 |
Medium | vulnerabilities with a base score of 4.0 to 6.9 |
Low | vulnerabilities with a base score of 0.1 to 3.9 |
None | vulnerabilities with a base score of 0.0 |
For those vulnerabilities without assigned CVSS scores, please visit NVD for the updated CVSS vulnerability entries.
CVE Number | Description | Base Score | Reference |
---|---|---|---|
CVE-2023-30838 | PrestaShop is an Open Source e-commerce web application. Prior to versions 8.0.4 and 1.7.8.9, the `ValidateCore::isCleanHTML()` method of Prestashop misses hijackable events which can lead to cross-site scripting (XSS) injection, allowed by the presence of pre-setup `@keyframes` methods. This XSS, which hijacks HTML attributes, can be triggered without any interaction by the visitor/administrator, which makes it as dangerous as a trivial XSS attack. Contrary to other attacks which target HTML attributes and are triggered without user interaction (such as onload / onerror which suffer from a very limited scope), this one can hijack every HTML element, which increases the danger due to a complete HTML elements scope. Versions 8.0.4 and 1.7.8.9 contain a fix for this issue. | 9.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-30838 |
CVE-2023-27407 | A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). The web based management of affected device does not properly validate user input, making it susceptible to command injection. This could allow an authenticated remote attacker to access the underlying operating system as the root user. | 9.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-27407 |
CVE-2023-30898 | A vulnerability has been identified in Siveillance Video 2020 R2 (All versions < V20.2 HotfixRev14), Siveillance Video 2020 R3 (All versions < V20.3 HotfixRev12), Siveillance Video 2021 R1 (All versions < V21.1 HotfixRev12), Siveillance Video 2021 R2 (All versions < V21.2 HotfixRev8), Siveillance Video 2022 R1 (All versions < V22.1 HotfixRev7), Siveillance Video 2022 R2 (All versions < V22.2 HotfixRev5), Siveillance Video 2022 R3 (All versions < V22.3 HotfixRev2), Siveillance Video 2023 R1 (All versions < V23.1 HotfixRev1). The Event Server component of affected applications deserializes data without sufficient validations. This could allow an authenticated remote attacker to execute code on the affected system. | 9.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-30898 |
CVE-2023-30899 | A vulnerability has been identified in Siveillance Video 2020 R2 (All versions < V20.2 HotfixRev14), Siveillance Video 2020 R3 (All versions < V20.3 HotfixRev12), Siveillance Video 2021 R1 (All versions < V21.1 HotfixRev12), Siveillance Video 2021 R2 (All versions < V21.2 HotfixRev8), Siveillance Video 2022 R1 (All versions < V22.1 HotfixRev7), Siveillance Video 2022 R2 (All versions < V22.2 HotfixRev5), Siveillance Video 2022 R3 (All versions < V22.3 HotfixRev2), Siveillance Video 2023 R1 (All versions < V23.1 HotfixRev1). The Management Server component of affected applications deserializes data without sufficient validations. This could allow an authenticated remote attacker to execute code on the affected system. | 9.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-30899 |
CVE-2016-0959 | Use after free vulnerability in Adobe Flash Player Desktop Runtime before 20.0.0.267, Adobe Flash Player Extended Support Release before 18.0.0.324, Adobe Flash Player for Google Chrome before 20.0.0.267, Adobe Flash Player for Microsoft Edge and Internet Explorer 11 before 20.0.0.267, Adobe Flash Player for Internet Explorer 10 and 11 before 20.0.0.267, Adobe Flash Player for Linux before 11.2.202.559, AIR Desktop Runtime before 20.0.0.233, AIR SDK before 20.0.0.233, AIR SDK & Compiler before 20.0.0.233, AIR for Android before 20.0.0.233. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2016-0959 |
CVE-2020-8597 | eap.c in pppd in ppp 2.4.2 through 2.4.8 has an rhostname buffer overflow in the eap_request and eap_response functions. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-8597 |
CVE-2020-7808 | In RAONWIZ K Upload v2018.0.2.51 and prior, automatic update processing without integrity check on update module(web.js) allows an attacker to modify arguments which causes downloading a random DLL and injection on it. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-7808 |
CVE-2021-29921 | In Python before 3,9,5, the ipaddress library mishandles leading zero characters in the octets of an IP address string. This (in some situations) allows attackers to bypass access control that is based on IP addresses. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-29921 |
CVE-2021-37232 | A stack overflow vulnerability occurs in Atomicparsley 20210124.204813.840499f through APar_read64() in src/util.cpp due to the lack of buffer size of uint32_buffer while reading more bytes in APar_read64. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-37232 |
CVE-2021-42847 | Zoho ManageEngine ADAudit Plus before 7006 allows attackers to write to, and execute, arbitrary files. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-42847 |
CVE-2022-26496 | In nbd-server in nbd before 3.24, there is a stack-based buffer overflow. An attacker can cause a buffer overflow in the parsing of the name field by sending a crafted NBD_OPT_INFO or NBD_OPT_GO message with an large value as the length of the name. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26496 |
CVE-2022-28888 | Spryker Commerce OS 1.4.2 allows Remote Command Execution. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-28888 |
CVE-2022-36190 | GPAC mp4box 2.1-DEV-revUNKNOWN-master has a use-after-free vulnerability in function gf_isom_dovi_config_get. This vulnerability was fixed in commit fef6242. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-36190 |
CVE-2022-37454 | The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-37454 |
CVE-2022-45062 | In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, there is an argument injection vulnerability in xfce4-mime-helper. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-45062 |
CVE-2022-3520 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0765. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-3520 |
CVE-2022-46882 | A use-after-free in WebGL extensions could have led to a potentially exploitable crash. This vulnerability affects Firefox < 107, Firefox ESR < 102.6, and Thunderbird < 102.6. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-46882 |
CVE-2023-24033 | The Samsung Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, and Exynos Auto T512 baseband modem chipsets do not properly check format types specified by the Session Description Protocol (SDP) module, which can lead to a denial of service. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24033 |
CVE-2023-28613 | An issue was discovered in Samsung Exynos Mobile Processor and Baseband Modem Processor for Exynos 1280, Exynos 2200, and Exynos Modem 5300. An integer overflow in IPv4 fragment handling can occur due to insufficient parameter validation when reassembling these fragments. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28613 |
CVE-2022-46709 | A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Ventura 13, iOS 16. An app may be able to execute arbitrary code with kernel privileges | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-46709 |
CVE-2023-26063 | Certain Lexmark devices through 2023-02-19 access a Resource By Using an Incompatible Type. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26063 |
CVE-2023-26064 | Certain Lexmark devices through 2023-02-19 have an Out-of-bounds Write. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26064 |
CVE-2023-26065 | Certain Lexmark devices through 2023-02-19 have an Integer Overflow. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26065 |
CVE-2023-26066 | Certain Lexmark devices through 2023-02-19 have Improper Validation of an Array Index. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26066 |
CVE-2023-26068 | Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 2 of 4). | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26068 |
CVE-2023-26069 | Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 3 of 4). | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26069 |
CVE-2023-26070 | Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 4 of 4). | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26070 |
CVE-2023-30770 | A stack-based buffer overflow vulnerability was found in the ASUSTOR Data Master (ADM) due to the lack of data size validation. An attacker can exploit this vulnerability to execute arbitrary code. Affected ADM versions include: 4.0.6.REG2, 4.1.0 and below as well as 4.2.0.RE71 and below. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30770 |
CVE-2023-23451 | The Flexi Classic and Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNET GATEW., SICK UE410-EN1 FLEXI ETHERNET GATEW., SICK UE410-EN3S04 FLEXI ETHERNET GATEW., SICK UE410-EN4 FLEXI ETHERNET GATEW., SICK FX0-GENT00000 FLEXISOFT EIP GATEW., SICK FX0-GMOD00000 FLEXISOFT MOD GATEW., SICK FX0-GPNT00000 FLEXISOFT PNET GATEW., SICK FX0-GENT00030 FLEXISOFT EIP GATEW.V2, SICK FX0-GPNT00030 FLEXISOFT PNET GATEW.V2 and SICK FX0-GMOD00010 FLEXISOFT MOD GW. have Telnet enabled by factory default. No password is set in the default configuration. Gateways with a serial number >2311xxxx have the Telnet interface disabled by factory default. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23451 |
CVE-2022-29604 | An issue was discovered in ONOS 2.5.1. An intent with an uppercase letter in a device ID shows the CORRUPT state, which is misleading to a network operator. Improper handling of case sensitivity causes inconsistency between intent and flow rules in the network. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-29604 |
CVE-2022-29606 | An issue was discovered in ONOS 2.5.1. An intent with a large port number shows the CORRUPT state, which is misleading to a network operator. Improper handling of such port numbers causes inconsistency between intent and flow rules in the network. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-29606 |
CVE-2023-2231 | A vulnerability, which was classified as critical, was found in MAXTECH MAX-G866ac 0.4.1_TBRO_20160314. This affects an unknown part of the component Remote Management. The manipulation leads to missing authentication. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227001 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2231 |
CVE-2023-2246 | A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. This vulnerability affects unknown code of the file admin/ajax.php?action=save_settings. The manipulation of the argument img leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227236. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2246 |
CVE-2023-25131 | Use of default password vulnerability in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 64bit v4.8.6 and earlier, PowerPanel Business Management for Linux 32bit v4.8.6 and earlier, PowerPanel Business Management for Linux 64bit v4.8.6 and earlier, PowerPanel Business Local/Remote for MacOS v4.8.6 and earlier, and PowerPanel Business Management for MacOS v4.8.6 and earlier allows remote attackers to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the 'admin' password. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25131 |
CVE-2023-24819 | RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in an out of bounds write in the packet buffer. The overflow can be used to corrupt other packets and the allocator metadata. Corrupting a pointer will easily lead to denial of service. While carefully manipulating the allocator metadata gives an attacker the possibility to write data to arbitrary locations and thus execute arbitrary code. Version 2022.10 fixes this issue. As a workaround, disable support for fragmented IP datagrams or apply the patches manually. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24819 |
CVE-2023-24823 | RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a type confusion between IPv6 extension headers and a UDP header. This occurs while encoding a 6LoWPAN IPHC header. The type confusion manifests in an out of bounds write in the packet buffer. The overflow can be used to corrupt other packets and the allocator metadata. Corrupting a pointer will easily lead to denial of service. While carefully manipulating the allocator metadata gives an attacker the possibility to write data to arbitrary locations and thus execute arbitrary code. Version 2022.10 fixes this issue. As a workaround, apply the patches manually. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24823 |
CVE-2023-26865 | SQL injection vulnerability found in PrestaShop bdroppy v.2.2.12 and before allowing a remote attacker to gain privileges via the BdroppyCronModuleFrontController::importProducts component. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26865 |
CVE-2023-27848 | broccoli-compass v0.2.4 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27848 |
CVE-2023-27849 | rails-routes-to-json v1.0.0 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27849 |
CVE-2023-29566 | huedawn-tesseract 0.3.3 and dawnsparks-node-tesseract 0.4.0 to 0.4.1 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29566 |
CVE-2023-28771 | Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, which could allow an unauthenticated attacker to execute some OS commands remotely by sending crafted packets to an affected device. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28771 |
CVE-2023-27105 | A vulnerability in the Wi-Fi file transfer module of Shanling M5S Portable Music Player with Shanling MTouch OS v4.3 and Shanling M2X Portable Music Player with Shanling MTouch OS v3.3 allows attackers to arbitrarily read, delete, or modify any critical system files via directory traversal. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27105 |
CVE-2023-25313 | OS injection vulnerability in World Wide Broadcast Network AVideo version before 12.4, allows attackers to execute arbitrary code via the video link field to the Embed a video link feature. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25313 |
CVE-2012-5872 | ARC (aka ARC2) through 2011-12-01 allows blind SQL Injection in getTriplePatternSQL in ARC2_StoreSelectQueryHandler.php via comments in a SPARQL WHERE clause. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2012-5872 |
CVE-2023-27843 | SQL injection vulnerability found in PrestaShop askforaquote v.5.4.2 and before allow a remote attacker to gain privileges via the QuotesProduct::deleteProduct component. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27843 |
CVE-2023-30404 | Aigital Wireless-N Repeater Mini_Router v0.131229 was discovered to contain a remote code execution (RCE) vulnerability via the sysCmd parameter in the formSysCmd function. This vulnerability is exploited via a crafted HTTP request. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30404 |
CVE-2023-24796 | Password vulnerability found in Vinga WR-AC1200 81.102.1.4370 and before allows a remote attacker to execute arbitrary code via the password parameter at the /goform/sysTools and /adm/systools.asp endpoints. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24796 |
CVE-2022-39989 | An issue was discovered in Fighting Cock Information System 1.0, which uses default credentials, but does not force nor prompt the administrators to change the credentials. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-39989 |
CVE-2023-30211 | OURPHP <= 7.2.0 is vulnerable to SQL Injection. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30211 |
CVE-2023-29268 | The Splus Server component of TIBCO Software Inc.'s TIBCO Spotfire Statistics Services contains a vulnerability that allows an unauthenticated remote attacker to upload or modify arbitrary files within the web server directory on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Statistics Services: versions 11.4.10 and below, versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.7.0, 11.8.0, 11.8.1, 12.0.0, 12.0.1, and 12.0.2, versions 12.1.0 and 12.2.0.\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29268 |
CVE-2020-36070 | Insecure Permission vulnerability found in Yoyager v.1.4 and before allows a remote attacker to execute arbitrary code via a crafted .php file to the media component. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-36070 |
CVE-2023-30280 | Buffer Overflow vulnerability found in Netgear R6900 v.1.0.2.26, R6700v3 v.1.0.4.128, R6700 v.1.0.0.26 allows a remote attacker to execute arbitrary code and cause a denial ofservice via the getInputData parameter of the fwSchedule.cgi page. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30280 |
CVE-2023-30363 | vConsole v3.15.0 was discovered to contain a prototype pollution due to incorrect key and value resolution in setOptions in core.ts. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30363 |
CVE-2023-20852 | aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ interpreter. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands to perform arbitrary system operation or disrupt service. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-20852 |
CVE-2023-20853 | aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ asynchronized message process. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands to perform arbitrary system operation or disrupt service. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-20853 |
CVE-2023-28697 | Moxa MiiNePort E1 has a vulnerability of insufficient access control. An unauthenticated remote user can exploit this vulnerability to perform arbitrary system operation or disrupt service. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28697 |
CVE-2023-28769 | The buffer overflow vulnerability in the library “libclinkc.so” of the web server “zhttpd” in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated attacker to execute some OS commands or to cause denial-of-service (DoS) conditions on a vulnerable device. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28769 |
CVE-2023-1778 | This vulnerability exists in GajShield Data Security Firewall firmware versions prior to v4.28 (except v4.21) due to insecure default credentials which allows remote attacker to login as superuser by using default username/password via web-based management interface and/or exposed SSH port thereby enabling remote attackers to execute arbitrary commands with administrative/superuser privileges on the targeted systems.\n\nThe vulnerability has been addressed by forcing the user to change their default password to a new non-default password.\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1778 |
CVE-2023-2344 | A vulnerability has been found in SourceCodester Service Provider Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=save_service of the component HTTP POST Request Handler. The manipulation of the argument name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227587. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2344 |
CVE-2023-30349 | JFinal CMS v5.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the ActionEnter function. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30349 |
CVE-2023-2345 | A vulnerability was found in SourceCodester Service Provider Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /classes/Master.php?f=delete_inquiry. The manipulation leads to improper authorization. The attack may be launched remotely. The identifier of this vulnerability is VDB-227588. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2345 |
CVE-2023-2346 | A vulnerability was found in SourceCodester Service Provider Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/inquiries/view_inquiry.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227589 was assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2346 |
CVE-2023-2347 | A vulnerability was found in SourceCodester Service Provider Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/services/manage_service.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-227590 is the identifier assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2347 |
CVE-2023-2348 | A vulnerability was found in SourceCodester Service Provider Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/user/manage_user.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227591. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2348 |
CVE-2023-2158 | Code Dx versions prior to 2023.4.2 are vulnerable to user impersonation attack where a malicious actor is able to gain access to another user's account by crafting a custom "Remember Me" token. This is possible due to the use of a hard-coded cipher which was used when generating the token. A malicious actor who creates this token can supply it to a separate Code Dx system, provided they know the username they want to impersonate, and impersonate the user. Score 6.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2158 |
CVE-2023-1967 | Keysight N8844A Data Analytics Web Service deserializes untrusted data without sufficiently verifying the resulting data will be valid. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1967 |
CVE-2023-2363 | A vulnerability, which was classified as critical, has been found in SourceCodester Resort Reservation System 1.0. This issue affects some unknown processing of the file view_room.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227639. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2363 |
CVE-2023-30466 | This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC), due to a weak password reset mechanism at the Milesight NVR web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http requests on the targeted device.\n\nSuccessful exploitation of this vulnerability could allow remote attacker to account takeover on the targeted device.\n\n\n\n\n\n\n\n\n\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30466 |
CVE-2023-30467 | This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS-Nxxxx-xxT, MS-Nxxxx-xxH and MS-Nxxxx-xxC), due to improper authorization at the Milesight NVR web-based management interface. A remote attacker could exploit this vulnerability by sending a specially crafted http requests on the targeted device.\n\nSuccessful exploitation of this vulnerability could allow remote attacker to perform unauthorized activities on the targeted device.\n\n\n\n\n\n\n\n\n\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30467 |
CVE-2023-2365 | A vulnerability has been found in SourceCodester Faculty Evaluation System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file ajax.php?action=delete_subject. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227641 was assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2365 |
CVE-2023-2366 | A vulnerability was found in SourceCodester Faculty Evaluation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file ajax.php?action=delete_class. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-227642 is the identifier assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2366 |
CVE-2022-41397 | The optional Web Screens and Global Search features for Sage 300 through version 2022 use a hard-coded 40-byte blowfish key ("LandlordPassKey") to encrypt and decrypt secrets stored in configuration files and in database tables. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-41397 |
CVE-2022-41400 | Sage 300 through 2022 uses a hard-coded 40-byte blowfish key to encrypt and decrypt user passwords and SQL connection strings stored in ISAM database files in the shared data directory. This issue could allow attackers to decrypt user passwords and SQL connection strings. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-41400 |
CVE-2023-2367 | A vulnerability was found in SourceCodester Faculty Evaluation System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/manage_academic.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227643. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2367 |
CVE-2023-2368 | A vulnerability was found in SourceCodester Faculty Evaluation System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file index.php?page=manage_questionnaire. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227644. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2368 |
CVE-2023-2369 | A vulnerability was found in SourceCodester Faculty Evaluation System 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin/manage_restriction.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227645 was assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2369 |
CVE-2023-28473 | Concrete CMS (previously concrete5) before 9.2 is vulnerable to possible Auth bypass in the jobs section. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28473 |
CVE-2023-2370 | A vulnerability classified as critical has been found in SourceCodester Online DJ Management System 1.0. Affected is an unknown function of the file admin/events/manage_event.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-227646 is the identifier assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2370 |
CVE-2023-2371 | A vulnerability classified as critical was found in SourceCodester Online DJ Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/inquiries/view_details.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227647. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2371 |
CVE-2023-0834 | Incorrect Permission Assignment for Critical Resource vulnerability in HYPR Workforce Access on MacOS allows Privilege Escalation.This issue affects Workforce Access: from 6.12 before 8.1.\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0834 |
CVE-2023-1966 | Instruments with Illumina Universal Copy Service v1.x and\nv2.x contain an unnecessary privileges vulnerability. An unauthenticated\nmalicious actor could upload and execute code remotely at the operating system\nlevel, which could allow an attacker to change settings, configurations,\nsoftware, or access sensitive data on the affected product.\n\n\n\n\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1966 |
CVE-2023-26781 | SQL injection vulnerability in mccms 2.6 allows remote attackers to run arbitrary SQL commands via Author Center ->Reader Comments ->Search. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26781 |
CVE-2023-26813 | SQL injection vulnerability in com.xnx3.wangmarket.plugin.dataDictionary.controller.DataDictionaryPluginController.java in wangmarket CMS 4.10 allows remote attackers to run arbitrary SQL commands via the TableName parameter to /plugin/dataDictionary/tableView.do. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26813 |
CVE-2023-31470 | SmartDNS through 41 before 56d0332 allows an out-of-bounds write because of a stack-based buffer overflow in the _dns_encode_domain function in the dns.c file, via a crafted DNS request. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-31470 |
CVE-2023-2420 | A vulnerability was found in MLECMS 3.0. It has been rated as critical. This issue affects the function get_url in the library /upload/inc/lib/admin of the file upload\\inc\\include\\common.func.php. The manipulation of the argument $_SERVER['REQUEST_URI'] leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227717 was assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2420 |
CVE-2023-2429 | Improper Access Control in GitHub repository thorsten/phpmyfaq prior to 3.1.13. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2429 |
CVE-2015-10105 | A vulnerability, which was classified as critical, was found in IP Blacklist Cloud Plugin up to 3.42 on WordPress. This affects the function valid_js_identifier of the file ip_blacklist_cloud.php of the component CSV File Import. The manipulation of the argument filename leads to path traversal. It is possible to initiate the attack remotely. Upgrading to version 3.43 is able to address this issue. The name of the patch is 6e6fe8c6fda7cbc252eef083105e08d759c07312. It is recommended to upgrade the affected component. The identifier VDB-227757 was assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2015-10105 |
CVE-2023-30859 | Triton is a Minecraft plugin for Spigot and BungeeCord that helps you translate your Minecraft server. The CustomPayload packet allows you to execute commands on the spigot/bukkit console. When you enable bungee mode in the config it will enable the bungee bridge and the server will begin to broadcast the 'triton:main' plugin channel. Using this plugin channel you are able to send a payload packet containing a byte (2) and a string (any spigot command). This could be used to make yourself a server operator and be used to extract other user information through phishing (pretending to be an admin), many servers use essentials so the /geoip command could be available to them, etc. This could also be modified to allow you to set the servers language, set another players language, etc. This issue affects those who have bungee enabled in config. This issue has been fixed in version 3.8.4. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30859 |
CVE-2022-45802 | Streampark allows any users to upload a jar as application, but there is no mandatory verification of the uploaded file type, causing users to upload some high-risk files, and may upload them to any directory, Users of the affected versions should upgrade to Apache StreamPark 2.0.0 or later\n\n\n\n\n\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-45802 |
CVE-2023-29635 | File upload vulnerability in Antabot White-Jotter v0.2.2, allows remote attackers to execute malicious code via the file parameter to function coversUpload. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29635 |
CVE-2023-2451 | A vulnerability was found in SourceCodester Online DJ Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/bookings/view_details.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227795. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2451 |
CVE-2022-35898 | OpenText BizManager before 16.6.0.1 does not perform proper validation during the change-password operation. This allows any authenticated user to change the password of any other user, including the Administrator account. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-35898 |
CVE-2023-1730 | The SupportCandy WordPress plugin before 3.1.5 does not validate and escape user input before using it in an SQL statement, which could allow unauthenticated attackers to perform SQL injection attacks | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1730 |
CVE-2023-30869 | Improper Authentication vulnerability in Easy Digital Downloads plugin allows unauth. Privilege Escalation. This issue affects Easy Digital Downloads: from 3.1 through 3.1.1.4.1. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30869 |
CVE-2023-2479 | OS Command Injection in GitHub repository appium/appium-desktop prior to v1.22.3-4. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2479 |
CVE-2023-29778 | GL.iNET MT3000 4.1.0 Release 2 is vulnerable to OS Command Injection via /usr/lib/oui-httpd/rpc/logread. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29778 |
CVE-2023-30204 | Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the judge_id parameter at /php-jms/edit_judge.php. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30204 |
CVE-2023-24941 | Windows Network File System Remote Code Execution Vulnerability | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24941 |
CVE-2023-24943 | Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24943 |
CVE-2022-4135 | Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | 9.6 | https://nvd.nist.gov/vuln/detail/CVE-2022-4135 |
CVE-2022-28805 | singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-28805 |
CVE-2023-2227 | Improper Authorization in GitHub repository modoboa/modoboa prior to 2.1.0. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-2227 |
CVE-2021-44547 | A sandboxing issue in Odoo Community 15.0 and Odoo Enterprise 15.0 allows authenticated administrators to executed arbitrary code, leading to privilege escalation. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-44547 |
CVE-2022-46365 | Apache StreamPark 1.0.0 before 2.0.0 When the user successfully logs in, to modify his profile, the username will be passed to the server-layer as a parameter, but not verified whether the user name is the currently logged user and whether the user is legal, This will allow malicious attackers to send any username to modify and reset the account, Users of the affected versions should upgrade to Apache StreamPark 2.0.0 or later.\n\n\n\n\n | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-46365 |
CVE-2023-30613 | Kiwi TCMS, an open source test management system, allows users to upload attachments to test plans, test cases, etc. In versions of Kiwi TCMS prior to 12.2, there is no control over what kinds of files can be uploaded. Thus, a malicious actor may upload an `.exe` file or a file containing embedded JavaScript and trick others into clicking on these files, causing vulnerable browsers to execute malicious code on another computer.\n\nKiwi TCMS v12.2 comes with functionality that allows administrators to configure additional upload validator functions which give them more control over what file types are accepted for upload. By default `.exe` are denied. Other files containing the `--redacted--S, an open source test management system, allows users to upload attachments to test plans, test cases, etc. In versions of Kiwi TCMS prior to 12.2, there is no control over what kinds of files can be uploaded. Thus, a malicious actor may upload an `.exe` file or a file containing embedded JavaScript and trick others into clicking on these files, causing vulnerable browsers to execute malicious code on another computer.\n\nKiwi TCMS v12.2 comes with functionality that allows administrators to configure additional upload validator functions which give them more control over what file types are accepted for upload. By default `.exe` are denied. Other files containing the `<script>` tag, regardless of their type are also denied b/c they are a path to XSS attacks. There are no known workarounds aside from upgrading | 9 | https://nvd.nist.gov/vuln/detail/CVE-2023-30613 |
CVE-2023-22637 | An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in License Management would permit an authenticated attacker to trigger remote code execution via crafted licenses. | 9 | https://nvd.nist.gov/vuln/detail/CVE-2023-22637 |
CVE Number | Description | Base Score | Reference |
---|---|---|---|
CVE-2015-8652 | Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via crafted MPEG-4 data, a different vulnerability than CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8443, CVE-2015-8444, CVE-2015-8451, CVE-2015-8455, CVE-2015-8654, CVE-2015-8656, CVE-2015-8657, CVE-2015-8658, and CVE-2015-8820. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2015-8652 |
CVE-2015-8653 | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via crafted MPEG-4 data, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, CVE-2015-8454, CVE-2015-8655, CVE-2015-8821, and CVE-2015-8822. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2015-8653 |
CVE-2015-8654 | Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via crafted MPEG-4 data, a different vulnerability than CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8443, CVE-2015-8444, CVE-2015-8451, CVE-2015-8455, CVE-2015-8652, CVE-2015-8656, CVE-2015-8657, CVE-2015-8658, and CVE-2015-8820. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2015-8654 |
CVE-2015-8655 | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via crafted MPEG-4 data, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, CVE-2015-8454, CVE-2015-8653, CVE-2015-8821, and CVE-2015-8822. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2015-8655 |
CVE-2015-8656 | Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via crafted MPEG-4 data, a different vulnerability than CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8443, CVE-2015-8444, CVE-2015-8451, CVE-2015-8455, CVE-2015-8652, CVE-2015-8654, CVE-2015-8657, CVE-2015-8658, and CVE-2015-8820. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2015-8656 |
CVE-2015-8657 | Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via crafted MPEG-4 data, a different vulnerability than CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8443, CVE-2015-8444, CVE-2015-8451, CVE-2015-8455, CVE-2015-8652, CVE-2015-8654, CVE-2015-8656, CVE-2015-8658, and CVE-2015-8820. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2015-8657 |
CVE-2015-8658 | Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (uninitialized pointer dereference and memory corruption) via crafted MPEG-4 data, a different vulnerability than CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8443, CVE-2015-8444, CVE-2015-8451, CVE-2015-8455, CVE-2015-8652, CVE-2015-8654, CVE-2015-8656, CVE-2015-8657, and CVE-2015-8820. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2015-8658 |
CVE-2015-8820 | Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allow attackers to execute arbitrary code or cause a denial of service (out-of-bounds read and memory corruption) via crafted MPEG-4 data, a different vulnerability than CVE-2015-8045, CVE-2015-8047, CVE-2015-8060, CVE-2015-8408, CVE-2015-8416, CVE-2015-8417, CVE-2015-8418, CVE-2015-8419, CVE-2015-8443, CVE-2015-8444, CVE-2015-8451, CVE-2015-8455, CVE-2015-8652, CVE-2015-8654, CVE-2015-8656, CVE-2015-8657, and CVE-2015-8658. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2015-8820 |
CVE-2015-8821 | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via crafted MPEG-4 data, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, CVE-2015-8454, CVE-2015-8653, CVE-2015-8655, and CVE-2015-8822. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2015-8821 |
CVE-2015-8822 | Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via crafted MPEG-4 data, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, CVE-2015-8454, CVE-2015-8653, CVE-2015-8655, and CVE-2015-8821. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2015-8822 |
CVE-2019-7572 | SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in IMA_ADPCM_nibble in audio/SDL_wave.c. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-7572 |
CVE-2019-7573 | SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (inside the wNumCoef loop). | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-7573 |
CVE-2019-7574 | SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in IMA_ADPCM_decode in audio/SDL_wave.c. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-7574 |
CVE-2019-7575 | SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer overflow in MS_ADPCM_decode in audio/SDL_wave.c. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-7575 |
CVE-2019-7576 | SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitMS_ADPCM in audio/SDL_wave.c (outside the wNumCoef loop). | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-7576 |
CVE-2019-7577 | SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a buffer over-read in SDL_LoadWAV_RW in audio/SDL_wave.c. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-7577 |
CVE-2019-7638 | SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Map1toN in video/SDL_pixels.c. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-7638 |
CVE-2021-33657 | There is a heap overflow problem in video/SDL_pixels.c in SDL (Simple DirectMedia Layer) 2.x to 2.0.18 versions. By crafting a malicious .BMP file, an attacker can cause the application using this library to crash, denial of service or Code execution. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-33657 |
CVE-2022-3723 | Type confusion in V8 in Google Chrome prior to 107.0.5304.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-3723 |
CVE-2022-3445 | Use after free in Skia in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-3445 |
CVE-2022-3446 | Heap buffer overflow in WebSQL in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-3446 |
CVE-2022-3448 | Use after free in Permissions API in Google Chrome prior to 106.0.5249.119 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-3448 |
CVE-2022-3449 | Use after free in Safe Browsing in Google Chrome prior to 106.0.5249.119 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-3449 |
CVE-2022-3450 | Use after free in Peer Connection in Google Chrome prior to 106.0.5249.119 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-3450 |
CVE-2022-4174 | Type confusion in V8 in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-4174 |
CVE-2022-4175 | Use after free in Camera Capture in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-4175 |
CVE-2022-4176 | Out of bounds write in Lacros Graphics in Google Chrome on Chrome OS and Lacros prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interactions. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-4176 |
CVE-2022-4177 | Use after free in Extensions in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install an extension to potentially exploit heap corruption via a crafted Chrome Extension and UI interaction. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-4177 |
CVE-2022-4178 | Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-4178 |
CVE-2022-4179 | Use after free in Audio in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-4179 |
CVE-2022-4180 | Use after free in Mojo in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-4180 |
CVE-2022-4181 | Use after free in Forms in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-4181 |
CVE-2022-4190 | Insufficient data validation in Directory in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Medium) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-4190 |
CVE-2022-4191 | Use after free in Sign-In in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via profile destruction. (Chromium security severity: Medium) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-4191 |
CVE-2022-4192 | Use after free in Live Caption in Google Chrome prior to 108.0.5359.71 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via UI interaction. (Chromium security severity: Medium) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-4192 |
CVE-2022-4193 | Insufficient policy enforcement in File System API in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Medium) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-4193 |
CVE-2022-4194 | Use after free in Accessibility in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-4194 |
CVE-2022-4436 | Use after free in Blink Media in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-4436 |
CVE-2022-4437 | Use after free in Mojo IPC in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-4437 |
CVE-2022-4438 | Use after free in Blink Frames in Google Chrome prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-4438 |
CVE-2022-4439 | Use after free in Aura in Google Chrome on Windows prior to 108.0.5359.124 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via specific UI interactions. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-4439 |
CVE-2022-4440 | Use after free in Profiles in Google Chrome prior to 108.0.5359.124 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-4440 |
CVE-2022-46871 | An out of date library (libusrsctp) contained vulnerabilities that could potentially be exploited. This vulnerability affects Firefox < 108. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-46871 |
CVE-2022-46873 | Because Firefox did not implement the <code>unsafe-hashes</code> CSP directive, an attacker who was able to inject markup into a page otherwise protected by a Content Security Policy may have been able to inject executable script. This would be severely constrained by the specified Content Security Policy of the document. This vulnerability affects Firefox < 108. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-46873 |
CVE-2022-46874 | A file with a long filename could have had its filename truncated to remove the valid extension, leaving a malicious extension in its place. This could potentially led to user confusion and the execution of malicious code.<br/>*Note*: This issue was originally included in the advisories for Thunderbird 102.6, but a patch (specific to Thunderbird) was omitted, resulting in it actually being fixed in Thunderbird 102.6.1. This vulnerability affects Firefox < 108, Thunderbird < 102.6.1, Thunderbird < 102.6, and Firefox ESR < 102.6. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-46874 |
CVE-2022-46878 | Mozilla developers Randell Jesup, Valentin Gosu, Olli Pettay, and the Mozilla Fuzzing Team reported memory safety bugs present in Thunderbird 102.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 108, Firefox ESR < 102.6, and Thunderbird < 102.6. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-46878 |
CVE-2022-46879 | Mozilla developers and community members Lukas Bernhard, Gabriele Svelto, Randell Jesup, and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 107. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 108. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-46879 |
CVE-2022-46881 | An optimization in WebGL was incorrect in some cases, and could have led to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 106, Firefox ESR < 102.6, and Thunderbird < 102.6. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-46881 |
CVE-2022-2196 | A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines or IBPB after running L2 due to KVM (L0) advertising eIBRS support to L1. An attacker at L2 with code execution can execute code on an indirect branch on the host machine. We recommend upgrading to Kernel 6.2 or past commit 2e7eab81425a\n | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-2196 |
CVE-2023-0128 | Use after free in Overview Mode in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0128 |
CVE-2023-0129 | Heap buffer overflow in Network Service in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page and specific interactions. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0129 |
CVE-2023-0134 | Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: Medium) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0134 |
CVE-2023-0135 | Use after free in Cart in Google Chrome prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via database corruption and a crafted HTML page. (Chromium security severity: Medium) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0135 |
CVE-2023-0136 | Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to execute incorrect security UI via a crafted HTML page. (Chromium security severity: Medium) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0136 |
CVE-2023-0137 | Heap buffer overflow in Platform Apps in Google Chrome on Chrome OS prior to 109.0.5414.74 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0137 |
CVE-2023-0138 | Heap buffer overflow in libphonenumber in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0138 |
CVE-2023-0698 | Out of bounds read in WebRTC in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0698 |
CVE-2022-47648 | An Improper Access Control vulnerability allows an attacker to access the control panel of the B420 without requiring any sort of authorization or authentication due to the IP based authorization. If an authorized user has accessed a publicly available B420 product using valid credentials, an insider attacker can gain access to the same panel without requiring any sort of authorization. The B420 module was already obsolete at the time this vulnerability was found (The End of Life announcement was made in 2013). | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-47648 |
CVE-2022-3294 | Users may have access to secure endpoints in the control plane network. Kubernetes clusters are only affected if an untrusted user can modify Node objects and send proxy requests to them. Kubernetes supports node proxying, which allows clients of kube-apiserver to access endpoints of a Kubelet to establish connections to Pods, retrieve container logs, and more. While Kubernetes already validates the proxying address for Nodes, a bug in kube-apiserver made it possible to bypass this validation. Bypassing this validation could allow authenticated requests destined for Nodes to to the API server's private network. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-3294 |
CVE-2023-25358 | A use-after-free vulnerability in WebCore::RenderLayer::addChild in WebKitGTK before 2.36.8 allows attackers to execute code remotely. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25358 |
CVE-2023-28205 | A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.3.1, iOS 16.4.1 and iPadOS 16.4.1, iOS 15.7.5 and iPadOS 15.7.5, Safari 16.4.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28205 |
CVE-2023-22614 | An issue was discovered in ChipsetSvcSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. There is insufficient input validation in BIOS Guard updates. An attacker can induce memory corruption in SMM by supplying malformed inputs to the BIOS Guard SMI handler. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22614 |
CVE-2023-24885 | Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24885 |
CVE-2023-28231 | DHCP Server Service Remote Code Execution Vulnerability | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28231 |
CVE-2023-28983 | An OS Command Injection vulnerability in gRPC Network Operations Interface (gNOI) server module of Juniper Networks Junos OS Evolved allows an authenticated, low privileged, network based attacker to inject shell commands and execute code. This issue affects Juniper Networks Junos OS Evolved 21.4 version 21.4R1-EVO and later versions prior to 22.1R1-EVO. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28983 |
CVE-2022-46302 | Broad access controls could allow site users to directly interact with the system Apache installation when providing the reverse proxy configurations for Tribe29's Checkmk <= 2.1.0p6, Checkmk <= 2.0.0p27, and all versions of Checkmk 1.6.0 (EOL) allowing an attacker to perform remote code execution with root privileges on the underlying host. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-46302 |
CVE-2023-27352 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos One Speaker 70.3-35220. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the SMB directory query command. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19845. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27352 |
CVE-2023-27355 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos One Speaker 70.3-35220. Authentication is not required to exploit this vulnerability. The specific flaw exists within the MPEG-TS parser. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19773. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27355 |
CVE-2023-2141 | An unsafe .NET object deserialization in DELMIA Apriso Release 2017 through Release 2022 could lead to post-authentication remote code execution.\n | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2141 |
CVE-2023-29578 | mp4v2 v2.0.0 was discovered to contain a heap buffer overflow via the mp4v2::impl::MP4StringProperty::~MP4StringProperty() function at src/mp4property.cpp. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29578 |
CVE-2023-30622 | Clusternet is a general-purpose system for controlling Kubernetes clusters across different environments. An issue in clusternet prior to version 0.15.2 can be leveraged to lead to a cluster-level privilege escalation. The clusternet has a deployment called `cluster-hub` inside the `clusternet-system` Kubernetes namespace, which runs on worker nodes randomly. The deployment has a service account called `clusternet-hub`, which has a cluster role called `clusternet:hub` via cluster role binding. The `clusternet:hub` cluster role has `"*" verbs of "*.*"` resources. Thus, if a malicious user can access the worker node which runs the clusternet, they can leverage the service account to do malicious actions to critical system resources. For example, the malicious user can leverage the service account to get ALL secrets in the entire cluster, resulting in cluster-level privilege escalation. Version 0.15.2 contains a fix for this issue. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30622 |
CVE-2023-26060 | An issue was discovered in Nokia NetAct before 22 FP2211. On the Working Set Manager page, users can create a Working Set with a name that has a client-side template injection payload. Input validation is missing during creation of the working set. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as Jsession-id, a CSRF token, and an Nxsrf token would be needed. The attack can realistically only be performed by an internal user. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26060 |
CVE-2023-27991 | The post-authentication command injection vulnerability in the CLI command of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow an authenticated attacker to execute some OS commands remotely. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27991 |
CVE-2023-0388 | The Random Text WordPress plugin through 0.3.0 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by any authenticated users, such as subscribers. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0388 |
CVE-2023-2250 | A flaw was found in the Open Cluster Management (OCM) when a user have access to the worker nodes which has the cluster-manager-registration-controller or cluster-manager deployments. A malicious user can take advantage of this and bind the cluster-admin to any service account or using the service account to list all secrets for all kubernetes namespaces, leading into a cluster-level privilege escalation. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2250 |
CVE-2023-2258 | Improper Neutralization of Formula Elements in a CSV File in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2258 |
CVE-2023-2260 | Improper Authorization of Index Containing Sensitive Information in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2260 |
CVE-2023-30623 | `embano1/wip` is a GitHub Action written in Bash. Prior to version 2, the `embano1/wip` action uses the `github.event.pull_request.title` parameter in an insecure way. The title parameter is used in a run statement - resulting in a command injection vulnerability due to string interpolation. This vulnerability can be triggered by any user on GitHub. They just need to create a pull request with a commit message containing an exploit. (Note that first-time PR requests will not be run - but the attacker can submit a valid PR before submitting an invalid PR). The commit can be genuine, but the commit message can be malicious. This can be used to execute code on the GitHub runners and can be used to exfiltrate any secrets used in the CI pipeline, including repository tokens. Version 2 has a fix for this issue. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30623 |
CVE-2023-30628 | Kiwi TCMS is an open source test management system. In kiwitcms/Kiwi v12.2 and prior and kiwitcms/enterprise v12.2 and prior,\nthe `changelog.yml` workflow is vulnerable to command injection attacks because of using an untrusted `github.head_ref` field. The `github.head_ref` value is an attacker-controlled value. Assigning the value to `zzz";echo${IFS}"hello";#` can lead to command injection. Since the permission is not restricted, the attacker has a write-access to the repository. Commit 834c86dfd1b2492ccad7ebbfd6304bfec895fed2 of the kiwitcms/Kiwi repository and commit e39f7e156fdaf6fec09a15ea6f4e8fec8cdbf751 of the kiwitcms/enterprise repository contain a fix for this issue. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30628 |
CVE-2022-40724 | The PingFederate Local Identity Profiles '/pf/idprofile.ping' endpoint is vulnerable to Cross-Site Request Forgery (CSRF) through crafted GET requests. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-40724 |
CVE-2023-30839 | PrestaShop is an Open Source e-commerce web application. Versions prior to 8.0.4 and 1.7.8.9 contain a SQL filtering vulnerability. A BO user can write, update, and delete in the database, even without having specific rights. PrestaShop 8.0.4 and 1.7.8.9 contain a patch for this issue. There are no known workarounds. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30839 |
CVE-2023-20872 | VMware Workstation and Fusion contain an out-of-bounds read/write vulnerability in SCSI CD/DVD device emulation. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-20872 |
CVE-2023-30266 | CLTPHP <=6.0 is vulnerable to Unrestricted Upload of File with Dangerous Type. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30266 |
CVE-2023-27107 | Incorrect access control in the runReport function of MyQ Solution Print Server before 8.2 Patch 32 and Central Server before 8.2 Patch 22 allows users who do not have appropriate access rights to generate internal reports using a direct URL. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27107 |
CVE-2023-24836 | SUNNET CTMS has vulnerability of path traversal within its file uploading function. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload and execute scripts onto arbitrary directories to perform arbitrary system operation or disrupt service. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24836 |
CVE-2023-2338 | SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.21. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2338 |
CVE-2023-30848 | Pimcore is an open source data and experience management platform. Prior to version 10.5.21, the admin search find API has a SQL injection vulnerability. Users should upgrade to version 10.5.21 to receive a patch or, as a workaround, apply the patch manually. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30848 |
CVE-2023-30849 | Pimcore is an open source data and experience management platform. Prior to version 10.5.21, A SQL injection vulnerability exists in the translation export API. Users should update to version 10.5.21 to receive a patch or, as a workaround, or apply the patch manually. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30849 |
CVE-2023-30850 | Pimcore is an open source data and experience management platform. Prior to version 10.5.21, a SQL Injection vulnerability exists in the admin translations API. Users should update to version 10.5.21 to receive a patch or, as a workaround, or apply the patch manually. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30850 |
CVE-2023-25437 | An issue was discovered in vTech VCS754 version 1.1.1.A before 1.1.1.H, allows attackers to gain escalated privileges and gain sensitive information due to cleartext passwords passed in the raw HTML. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25437 |
CVE-2023-28384 | mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28384 |
CVE-2023-28400 | mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28400 |
CVE-2023-28716 | mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28716 |
CVE-2023-29150 | mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29150 |
CVE-2023-29169 | mySCADA myPRO versions 8.26.0 and prior has parameters which an authenticated user could exploit to inject arbitrary operating system commands. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29169 |
CVE-2023-2373 | A vulnerability, which was classified as critical, was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. This affects an unknown part of the component Web Management Interface. The manipulation of the argument ecn-up leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227649 was assigned to this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2373 |
CVE-2023-1477 | Improper Authentication vulnerability in HYPR Keycloak Authenticator Extension allows Authentication Abuse.This issue affects HYPR Keycloak Authenticator Extension: before 7.10.2, before 8.0.3.\n\n | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1477 |
CVE-2023-29815 | mccms v2.6.3 is vulnerable to Cross Site Request Forgery (CSRF). | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29815 |
CVE-2023-2374 | A vulnerability has been found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6 and classified as critical. This vulnerability affects unknown code of the component Web Management Interface. The manipulation of the argument ecn-down leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-227650 is the identifier assigned to this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2374 |
CVE-2023-2375 | A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6 and classified as critical. This issue affects some unknown processing of the component Web Management Interface. The manipulation of the argument src leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227651. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2375 |
CVE-2023-2376 | A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. It has been classified as critical. Affected is an unknown function of the component Web Management Interface. The manipulation of the argument dpi leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227652. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2376 |
CVE-2023-2377 | A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Web Management Interface. The manipulation of the argument name leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227653 was assigned to this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2377 |
CVE-2023-2378 | A vulnerability was found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. It has been rated as critical. Affected by this issue is some unknown functionality of the component Web Management Interface. The manipulation of the argument suffix-rate-up leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-227654 is the identifier assigned to this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2378 |
CVE-2023-30854 | AVideo is an open source video platform. Prior to version 12.4, an OS Command Injection vulnerability in an authenticated endpoint `/plugin/CloneSite/cloneClient.json.php` allows attackers to achieve Remote Code Execution. This issue is fixed in version 12.4. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30854 |
CVE-2023-24269 | An arbitrary file upload vulnerability in the plugin upload function of Textpattern v4.8.8 allows attackers to execute arbitrary code via a crafted Zip file. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24269 |
CVE-2023-2424 | A vulnerability was found in DedeCMS 5.7.106 and classified as critical. Affected by this issue is the function UpDateMemberModCache of the file uploads/dede/config.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-227750 is the identifier assigned to this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2424 |
CVE-2023-0896 | A default password was reported in Lenovo Smart Clock Essential with Alexa Built In that could allow unauthorized device access to an attacker with local network access. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0896 |
CVE-2023-22919 | The post-authentication command injection vulnerability in the Zyxel NBG6604 firmware version V1.01(ABIR.0)C0 could allow an authenticated attacker to execute some OS commands remotely by sending a crafted HTTP request. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22919 |
CVE-2023-1196 | The Advanced Custom Fields (ACF) Free and Pro WordPress plugins 6.x before 6.1.0 and 5.x before 5.12.5 unserialize user controllable data, which could allow users with a role of Contributor and above to perform PHP Object Injection when a suitable gadget is present. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1196 |
CVE-2023-31433 | A SQL injection issue in Logbuch in evasys before 8.2 Build 2286 and 9.x before 9.0 Build 2401 allows authenticated attackers to execute SQL statements via the welche parameter. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-31433 |
CVE-2023-2461 | Use after free in OS Inputs in Google Chrome on ChromeOS prior to 113.0.5672.63 allowed a remote attacker who convinced a user to enage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: Medium) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2461 |
CVE-2023-22691 | Cross-Site Request Forgery (CSRF) vulnerability in Tips and Tricks HQ, Ruhul Amin Category Specific RSS feed Subscription plugin <= v2.1 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22691 |
CVE-2023-23790 | Cross-Site Request Forgery (CSRF) vulnerability in Pods Framework Team Pods – Custom Content Types and Fields plugin <= 2.9.10.2 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23790 |
CVE-2022-3405 | Code execution and sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-3405 |
CVE-2023-25967 | Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Community by PeepSo plugin <= 6.0.2.0 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25967 |
CVE-2023-2182 | An issue has been discovered in GitLab EE affecting all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Under certain conditions when OpenID Connect is enabled on an instance, it may allow users who are marked as 'external' to become 'regular' users thus leading to privilege escalation for those users. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2182 |
CVE-2023-24947 | Windows Bluetooth Driver Remote Code Execution Vulnerability | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24947 |
CVE-2021-23166 | A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read and write local files on the server. | 8.7 | https://nvd.nist.gov/vuln/detail/CVE-2021-23166 |
CVE-2021-23186 | A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to access and modify database contents of other tenants, in a multi-tenant system. | 8.7 | https://nvd.nist.gov/vuln/detail/CVE-2021-23186 |
CVE-2022-46872 | An attacker who compromised a content process could have partially escaped the sandbox to read arbitrary files via clipboard-related IPC messages.<br>*This bug only affects Thunderbird for Linux. Other operating systems are unaffected.*. This vulnerability affects Firefox < 108, Firefox ESR < 102.6, and Thunderbird < 102.6. | 8.6 | https://nvd.nist.gov/vuln/detail/CVE-2022-46872 |
CVE-2023-28206 | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.6.5, iOS 16.4.1 and iPadOS 16.4.1, iOS 15.7.5 and iPadOS 15.7.5, macOS Big Sur 11.7.6, macOS Ventura 13.3.1. An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. | 8.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-28206 |
CVE-2022-41739 | \nIBM Spectrum Scale (IBM Spectrum Scale Container Native Storage Access 5.1.2.1 through 5.1.6.0) could allow programs running inside the container to overcome isolation mechanism and gain additional capabilities or access sensitive information on the host. IBM X-Force ID: 237815.\n\n | 8.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-41739 |
CVE-2022-44708 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. | 8.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-44708 |
CVE-2023-21775 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | 8.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-21775 |
CVE-2023-21795 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | 8.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-21795 |
CVE-2023-21796 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | 8.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-21796 |
CVE-2018-16557 | A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416-2 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416F-2 DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 417-4 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions < V7.0.3), SIMATIC S7-400 H V4.5 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.9), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions < V8.2.1), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 V7 (All versions), SIPLUS S7-400 CPU 417-4 V7 (All versions). Sending of specially crafted packets to port 102/tcp via Ethernet interface\r\nvia PROFIBUS or Multi Point Interfaces (MPI) could cause a denial of service\r\ncondition on affected devices. Flashing with a firmware image may be required\r\nto recover the CPU.\r\n\r\nSuccessful exploitation requires an attacker to have network access to port\r\n102/tcp via Ethernet interface or to be able to send messages via PROFIBUS or\r\nMulti Point Interfaces (MPI) to the device. No user interaction is required.\r\nIf no access protection is configured, no privileges are required to exploit\r\nthe security vulnerability. The vulnerability could allow causing a\r\ndenial of service condition of the core functionality of the CPU,\r\ncompromising the availability of the system. | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2018-16557 |
CVE-2023-24892 | Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-24892 |
CVE-2023-20869 | VMware Workstation (17.x) and VMware Fusion (13.x) contain a stack-based buffer-overflow vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-20869 |
CVE-2023-30847 | H2O is an HTTP server. In versions 2.3.0-beta2 and prior, when the reverse proxy handler tries to processes a certain type of invalid HTTP request, it tries to build an upstream URL by reading from uninitialized pointer. This behavior can lead to crashes or leak of information to back end HTTP servers. Pull request number 3229 fixes the issue. The pull request has been merged to the `master` branch in commit f010336. Users should upgrade to commit f010336 or later. | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-30847 |
CVE-2019-7578 | SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in InitIMA_ADPCM in audio/SDL_wave.c. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-7578 |
CVE-2019-7635 | SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in Blit1to4 in video/SDL_blit_1.c. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-7635 |
CVE-2019-7636 | SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in SDL_GetRGB in video/SDL_pixels.c. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-7636 |
CVE-2019-13616 | SDL (Simple DirectMedia Layer) through 1.2.15 and 2.x through 2.0.9 has a heap-based buffer over-read in BlitNtoN in video/SDL_blit_N.c when called from SDL_SoftBlit in video/SDL_blit.c. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-13616 |
CVE-2023-24999 | HashiCorp Vault and Vault Enterprise’s approle auth method allowed any authenticated user with access to an approle destroy endpoint to destroy the secret ID of any other role by providing the secret ID accessor. This vulnerability is fixed in Vault 1.13.0, 1.12.4, 1.11.8, 1.10.11 and above. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-24999 |
CVE-2023-26067 | Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 1 of 4). | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-26067 |
CVE-2023-29019 | @fastify/passport is a port of passport authentication library for the Fastify ecosystem. Applications using `@fastify/passport` in affected versions for user authentication, in combination with `@fastify/session` as the underlying session management mechanism, are vulnerable to session fixation attacks from network and same-site attackers. fastify applications rely on the `@fastify/passport` library for user authentication. The login and user validation are performed by the `authenticate` function. When executing this function, the `sessionId` is preserved between the pre-login and the authenticated session. Network and same-site attackers can hijack the victim's session by tossing a valid `sessionId` cookie in the victim's browser and waiting for the victim to log in on the website. As a solution, newer versions of `@fastify/passport` regenerate `sessionId` upon login, preventing the attacker-controlled pre-session cookie from being upgraded to an authenticated session. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-29019 |
CVE-2023-22913 | A post-authentication command injection vulnerability in the “account_operator.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote authenticated attacker to modify device configuration data, resulting in denial-of-service (DoS) conditions on an affected device. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-22913 |
CVE-2023-22916 | The configuration parser of Zyxel ATP series firmware versions 5.10 through 5.35, USG FLEX series firmware versions 5.00 through 5.35, USG FLEX 50(W) firmware versions 5.10 through 5.35, USG20(W)-VPN firmware versions 5.10 through 5.35, and VPN series firmware versions 5.00 through 5.35, which fails to properly sanitize user input. A remote unauthenticated attacker could leverage the vulnerability to modify device configuration data, resulting in DoS conditions on an affected device if the attacker could trick an authorized administrator to switch the management mode to the cloud mode. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-22916 |
CVE-2023-30626 | Jellyfin is a free-software media system. Versions starting with 10.8.0 and prior to 10.8.10 and prior have a directory traversal vulnerability inside the `ClientLogController`, specifically `/ClientLog/Document`. When combined with a cross-site scripting vulnerability (CVE-2023-30627), this can result in file write and arbitrary code execution. Version 10.8.10 has a patch for this issue. There are no known workarounds. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-30626 |
CVE-2021-45111 | Improper access control in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows remote authenticated users to trigger the creation of demonstration data, including user accounts with known credentials. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-45111 |
CVE-2023-30269 | CLTPHP <=6.0 is vulnerable to Improper Input Validation via application/admin/controller/Template.php. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-30269 |
CVE-2023-26567 | Sangoma FreePBX 1805 through 2302 (when obtained as a ,.ISO file) places AMPDBUSER, AMPDBPASS, AMPMGRUSER, and AMPMGRPASS in the list of global variables. This exposes cleartext authentication credentials for the Asterisk Database (MariaDB/MySQL) and Asterisk Manager Interface. For example, an attacker can make a /ari/asterisk/variable?variable=AMPDBPASS API call. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-26567 |
CVE-2023-28008 | HCL Workload Automation 9.4, 9.5, and 10.1 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.\n | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-28008 |
CVE-2023-28009 | HCL Workload Automation is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources.\n | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-28009 |
CVE-2023-2297 | The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 3.9.0. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function (wppb_front_end_password_recovery). The function uses the plaintext value of a password reset key instead of a hashed value which means it can easily be retrieved and subsequently used. An attacker can leverage CVE-2023-0814, or another vulnerability like SQL Injection in another plugin or theme installed on the site to successfully exploit this vulnerability. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-2297 |
CVE-2023-21712 | Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-21712 |
CVE-2023-28261 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-28261 |
CVE-2023-31484 | CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-31484 |
CVE-2023-31486 | HTTP::Tiny 0.082, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-31486 |
CVE-2023-28656 | \nNGINX Management Suite may allow an authenticated attacker to gain access to configuration objects outside of their assigned environment. \n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\n\n\n\n | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-28656 |
CVE-2023-0805 | An issue has been discovered in GitLab EE affecting all versions starting from 15.2 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. A malicious group member may continue to have access to the public projects of a public group even after being banned from the public group by the owner. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-0805 |
CVE-2023-24903 | Windows Secure Socket Tunneling Protocol (SSTP) Remote Code Execution Vulnerability | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-24903 |
CVE-2023-28283 | Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-28283 |
CVE-2023-29325 | Windows OLE Remote Code Execution Vulnerability | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-29325 |
CVE-2023-0756 | An issue has been discovered in GitLab affecting all versions before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. The main branch of a repository with a specially crafted name allows an attacker to create repositories with malicious code, victims who clone or download these repositories will execute arbitrary code on their systems. | 8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0756 |
CVE-2020-35492 | A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's image-compositor (for example, by convincing a user to open a file in an application using cairo, or if an application uses cairo on untrusted input) to cause a stack buffer overflow -> out-of-bounds WRITE. The highest impact from this vulnerability is to confidentiality, integrity, as well as system availability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-35492 |
CVE-2021-27452 | The software contains a hard-coded password that could allow an attacker to take control of the merging unit using these hard-coded credentials on the MU320E (all firmware versions prior to v04A00.1). | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-27452 |
CVE-2021-32271 | An issue was discovered in gpac through 20200801. A stack-buffer-overflow exists in the function DumpRawUIConfig located in odf_dump.c. It allows an attacker to cause code Execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-32271 |
CVE-2022-1154 | Use after free in utf_ptr2char in GitHub repository vim/vim prior to 8.2.4646. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-1154 |
CVE-2022-1160 | heap buffer overflow in get_one_sourceline in GitHub repository vim/vim prior to 8.2.4647. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-1160 |
CVE-2022-1381 | global heap buffer overflow in skip_range in GitHub repository vim/vim prior to 8.2.4763. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-1381 |
CVE-2022-1616 | Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-1616 |
CVE-2022-1619 | Heap-based Buffer Overflow in function cmdline_erase_chars in GitHub repository vim/vim prior to 8.2.4899. This vulnerabilities are capable of crashing software, modify memory, and possible remote execution | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-1619 |
CVE-2022-1621 | Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4919. This vulnerability is capable of crashing software, Bypass Protection Mechanism, Modify Memory, and possible remote execution | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-1621 |
CVE-2022-1629 | Buffer Over-read in function find_next_quote in GitHub repository vim/vim prior to 8.2.4925. This vulnerabilities are capable of crashing software, Modify Memory, and possible remote execution | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-1629 |
CVE-2022-1733 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2.4968. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-1733 |
CVE-2022-1769 | Buffer Over-read in GitHub repository vim/vim prior to 8.2.4974. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-1769 |
CVE-2022-1735 | Classic Buffer Overflow in GitHub repository vim/vim prior to 8.2.4969. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-1735 |
CVE-2022-1785 | Out-of-bounds Write in GitHub repository vim/vim prior to 8.2.4977. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-1785 |
CVE-2022-1796 | Use After Free in GitHub repository vim/vim prior to 8.2.4979. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-1796 |
CVE-2022-1851 | Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-1851 |
CVE-2022-1886 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-1886 |
CVE-2022-1898 | Use After Free in GitHub repository vim/vim prior to 8.2. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-1898 |
CVE-2022-1897 | Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-1897 |
CVE-2022-1927 | Buffer Over-read in GitHub repository vim/vim prior to 8.2. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-1927 |
CVE-2022-1942 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-1942 |
CVE-2022-1968 | Use After Free in GitHub repository vim/vim prior to 8.2. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-1968 |
CVE-2022-2000 | Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-2000 |
CVE-2022-31214 | A Privilege Context Switching issue was discovered in join.c in Firejail 0.9.68. By crafting a bogus Firejail container that is accepted by the Firejail setuid-root program as a join target, a local attacker can enter an environment in which the Linux user namespace is still the initial user namespace, the NO_NEW_PRIVS prctl is not activated, and the entered mount namespace is under the attacker's control. In this way, the filesystem layout can be adjusted to gain root privileges through execution of available setuid-root binaries such as su or sudo. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-31214 |
CVE-2022-2042 | Use After Free in GitHub repository vim/vim prior to 8.2. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-2042 |
CVE-2022-2124 | Buffer Over-read in GitHub repository vim/vim prior to 8.2. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-2124 |
CVE-2022-2125 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-2125 |
CVE-2022-2126 | Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-2126 |
CVE-2022-2129 | Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-2129 |
CVE-2022-1720 | Buffer Over-read in function grab_file_name in GitHub repository vim/vim prior to 8.2.4956. This vulnerability is capable of crashing the software, memory modification, and possible remote execution. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-1720 |
CVE-2022-2175 | Buffer Over-read in GitHub repository vim/vim prior to 8.2. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-2175 |
CVE-2022-2182 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-2182 |
CVE-2022-2183 | Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-2183 |
CVE-2022-2206 | Out-of-bounds Read in GitHub repository vim/vim prior to 8.2. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-2206 |
CVE-2022-2207 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 8.2. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-2207 |
CVE-2022-2210 | Out-of-bounds Write in GitHub repository vim/vim prior to 8.2. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-2210 |
CVE-2022-2257 | Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-2257 |
CVE-2022-2264 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-2264 |
CVE-2022-2284 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-2284 |
CVE-2022-2285 | Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-2285 |
CVE-2022-2286 | Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-2286 |
CVE-2022-2288 | Out-of-bounds Write in GitHub repository vim/vim prior to 9.0. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-2288 |
CVE-2022-2289 | Use After Free in GitHub repository vim/vim prior to 9.0. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-2289 |
CVE-2022-2304 | Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-2304 |
CVE-2022-2343 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0044. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-2343 |
CVE-2022-2344 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0045. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-2344 |
CVE-2022-2345 | Use After Free in GitHub repository vim/vim prior to 9.0.0046. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-2345 |
CVE-2022-2522 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0061. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-2522 |
CVE-2022-2819 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0211. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-2819 |
CVE-2022-2816 | Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.0212. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-2816 |
CVE-2022-2817 | Use After Free in GitHub repository vim/vim prior to 9.0.0213. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-2817 |
CVE-2022-2845 | Buffer Over-read in GitHub repository vim/vim prior to 9.0.0218. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-2845 |
CVE-2022-2849 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0220. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-2849 |
CVE-2022-2862 | Use After Free in GitHub repository vim/vim prior to 9.0.0221. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-2862 |
CVE-2022-21229 | Improper buffer restrictions for some Intel(R) NUC 9 Extreme Laptop Kit drivers before version 2.2.0.22 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-21229 |
CVE-2022-2889 | Use After Free in GitHub repository vim/vim prior to 9.0.0225. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-2889 |
CVE-2022-2946 | Use After Free in GitHub repository vim/vim prior to 9.0.0246. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-2946 |
CVE-2022-2982 | Use After Free in GitHub repository vim/vim prior to 9.0.0260. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-2982 |
CVE-2022-3016 | Use After Free in GitHub repository vim/vim prior to 9.0.0286. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-3016 |
CVE-2022-3099 | Use After Free in GitHub repository vim/vim prior to 9.0.0360. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-3099 |
CVE-2022-3134 | Use After Free in GitHub repository vim/vim prior to 9.0.0389. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-3134 |
CVE-2022-38530 | GPAC v2.1-DEV-rev232-gfcaa01ebb-master was discovered to contain a stack overflow when processing ISOM_IOD. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-38530 |
CVE-2022-3234 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0483. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-3234 |
CVE-2022-3235 | Use After Free in GitHub repository vim/vim prior to 9.0.0490. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-3235 |
CVE-2022-3256 | Use After Free in GitHub repository vim/vim prior to 9.0.0530. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-3256 |
CVE-2022-3296 | Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0577. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-3296 |
CVE-2022-3297 | Use After Free in GitHub repository vim/vim prior to 9.0.0579. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-3297 |
CVE-2022-3324 | Stack-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0598. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-3324 |
CVE-2022-3352 | Use After Free in GitHub repository vim/vim prior to 9.0.0614. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-3352 |
CVE-2022-3545 | A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211045 was assigned to this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-3545 |
CVE-2022-43040 | GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap buffer overflow via the function gf_isom_box_dump_start_ex at /isomedia/box_funcs.c. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-43040 |
CVE-2022-43042 | GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a heap buffer overflow via the function FixSDTPInTRAF at isomedia/isom_intern.c. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-43042 |
CVE-2022-42919 | Python 3.9.x before 3.9.16 and 3.10.x before 3.10.9 on Linux allows local privilege escalation in a non-default configuration. The Python multiprocessing library, when used with the forkserver start method on Linux, allows pickles to be deserialized from any user in the same machine local network namespace, which in many system configurations means any user on the same machine. Pickles can execute arbitrary code. Thus, this allows for local user privilege escalation to the user that any forkserver process is running as. Setting multiprocessing.util.abstract_sockets_supported to False is a workaround. The forkserver start method for multiprocessing is not the default start method. This issue is Linux specific because only Linux supports abstract namespace sockets. CPython before 3.9 does not make use of Linux abstract namespace sockets by default. Support for users manually specifying an abstract namespace socket was added as a bugfix in 3.7.8 and 3.8.3, but users would need to make specific uncommon API calls in order to do that in CPython before 3.9. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-42919 |
CVE-2022-41104 | Microsoft Excel Security Feature Bypass Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-41104 |
CVE-2022-41120 | Microsoft Windows System Monitor (Sysmon) Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-41120 |
CVE-2022-4141 | Heap based buffer overflow in vim/vim 9.0.0946 and below by allowing an attacker to CTRL-W gf in the expression used in the RHS of the substitute command. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-4141 |
CVE-2022-45934 | An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-45934 |
CVE-2022-45202 | GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a stack overflow via the function dimC_box_read at isomedia/box_code_3gpp.c. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-45202 |
CVE-2022-45343 | GPAC v2.1-DEV-rev478-g696e6f868-master was discovered to contain a heap use-after-free via the Q_IsTypeOn function at /gpac/src/bifs/unquantize.c. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-45343 |
CVE-2022-3591 | Use After Free in GitHub repository vim/vim prior to 9.0.0789. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-3591 |
CVE-2022-3491 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0742. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-3491 |
CVE-2022-4292 | Use After Free in GitHub repository vim/vim prior to 9.0.0882. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-4292 |
CVE-2023-0049 | Out-of-bounds Read in GitHub repository vim/vim prior to 9.0.1143. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0049 |
CVE-2023-0051 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1144. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0051 |
CVE-2023-0054 | Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1145. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0054 |
CVE-2022-47087 | GPAC MP4box 2.1-DEV-rev574-g9d5bb184b has a Buffer overflow in gf_vvc_read_pps_bs_internal function of media_tools/av_parsers.c | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-47087 |
CVE-2022-47088 | GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-47088 |
CVE-2022-47089 | GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow via gf_vvc_read_sps_bs_internal function of media_tools/av_parsers.c | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-47089 |
CVE-2022-47091 | GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer Overflow in gf_text_process_sub function of filters/load_text.c | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-47091 |
CVE-2022-47093 | GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to heap use-after-free via filters/dmx_m2ts.c:470 in m2tsdmx_declare_pid | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-47093 |
CVE-2022-47094 | GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Null pointer dereference via filters/dmx_m2ts.c:343 in m2tsdmx_declare_pid | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-47094 |
CVE-2022-47095 | GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is vulnerable to Buffer overflow in hevc_parse_vps_extension function of media_tools/av_parsers.c | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-47095 |
CVE-2022-47653 | GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer Overflow in eac3_update_channels function of media_tools/av_parsers.c:9113 | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-47653 |
CVE-2022-47654 | GPAC MP4box 2.1-DEV-rev593-g007bf61a0 is vulnerable to Buffer Overflow in gf_hevc_read_sps_bs_internal function of media_tools/av_parsers.c:8261 | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-47654 |
CVE-2022-47656 | GPAC MP4box 2.1-DEV-rev617-g85ce76efd is vulnerable to Buffer Overflow in gf_hevc_read_sps_bs_internal function of media_tools/av_parsers.c:8273 | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-47656 |
CVE-2022-47657 | GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to buffer overflow in function hevc_parse_vps_extension of media_tools/av_parsers.c:7662 | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-47657 |
CVE-2022-47658 | GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to buffer overflow in function gf_hevc_read_vps_bs_internal of media_tools/av_parsers.c:8039 | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-47658 |
CVE-2022-47659 | GPAC MP4box 2.1-DEV-rev644-g5c4df2a67 is vulnerable to Buffer Overflow in gf_bs_read_data | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-47659 |
CVE-2022-47660 | GPAC MP4Box 2.1-DEV-rev644-g5c4df2a67 is has an integer overflow in isomedia/isom_write.c | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-47660 |
CVE-2022-47661 | GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 is vulnerable to Buffer Overflow via media_tools/av_parsers.c:4988 in gf_media_nalu_add_emulation_bytes | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-47661 |
CVE-2022-47663 | GPAC MP4box 2.1-DEV-rev649-ga8f438d20 is vulnerable to buffer overflow in h263dmx_process filters/reframe_h263.c:609 | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-47663 |
CVE-2023-21738 | Microsoft Office Visio Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21738 |
CVE-2023-23559 | In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23559 |
CVE-2023-22809 | In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22809 |
CVE-2022-47024 | A null pointer dereference issue was discovered in function gui_x11_create_blank_mouse in gui_x11.c in vim 8.1.2269 thru 9.0.0339 allows attackers to cause denial of service or other unspecified impacts. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-47024 |
CVE-2020-36657 | uptimed before 0.4.6-r1 on Gentoo allows local users (with access to the uptimed user account) to gain root privileges by creating a hard link within the /var/spool/uptimed directory, because there is an unsafe chown -R call. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-36657 |
CVE-2023-0266 | A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0266 |
CVE-2023-0760 | Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to V2.1.0-DEV. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0760 |
CVE-2023-0461 | There is a use-after-free vulnerability in the Linux Kernel which can be exploited to achieve local privilege escalation. To reach the vulnerability kernel configuration flag CONFIG_TLS or CONFIG_XFRM_ESPINTCP has to be configured, but the operation does not require any privilege.\n\nThere is a use-after-free bug of icsk_ulp_data of a struct inet_connection_sock.\n\nWhen CONFIG_TLS is enabled, user can install a tls context (struct tls_context) on a connected tcp socket. The context is not cleared if this socket is disconnected and reused as a listener. If a new socket is created from the listener, the context is inherited and vulnerable.\n\nThe setsockopt TCP_ULP operation does not require any privilege.\n\nWe recommend upgrading past commit 2c02d41d71f90a5168391b6a5f2954112ba2307c | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0461 |
CVE-2023-1118 | A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1118 |
CVE-2023-26604 | systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo, because less executes as root when the terminal size is too small to show the complete systemctl output. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26604 |
CVE-2022-3424 | A use-after-free flaw was found in the Linux kernel’s SGI GRU driver in the way the first gru_file_unlocked_ioctl function is called by the user, where a fail pass occurs in the gru_check_chiplet_assignment function. This flaw allows a local user to crash or potentially escalate their privileges on the system. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-3424 |
CVE-2022-20929 | A vulnerability in the upgrade signature verification of Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an unauthenticated, local attacker to provide an unauthentic upgrade file for upload.\r\n This vulnerability is due to insufficient cryptographic signature verification of upgrade files. An attacker could exploit this vulnerability by providing an administrator with an unauthentic upgrade file. A successful exploit could allow the attacker to fully compromise the Cisco NFVIS system. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-20929 |
CVE-2022-48423 | In the Linux kernel before 6.1.3, fs/ntfs3/record.c does not validate resident attribute names. An out-of-bounds write may occur. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-48423 |
CVE-2022-48424 | In the Linux kernel before 6.1.3, fs/ntfs3/inode.c does not validate the attribute name offset. An unhandled page fault may occur. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-48424 |
CVE-2023-1281 | Use After Free vulnerability in Linux kernel traffic control index filter (tcindex) allows Privilege Escalation. The imperfect hash area can be updated while packets are traversing, which will cause a use-after-free when 'tcf_exts_exec()' is called with the destroyed tcf_ext. A local attacker user can use this vulnerability to elevate its privileges to root.\nThis issue affects Linux Kernel: from 4.14 before git commit ee059170b1f7e94e55fa6cadee544e176a6e59c2.\n\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1281 |
CVE-2023-20065 | A vulnerability in the Cisco IOx application hosting subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to root on an affected device. \r\n\r This vulnerability is due to insufficient restrictions on the hosted application. An attacker could exploit this vulnerability by logging in to and then escaping the Cisco IOx application container. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-20065 |
CVE-2023-1252 | A use-after-free flaw was found in the Linux kernel’s Ext4 File System in how a user triggers several file operations simultaneously with the overlay FS usage. This flaw allows a local user to crash or potentially escalate their privileges on the system. Only if patch 9a2544037600 ("ovl: fix use after free in struct ovl_aio_req") not applied yet, the kernel could be affected. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1252 |
CVE-2023-1077 | In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1077 |
CVE-2023-1078 | A flaw was found in the Linux Kernel in RDS (Reliable Datagram Sockets) protocol. The rds_rm_zerocopy_callback() uses list_entry() on the head of a list causing a type confusion. Local user can trigger this with rds_message_put(). Type confusion leads to `struct rds_msg_zcopy_info *info` actually points to something else that is potentially controlled by local user. It is known how to trigger this, which causes an out of bounds access, and a lock corruption. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1078 |
CVE-2022-4744 | A double-free flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). This flaw allows a local user to crash or potentially escalate their privileges on the system. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-4744 |
CVE-2023-1670 | A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-card) Ethernet driver was found.A local user could use this flaw to crash the system or potentially escalate their privileges on the system. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1670 |
CVE-2023-1829 | A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation. The tcindex_delete function which does not properly deactivate filters in case of a perfect hashes while deleting the underlying structure which can later lead to double freeing the structure. A local attacker user can use this vulnerability to elevate its privileges to root.\nWe recommend upgrading past commit 8c710f75256bb3cf05ac7b1672c82b92c43f3d28.\n\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1829 |
CVE-2021-33971 | Qihoo 360 (https://www.360.cn/) Qihoo 360 Safeguard (https://www.360.cn/) Qihoo 360 Total Security (http://www.360totalsecurity.com/) is affected by: Buffer Overflow. The impact is: execute arbitrary code (local). The component is: This is a set of vulnerabilities affecting popular software, "360 Safeguard(12.1.0.1004,12.1.0.1005,13.1.0.1001)" , "360 Total Security(10.8.0.1060,10.8.0.1213)", "360 Safe Browser & 360 Chrome(13.0.2170.0)". The attack vector is: On the browser vulnerability, just open a link to complete the vulnerability exploitation remotely; on the client software, you need to locally execute the vulnerability exploitation program, which of course can be achieved with the full chain of browser vulnerability. ¶¶ This is a set of the most serious vulnerabilities that exist on Qihoo 360's PC client a variety of popular software, remote vulnerabilities can be completed by opening a link to arbitrary code execution on both security browsers, with the use of local vulnerabilities, not only help the vulnerability code constitutes an escalation of privileges, er can make the spyware persistent without being scanned permanently resides on the target PC computer (because local vulnerability against Qihoo 360 company's antivirus kernel flaws); this group of remote and local vulnerability of the perfect match, to achieve an information security fallacy, in Qihoo 360's antivirus vulnerability, not only can not be scanned out of the virus, but will help the virus persistently control the target computer, while Qihoo 360 claims to be a safe browser, which exists in the kernel vulnerability but helped the composition of the remote vulnerability. (Security expert "Memory Corruptor" have reported this set of vulnerabilities to the corresponding vendor, all vulnerabilities have been fixed and the vendor rewarded thousands of dollars to the security experts) | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-33971 |
CVE-2023-2257 | Authentication Bypass in Hub Business integration in Devolutions Workspace Desktop 2023.1.1.3 and earlier on Windows and macOS allows an attacker with access to the user interface to unlock a Hub \nBusiness space without being prompted to enter the password via an \nunimplemented "Force Login" security feature.\n\nThis vulnerability occurs only if "Force Login" feature is enabled on the Hub Business instance and that an attacker has access to a locked Workspace desktop application configured with a Hub Business space.\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2257 |
CVE-2023-2007 | The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2007 |
CVE-2023-26098 | An issue was discovered in the Open Document feature in Telindus Apsal 3.14.2022.235 b. An attacker may upload a crafted file to execute arbitrary code. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26098 |
CVE-2022-42335 | x86 shadow paging arbitrary pointer dereference In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP) is unavailable, Xen will run guests in so called shadow mode. Due to too lax a check in one of the hypervisor routines used for shadow page handling it is possible for a guest with a PCI device passed through to cause the hypervisor to access an arbitrary pointer partially under guest control. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-42335 |
CVE-2022-31244 | Nokia OneNDS 17r2 has Insecure Permissions vulnerability that allows for privilege escalation. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-31244 |
CVE-2023-28088 | An HPE OneView appliance dump may expose SAN switch administrative credentials | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28088 |
CVE-2023-20871 | VMware Fusion contains a local privilege escalation vulnerability. A malicious actor with read/write access to the host operating system can elevate privileges to gain root access to the host operating system. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-20871 |
CVE-2023-29007 | Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted `.gitmodules` file with submodule URLs that are longer than 1024 characters can used to exploit a bug in `config.c::git_config_copy_or_rename_section_in_file()`. This bug can be used to inject arbitrary configuration into a user's `$GIT_DIR/config` when attempting to remove the configuration section associated with that submodule. When the attacker injects configuration values which specify executables to run (such as `core.pager`, `core.editor`, `core.sshCommand`, etc.) this can lead to a remote code execution. A fix A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid running `git submodule deinit` on untrusted repositories or without prior inspection of any submodule sections in `$GIT_DIR/config`. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29007 |
CVE-2023-29011 | Git for Windows, the Windows port of Git, ships with an executable called `connect.exe`, which implements a SOCKS5 proxy that can be used to connect e.g. to SSH servers via proxies when certain ports are blocked for outgoing connections. The location of `connect.exe`'s config file is hard-coded as `/etc/connectrc` which will typically be interpreted as `C:\\etc\\connectrc`. Since `C:\\etc` can be created by any authenticated user, this makes `connect.exe` susceptible to malicious files being placed there by other users on the same multi-user machine. The problem has been patched in Git for Windows v2.40.1. As a workaround, create the folder `etc` on all drives where Git commands are run, and remove read/write access from those folders. Alternatively, watch out for malicious `<drive>:\\etc\\connectrc` files on multi-user machines. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29011 |
CVE-2023-29012 | Git for Windows is the Windows port of Git. Prior to version 2.40.1, any user of Git CMD who starts the command in an untrusted directory is impacted by an Uncontrolles Search Path Element vulnerability. Maliciously-placed `doskey.exe` would be executed silently upon running Git CMD. The problem has been patched in Git for Windows v2.40.1. As a workaround, avoid using Git CMD or, if using Git CMD, avoid starting it in an untrusted directory. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29012 |
CVE-2023-30549 | Apptainer is an open source container platform for Linux. There is an ext4 use-after-free flaw that is exploitable through versions of Apptainer < 1.1.0, installations that include apptainer-suid < 1.1.8, and all versions of Singularity in their default configurations on older operating systems where that CVE has not been patched. That includes Red Hat Enterprise Linux 7, Debian 10 buster (unless the linux-5.10 package is installed), Ubuntu 18.04 bionic and Ubuntu 20.04 focal. Use-after-free flaws in the kernel can be used to attack the kernel for denial of service and potentially for privilege escalation.\n\nApptainer 1.1.8 includes a patch that by default disables mounting of extfs filesystem types in setuid-root mode, while continuing to allow mounting of extfs filesystems in non-setuid "rootless" mode using fuse2fs.\n\nSome workarounds are possible. Either do not install apptainer-suid (for versions 1.1.0 through 1.1.7) or set `allow setuid = no` in apptainer.conf (or singularity.conf for singularity versions). This requires having unprivileged user namespaces enabled and except for apptainer 1.1.x versions will disallow mounting of sif files, extfs files, and squashfs files in addition to other, less significant impacts. (Encrypted sif files are also not supported unprivileged in apptainer 1.1.x.). Alternatively, use the `limit containers` options in apptainer.conf/singularity.conf to limit sif files to trusted users, groups, and/or paths, and set `allow container extfs = no` to disallow mounting of extfs overlay files. The latter option by itself does not disallow mounting of extfs overlay partitions inside SIF files, so that's why the former options are also needed. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30549 |
CVE-2023-26286 | IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the AIX runtime services library to execute arbitrary commands. IBM X-Force ID: 248421. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26286 |
CVE-2023-29596 | Buffer Overflow vulnerability found in ByronKnoll Cmix v.19 allows an attacker to execute arbitrary code and cause a denial of service via the paq8 function. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29596 |
CVE-2023-29835 | Insecure Permission vulnerability found in Wondershare Dr.Fone v.12.9.6 allows a remote attacker to escalate privileges via the service permission function. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29835 |
CVE-2023-2291 | Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus (AMP) build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. These credentials could allow a malicious actor to modify configuration data that would escalate their permissions from that of a low-privileged user to an Administrative user. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2291 |
CVE-2023-26243 | An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The decryption binary used to decrypt firmware files has an information leak that allows an attacker to read the AES key and initialization vector from memory. An attacker may exploit this to create custom firmware that may be installed in the IVI system. Then, an attacker may be able to install a backdoor in the IVI system that may allow him to control it, if it is connected to the Internet through Wi-Fi. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26243 |
CVE-2023-26244 | An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppDMClient binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the digital signature check of AppUpgrade and .lge.upgrade.xml files, which are used during the firmware installation process. This indirectly allows an attacker to use a custom version of AppUpgrade and .lge.upgrade.xml files. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26244 |
CVE-2023-26245 | An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppUpgrade binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the version check in order to install any firmware version (e.g., newer, older, or customized). This indirectly allows an attacker to install custom firmware in the IVI system. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26245 |
CVE-2023-26246 | An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppUpgrade binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the digital signature check. This indirectly allows an attacker to install custom firmware in the IVI system. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26246 |
CVE-2023-31287 | An issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. Password reset links are sent by email. A link contains a token that is used to reset the password. This token remains valid even after the password reset and can be used a second time to change the password of the corresponding user. The token expires only 3 hours after issuance and is sent as a query parameter when resetting. An attacker with access to the browser history can thus use the token again to change the password in order to take over the account. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-31287 |
CVE-2023-2331 | Unquoted service Path or Element vulnerability in 42Gears Surelock Windows SureLock Service (NixService.Exe) on Windows application will allows to insert arbitrary code into the service.\nThis issue affects Surelock Windows : from 2.3.12 through 2.40.0.\n\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2331 |
CVE-2023-2355 | Local privilege escalation due to a DLL hijacking vulnerability. The following products are affected: Acronis Snap Deploy (Windows) before build 3900. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2355 |
CVE-2022-37326 | Docker Desktop for Windows before 4.6.0 allows attackers to delete (or create) any file through the dockerBackendV2 windowscontainers/start API by controlling the pidfile field inside the DaemonJSON field in the WindowsContainerStartRequest class. This can indirectly lead to privilege escalation. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-37326 |
CVE-2023-31436 | qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-31436 |
CVE-2023-28528 | IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 251207. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28528 |
CVE-2022-48481 | In JetBrains Toolbox App before 1.28 a DYLIB injection on macOS was possible | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-48481 |
CVE-2022-38583 | On versions of Sage 300 2017 - 2022 (6.4.x - 6.9.x) which are setup in a "Windows Peer-to-Peer Network" or "Client Server Network" configuration, a low-privileged Sage 300 workstation user could abuse their access to the "SharedData" folder on the connected Sage 300 server to view and/or modify the credentials associated with Sage 300 users and SQL accounts to impersonate users and/or access the SQL database as a system administrator. With system administrator-level access to the Sage 300 MS SQL database it would be possible to create, update, and delete all records associated with the program and, depending on the configuration, execute code on the underlying database server. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-38583 |
CVE-2023-25496 | A privilege escalation vulnerability was reported in Lenovo Drivers Management Lenovo Driver Manager that could allow a local user to execute code with elevated privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25496 |
CVE-2023-2417 | A vulnerability was found in ks-soft Advanced Host Monitor up to 12.56 and classified as problematic. Affected by this issue is some unknown functionality of the file C:\\Program Files (x86)\\HostMonitor\\RMA-Win\\rma_active.exe. The manipulation leads to unquoted search path. It is possible to launch the attack on the local host. Upgrading to version 12.60 is able to address this issue. It is recommended to upgrade the affected component. VDB-227714 is the identifier assigned to this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2417 |
CVE-2022-41736 | IBM Spectrum Scale Container Native Storage Access \n\n5.1.2.1 through 5.1.6.0\n\ncontains an unspecified vulnerability that could allow a local user to obtain root privileges. IBM X-Force ID: 237810. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-41736 |
CVE-2023-2235 | A use-after-free vulnerability in the Linux Kernel Performance Events system can be exploited to achieve local privilege escalation.\n\nThe perf_group_detach function did not check the event's siblings' attach_state before calling add_event_to_groups(), but remove_on_exec made it possible to call list_del_event() on before detaching from their group, making it possible to use a dangling pointer causing a use-after-free vulnerability.\n\nWe recommend upgrading past commit fd0815f632c24878e325821943edccc7fde947a2.\n\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2235 |
CVE-2023-2236 | A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.\n\nBoth io_install_fixed_file and its callers call fput in a file in case of an error, causing a reference underflow which leads to a use-after-free vulnerability.\n\nWe recommend upgrading past commit 9d94c04c0db024922e886c9fd429659f22f48ea4.\n\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2236 |
CVE-2022-25713 | Memory corruption in Automotive due to Improper Restriction of Operations within the Bounds of a Memory Buffer while exporting a shared key. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-25713 |
CVE-2022-33281 | Memory corruption due to improper validation of array index in computer vision while testing EVA kernel without sending any frames. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-33281 |
CVE-2022-33292 | Memory corruption in Qualcomm IPC due to use after free while receiving the incoming packet and reposting it. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-33292 |
CVE-2023-21642 | Memory corruption in HAB Memory management due to broad system privileges via physical address. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21642 |
CVE-2023-28070 | \nAlienware Command Center Application, versions 5.5.43.0 and prior, contain an improper access control vulnerability. A local malicious user could potentially exploit this vulnerability during installation or update process leading to privilege escalation.\n\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28070 |
CVE-2023-27999 | An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in FortiADC 7.2.0, 7.1.0 through 7.1.1 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27999 |
CVE-2023-30986 | A vulnerability has been identified in Solid Edge SE2023 (All versions < VX.223.0 Update 3), Solid Edge SE2023 (All versions < VX.223.0 Update 2). Affected applications contain a memory corruption vulnerability while parsing specially crafted STP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19561) | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30986 |
CVE-2023-24902 | Win32k Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24902 |
CVE-2023-24905 | Remote Desktop Client Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24905 |
CVE-2023-24946 | Windows Backup Service Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24946 |
CVE-2023-24949 | Windows Kernel Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24949 |
CVE-2023-24953 | Microsoft Excel Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24953 |
CVE-2023-29336 | Win32k Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29336 |
CVE-2023-29340 | AV1 Video Extension Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29340 |
CVE-2023-29341 | AV1 Video Extension Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29341 |
CVE-2023-29343 | SysInternals Sysmon for Windows Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29343 |
CVE-2015-20107 | In Python (aka CPython) up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system mailcap file. This may allow attackers to inject shell commands into applications that call mailcap.findmatch with untrusted input (if they lack validation of user-provided filenames or arguments). The fix is also back-ported to 3.7, 3.8, 3.9 | 7.6 | https://nvd.nist.gov/vuln/detail/CVE-2015-20107 |
CVE-2017-9946 | A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3.5. An attacker with network access to the integrated web server (80/tcp and 443/tcp) could bypass the authentication and download sensitive information from the device. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2017-9946 |
CVE-2018-16556 | A vulnerability has been identified in SIMATIC S7-400 CPU 412-1 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-2 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 DP V7 (All versions), SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416-2 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 DP V7 (All versions), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416F-2 DP V7 (All versions), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 417-4 DP V7 (All versions), SIMATIC S7-400 CPU 412-2 PN V7 (All versions < V7.0.3), SIMATIC S7-400 H V4.5 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.9), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants) (All versions), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions < V8.2.1), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 V7 (All versions), SIPLUS S7-400 CPU 417-4 V7 (All versions). Specially crafted packets sent to port 102/tcp via Ethernet interface, via\r\nPROFIBUS, or via Multi Point Interfaces (MPI) could cause the affected\r\ndevices to go into defect mode. Manual reboot is required to resume normal\r\noperation.\r\n\r\nSuccessful exploitation requires an attacker to be able to send specially\r\ncrafted packets to port 102/tcp via Ethernet interface, via PROFIBUS or Multi\r\nPoint Interfaces (MPI). No user interaction and no user privileges are\r\nrequired to exploit the security vulnerability. The vulnerability could allow\r\ncausing a denial of service condition of the core functionality of the CPU,\r\ncompromising the availability of the system. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-16556 |
CVE-2019-10923 | A vulnerability has been identified in SIMATIC S7-400 CPU 414-3 PN/DP V7, SIMATIC S7-400 CPU 414F-3 PN/DP V7, SIMATIC S7-400 CPU 416-3 PN/DP V7, SIMATIC S7-400 CPU 416F-3 PN/DP V7, Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, SCALANCE X-200IRT switch family (incl. SIPLUS NET variants), SIMATIC ET 200pro IM154-8 PN/DP CPU, SIMATIC ET 200pro IM154-8F PN/DP CPU, SIMATIC ET 200pro IM154-8FX PN/DP CPU, SIMATIC ET 200S IM151-8 PN/DP CPU, SIMATIC ET 200S IM151-8F PN/DP CPU, SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 4AO U/I 4xM12, SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12, SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12, SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN: IO-Link Master, SIMATIC ET200M (incl. SIPLUS variants), SIMATIC ET200pro, SIMATIC ET200S (incl. SIPLUS variants), SIMATIC NET CP 1604, SIMATIC NET CP 1616, SIMATIC PN/PN Coupler (incl. SIPLUS NET variants), SIMATIC S7-300 CPU 314C-2 PN/DP, SIMATIC S7-300 CPU 315-2 PN/DP, SIMATIC S7-300 CPU 315F-2 PN/DP, SIMATIC S7-300 CPU 315T-3 PN/DP, SIMATIC S7-300 CPU 317-2 PN/DP, SIMATIC S7-300 CPU 317F-2 PN/DP, SIMATIC S7-300 CPU 317T-3 PN/DP, SIMATIC S7-300 CPU 317TF-3 PN/DP, SIMATIC S7-300 CPU 319-3 PN/DP, SIMATIC S7-300 CPU 319F-3 PN/DP, SIMATIC S7-400 CPU 412-2 PN V7, SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants), SIMATIC WinAC RTX 2010, SIMATIC WinAC RTX F 2010, SIMOTION, SINAMICS DCM, SINAMICS DCP, SINAMICS G110M V4.7 Control Unit, SINAMICS G120 V4.7 Control Unit (incl. SIPLUS variants), SINAMICS G130 V4.7 Control Unit, SINAMICS G150 Control Unit, SINAMICS GH150 V4.7 Control Unit, SINAMICS GL150 V4.7 Control Unit, SINAMICS GM150 V4.7 Control Unit, SINAMICS S110 Control Unit, SINAMICS S120 V4.7 Control Unit and CBE20 (incl. SIPLUS variants), SINAMICS S150 Control Unit, SINAMICS SL150 V4.7 Control Unit, SINAMICS SM120 V4.7 Control Unit, SINUMERIK 828D, SINUMERIK 840D sl, SIPLUS ET 200S IM151-8 PN/DP CPU, SIPLUS ET 200S IM151-8F PN/DP CPU, SIPLUS S7-300 CPU 314C-2 PN/DP, SIPLUS S7-300 CPU 315-2 PN/DP, SIPLUS S7-300 CPU 315F-2 PN/DP, SIPLUS S7-300 CPU 317-2 PN/DP, SIPLUS S7-300 CPU 317F-2 PN/DP, SIPLUS S7-400 CPU 414-3 PN/DP V7, SIPLUS S7-400 CPU 416-3 PN/DP V7. An attacker with network access to an affected product may cause a denial of service condition by breaking the real-time synchronization (IRT) of the affected installation. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10923 |
CVE-2019-10936 | A vulnerability has been identified in SIMATIC S7-400 CPU 414-3 PN/DP V7, SIMATIC S7-400 CPU 414F-3 PN/DP V7, SIMATIC S7-400 CPU 416-3 PN/DP V7, SIMATIC S7-400 CPU 416F-3 PN/DP V7, Development/Evaluation Kits for PROFINET IO: DK Standard Ethernet Controller, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200, Development/Evaluation Kits for PROFINET IO: EK-ERTEC 200P, SIMATIC CFU PA, SIMATIC ET 200pro IM154-8 PN/DP CPU, SIMATIC ET 200pro IM154-8F PN/DP CPU, SIMATIC ET 200pro IM154-8FX PN/DP CPU, SIMATIC ET 200S IM151-8 PN/DP CPU, SIMATIC ET 200S IM151-8F PN/DP CPU, SIMATIC ET 200SP Open Controller CPU 1515SP PC (incl. SIPLUS variants), SIMATIC ET200AL, SIMATIC ET200ecoPN, 16DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 16DO DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 4AO U/I 4xM12, SIMATIC ET200ecoPN, 8 DIO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN, 8 DO, DC24V/2A, 8xM12, SIMATIC ET200ecoPN, 8AI RTD/TC 8xM12, SIMATIC ET200ecoPN, 8AI; 4 U/I; 4 RTD/TC 8xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 4xM12, SIMATIC ET200ecoPN, 8DI, DC24V, 8xM12, SIMATIC ET200ecoPN, 8DO, DC24V/0,5A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 4xM12, SIMATIC ET200ecoPN, 8DO, DC24V/1,3A, 8xM12, SIMATIC ET200ecoPN: IO-Link Master, SIMATIC ET200M (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN BA (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN HF (incl. SIPLUS variants), SIMATIC ET200MP IM155-5 PN ST (incl. SIPLUS variants), SIMATIC ET200pro, SIMATIC ET200S (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN BA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HA (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN HS (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN ST (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/2 HF (incl. SIPLUS variants), SIMATIC ET200SP IM155-6 PN/3 HF (incl. SIPLUS variants), SIMATIC HMI Comfort Outdoor Panels 7" & 15" (incl. SIPLUS variants), SIMATIC HMI Comfort Panels 4" - 22" (incl. SIPLUS variants), SIMATIC HMI KTP Mobile Panels, SIMATIC PN/PN Coupler, SIMATIC PROFINET Driver, SIMATIC S7-1200 CPU family (incl. SIPLUS variants), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants), SIMATIC S7-1500 Software Controller, SIMATIC S7-300 CPU 314C-2 PN/DP, SIMATIC S7-300 CPU 315-2 PN/DP, SIMATIC S7-300 CPU 315F-2 PN/DP, SIMATIC S7-300 CPU 315T-3 PN/DP, SIMATIC S7-300 CPU 317-2 PN/DP, SIMATIC S7-300 CPU 317F-2 PN/DP, SIMATIC S7-300 CPU 317T-3 PN/DP, SIMATIC S7-300 CPU 317TF-3 PN/DP, SIMATIC S7-300 CPU 319-3 PN/DP, SIMATIC S7-300 CPU 319F-3 PN/DP, SIMATIC S7-400 CPU 412-2 PN V7, SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants), SIMATIC S7-400 PN/DP V6 and below CPU family (incl. SIPLUS variants), SIMATIC S7-410 V8 CPU family (incl. SIPLUS variants), SIMATIC TDC CP51M1, SIMATIC TDC CPU555, SIMATIC WinAC RTX 2010, SIMATIC WinAC RTX F 2010, SINAMICS DCM, SINAMICS DCP, SINAMICS G110M V4.7 PN Control Unit, SINAMICS G120 V4.7 PN Control Unit (incl. SIPLUS variants), SINAMICS G130 V4.7 Control Unit, SINAMICS G150 Control Unit, SINAMICS GH150 V4.7 Control Unit, SINAMICS GL150 V4.7 Control Unit, SINAMICS GM150 V4.7 Control Unit, SINAMICS S110 Control Unit, SINAMICS S120 V4.7 Control Unit (incl. SIPLUS variants), SINAMICS S150 Control Unit, SINAMICS SL150 V4.7 Control Unit, SINAMICS SM120 V4.7 Control Unit, SINUMERIK 828D, SINUMERIK 840D sl, SIPLUS ET 200S IM151-8 PN/DP CPU, SIPLUS ET 200S IM151-8F PN/DP CPU, SIPLUS NET PN/PN Coupler, SIPLUS S7-300 CPU 314C-2 PN/DP, SIPLUS S7-300 CPU 315-2 PN/DP, SIPLUS S7-300 CPU 315F-2 PN/DP, SIPLUS S7-300 CPU 317-2 PN/DP, SIPLUS S7-300 CPU 317F-2 PN/DP, SIPLUS S7-400 CPU 414-3 PN/DP V7, SIPLUS S7-400 CPU 416-3 PN/DP V7. Affected devices improperly handle large amounts of specially crafted UDP packets.\r\n\r\nThis could allow an unauthenticated remote attacker to trigger a denial of service condition. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-10936 |
CVE-2021-38385 | Tor before 0.3.5.16, 0.4.5.10, and 0.4.6.7 mishandles the relationship between batch-signature verification and single-signature verification, leading to a remote assertion failure, aka TROVE-2021-007. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-38385 |
CVE-2022-0391 | A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\\r' and '\\n' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-0391 |
CVE-2022-26498 | An issue was discovered in Asterisk through 19.x. When using STIR/SHAKEN, it is possible to download files that are not certificates. These files could be much larger than what one would expect to download, leading to Resource Exhaustion. This is fixed in 16.25.2, 18.11.2, and 19.3.2. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-26498 |
CVE-2022-1620 | NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 in GitHub repository vim/vim prior to 8.2.4901. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2729 allows attackers to cause a denial of service (application crash) via a crafted input. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-1620 |
CVE-2022-31805 | In the CODESYS Development System multiple components in multiple versions transmit the passwords for the communication between clients and servers unprotected.\n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-31805 |
CVE-2022-31212 | An issue was discovered in dbus-broker before 31. It depends on c-uitl/c-shquote to parse the DBus service's Exec line. c-shquote contains a stack-based buffer over-read if a malicious Exec line is supplied. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-31212 |
CVE-2022-31213 | An issue was discovered in dbus-broker before 31. Multiple NULL pointer dereferences can be found when supplying a malformed XML config file. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-31213 |
CVE-2022-33903 | Tor 0.4.7.x before 0.4.7.8 allows a denial of service via the wedging of RTT estimation. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-33903 |
CVE-2022-34169 | The Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets. This can be used to corrupt Java class files generated by the internal XSLTC compiler and execute arbitrary Java bytecode. Users are recommended to update to version 2.7.3 or later. Note: Java runtimes (such as OpenJDK) include repackaged copies of Xalan. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34169 |
CVE-2022-34568 | SDL v1.2 was discovered to contain a use-after-free via the XFree function at /src/video/x11/SDL_x11yuv.c. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34568 |
CVE-2022-22728 | A flaw in Apache libapreq2 versions 2.16 and earlier could cause a buffer overflow while processing multipart form uploads. A remote attacker could send a request causing a process crash which could lead to a denial of service attack. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-22728 |
CVE-2022-3705 | A vulnerability was found in vim and classified as problematic. Affected by this issue is the function qf_update_buffer of the file quickfix.c of the component autocmd Handler. The manipulation leads to use after free. The attack may be launched remotely. Upgrading to version 9.0.0805 is able to address this issue. The name of the patch is d0fab10ed2a86698937e3c3fed2f10bd9bb5e731. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-212324. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-3705 |
CVE-2022-45061 | An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-45061 |
CVE-2021-46854 | mod_radius in ProFTPD before 1.3.7c allows memory disclosure to RADIUS servers because it copies blocks of 16 characters. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-46854 |
CVE-2021-40365 | A vulnerability has been identified in SIMATIC Drive Controller family, SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants), SIMATIC S7-1200 CPU family (incl. SIPLUS variants), SIMATIC S7-1500 CPU 1510SP F-1 PN, SIMATIC S7-1500 CPU 1510SP-1 PN, SIMATIC S7-1500 CPU 1511-1 PN, SIMATIC S7-1500 CPU 1511-1 PN, SIMATIC S7-1500 CPU 1511C-1 PN, SIMATIC S7-1500 CPU 1511C-1 PN, SIMATIC S7-1500 CPU 1511F-1 PN, SIMATIC S7-1500 CPU 1511F-1 PN, SIMATIC S7-1500 CPU 1511T-1 PN, SIMATIC S7-1500 CPU 1511TF-1 PN, SIMATIC S7-1500 CPU 1512C-1 PN, SIMATIC S7-1500 CPU 1512C-1 PN, SIMATIC S7-1500 CPU 1512SP F-1 PN, SIMATIC S7-1500 CPU 1512SP-1 PN, SIMATIC S7-1500 CPU 1513-1 PN, SIMATIC S7-1500 CPU 1513-1 PN, SIMATIC S7-1500 CPU 1513F-1 PN, SIMATIC S7-1500 CPU 1513F-1 PN, SIMATIC S7-1500 CPU 1513R-1 PN, SIMATIC S7-1500 CPU 1515-2 PN, SIMATIC S7-1500 CPU 1515-2 PN, SIMATIC S7-1500 CPU 1515F-2 PN, SIMATIC S7-1500 CPU 1515F-2 PN, SIMATIC S7-1500 CPU 1515R-2 PN, SIMATIC S7-1500 CPU 1515T-2 PN, SIMATIC S7-1500 CPU 1515TF-2 PN, SIMATIC S7-1500 CPU 1516-3 PN/DP, SIMATIC S7-1500 CPU 1516-3 PN/DP, SIMATIC S7-1500 CPU 1516F-3 PN/DP, SIMATIC S7-1500 CPU 1516F-3 PN/DP, SIMATIC S7-1500 CPU 1516T-3 PN/DP, SIMATIC S7-1500 CPU 1516TF-3 PN/DP, SIMATIC S7-1500 CPU 1517-3 PN/DP, SIMATIC S7-1500 CPU 1517F-3 PN/DP, SIMATIC S7-1500 CPU 1517H-3 PN, SIMATIC S7-1500 CPU 1517T-3 PN/DP, SIMATIC S7-1500 CPU 1517TF-3 PN/DP, SIMATIC S7-1500 CPU 1518-4 PN/DP, SIMATIC S7-1500 CPU 1518-4 PN/DP MFP, SIMATIC S7-1500 CPU 1518F-4 PN/DP, SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP, SIMATIC S7-1500 CPU 1518HF-4 PN, SIMATIC S7-1500 CPU 1518T-4 PN/DP, SIMATIC S7-1500 CPU 1518TF-4 PN/DP, SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK, SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK, SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN, SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN, SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN, SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN, SIMATIC S7-1500 Software Controller, SIMATIC S7-PLCSIM Advanced, SIPLUS ET 200SP CPU 1510SP F-1 PN, SIPLUS ET 200SP CPU 1510SP F-1 PN RAIL, SIPLUS ET 200SP CPU 1510SP-1 PN, SIPLUS ET 200SP CPU 1510SP-1 PN, SIPLUS ET 200SP CPU 1510SP-1 PN RAIL, SIPLUS ET 200SP CPU 1510SP-1 PN RAIL, SIPLUS ET 200SP CPU 1512SP F-1 PN, SIPLUS ET 200SP CPU 1512SP F-1 PN, SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL, SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL, SIPLUS ET 200SP CPU 1512SP-1 PN, SIPLUS ET 200SP CPU 1512SP-1 PN, SIPLUS ET 200SP CPU 1512SP-1 PN RAIL, SIPLUS ET 200SP CPU 1512SP-1 PN RAIL, SIPLUS S7-1500 CPU 1511-1 PN, SIPLUS S7-1500 CPU 1511-1 PN, SIPLUS S7-1500 CPU 1511-1 PN, SIPLUS S7-1500 CPU 1511-1 PN, SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL, SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL, SIPLUS S7-1500 CPU 1511-1 PN TX RAIL, SIPLUS S7-1500 CPU 1511-1 PN TX RAIL, SIPLUS S7-1500 CPU 1511F-1 PN, SIPLUS S7-1500 CPU 1511F-1 PN, SIPLUS S7-1500 CPU 1513-1 PN, SIPLUS S7-1500 CPU 1513-1 PN, SIPLUS S7-1500 CPU 1513-1 PN, SIPLUS S7-1500 CPU 1513-1 PN, SIPLUS S7-1500 CPU 1513F-1 PN, SIPLUS S7-1500 CPU 1513F-1 PN, SIPLUS S7-1500 CPU 1515F-2 PN, SIPLUS S7-1500 CPU 1515F-2 PN, SIPLUS S7-1500 CPU 1515F-2 PN RAIL, SIPLUS S7-1500 CPU 1515F-2 PN T2 RAIL, SIPLUS S7-1500 CPU 1515R-2 PN, SIPLUS S7-1500 CPU 1515R-2 PN TX RAIL, SIPLUS S7-1500 CPU 1516-3 PN/DP, SIPLUS S7-1500 CPU 1516-3 PN/DP, SIPLUS S7-1500 CPU 1516-3 PN/DP, SIPLUS S7-1500 CPU 1516-3 PN/DP, SIPLUS S7-1500 CPU 1516-3 PN/DP RAIL, SIPLUS S7-1500 CPU 1516-3 PN/DP TX RAIL, SIPLUS S7-1500 CPU 1516F-3 PN/DP, SIPLUS S7-1500 CPU 1516F-3 PN/DP, SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL, SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL, SIPLUS S7-1500 CPU 1517H-3 PN, SIPLUS S7-1500 CPU 1518-4 PN/DP, SIPLUS S7-1500 CPU 1518-4 PN/DP MFP, SIPLUS S7-1500 CPU 1518F-4 PN/DP, SIPLUS S7-1500 CPU 1518HF-4 PN, SIPLUS TIM 1531 IRC, TIM 1531 IRC. Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-40365 |
CVE-2022-45197 | Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-45197 |
CVE-2022-4379 | A use-after-free vulnerability was found in __nfs42_ssc_open() in fs/nfs/nfs4file.c in the Linux kernel. This flaw allows an attacker to conduct a remote denial | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-4379 |
CVE-2022-4743 | A potential memory leak issue was discovered in SDL2 in GLES_CreateTexture() function in SDL_render_gles.c. The vulnerability allows an attacker to cause a denial of service attack. The vulnerability affects SDL2 v2.0.4 and above. SDL-1.x are not affected. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-4743 |
CVE-2022-38725 | An integer overflow in the RFC3164 parser in One Identity syslog-ng 3.0 through 3.37 allows remote attackers to cause a Denial of Service via crafted syslog input that is mishandled by the tcp or network function. syslog-ng Premium Edition 7.0.30 and syslog-ng Store Box 6.10.0 are also affected. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-38725 |
CVE-2022-3116 | The Heimdal Software Kerberos 5 implementation is vulnerable to a null pointer dereferance. An attacker with network access to an application that depends on the vulnerable code path can cause the application to crash. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-3116 |
CVE-2023-20860 | Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using "**" as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-20860 |
CVE-2022-43716 | A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions), SIMATIC CP 1243-1 (All versions), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-7 LTE EU (All versions), SIMATIC CP 1243-7 LTE US (All versions), SIMATIC CP 1243-8 IRC (All versions), SIMATIC CP 1542SP-1 (All versions), SIMATIC CP 1542SP-1 IRC (All versions), SIMATIC CP 1543SP-1 (All versions), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 Advanced (All versions < V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions), SIPLUS NET CP 1242-7 V2 (All versions), SIPLUS NET CP 443-1 (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (All versions < V3.3), SIPLUS S7-1200 CP 1243-1 (All versions), SIPLUS S7-1200 CP 1243-1 RAIL (All versions), SIPLUS TIM 1531 IRC (All versions < V2.3.6), TIM 1531 IRC (All versions < V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation which leads to a restart of the webserver of the affected product. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-43716 |
CVE-2022-43767 | A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions), SIMATIC CP 1243-1 (All versions), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-7 LTE EU (All versions), SIMATIC CP 1243-7 LTE US (All versions), SIMATIC CP 1243-8 IRC (All versions), SIMATIC CP 1542SP-1 (All versions), SIMATIC CP 1542SP-1 IRC (All versions), SIMATIC CP 1543SP-1 (All versions), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 Advanced (All versions < V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions), SIPLUS NET CP 1242-7 V2 (All versions), SIPLUS NET CP 443-1 (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (All versions < V3.3), SIPLUS S7-1200 CP 1243-1 (All versions), SIPLUS S7-1200 CP 1243-1 RAIL (All versions), SIPLUS TIM 1531 IRC (All versions < V2.3.6), TIM 1531 IRC (All versions < V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of the webserver of the affected product. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-43767 |
CVE-2022-43768 | A vulnerability has been identified in SIMATIC CP 1242-7 V2 (All versions), SIMATIC CP 1243-1 (All versions), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-7 LTE EU (All versions), SIMATIC CP 1243-7 LTE US (All versions), SIMATIC CP 1243-8 IRC (All versions), SIMATIC CP 1542SP-1 (All versions), SIMATIC CP 1542SP-1 IRC (All versions), SIMATIC CP 1543SP-1 (All versions), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 Advanced (All versions < V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions), SIPLUS NET CP 1242-7 V2 (All versions), SIPLUS NET CP 443-1 (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (All versions < V3.3), SIPLUS S7-1200 CP 1243-1 (All versions), SIPLUS S7-1200 CP 1243-1 RAIL (All versions), SIPLUS TIM 1531 IRC (All versions < V2.3.6), TIM 1531 IRC (All versions < V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation of the webserver of the affected product. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-43768 |
CVE-2023-28766 | A vulnerability has been identified in SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 6MD86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 6MD89 (CP300) (All versions >= V7.80), SIPROTEC 5 6MU85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7KE85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SA82 (CP100) (All versions), SIPROTEC 5 7SA82 (CP150) (All versions < V9.40), SIPROTEC 5 7SA86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SA87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SD82 (CP100) (All versions), SIPROTEC 5 7SD82 (CP150) (All versions < V9.40), SIPROTEC 5 7SD86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SD87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SJ81 (CP100) (All versions), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.40), SIPROTEC 5 7SJ82 (CP100) (All versions), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.40), SIPROTEC 5 7SJ85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SJ86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SK82 (CP100) (All versions), SIPROTEC 5 7SK82 (CP150) (All versions < V9.40), SIPROTEC 5 7SK85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SL82 (CP100) (All versions), SIPROTEC 5 7SL82 (CP150) (All versions < V9.40), SIPROTEC 5 7SL86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SL87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SS85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7ST85 (CP300) (All versions >= V7.80), SIPROTEC 5 7ST86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7SX82 (CP150) (All versions < V9.40), SIPROTEC 5 7SX85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UM85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UT82 (CP100) (All versions), SIPROTEC 5 7UT82 (CP150) (All versions < V9.40), SIPROTEC 5 7UT85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UT86 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7UT87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7VE85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7VK87 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 7VU85 (CP300) (All versions >= V7.80 < V9.40), SIPROTEC 5 Communication Module ETH-BA-2EL (All versions < V9.40), SIPROTEC 5 Communication Module ETH-BB-2FO (All versions < V9.40), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions < V9.40), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V9.40). Affected devices lack proper validation of http request parameters of the hosted web service.\r\nAn unauthenticated remote attacker could send specially crafted packets that could cause denial of service condition of the target device. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28766 |
CVE-2023-26964 | An issue was discovered in hyper v0.13.7. h2-0.2.4 Stream stacking occurs when the H2 component processes HTTP2 RST_STREAM frames. As a result, the memory and CPU usage are high which can lead to a Denial of Service (DoS). | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-26964 |
CVE-2023-29197 | guzzlehttp/psr7 is a PSR-7 HTTP message library implementation in PHP. Affected versions are subject to improper header parsing. An attacker could sneak in a newline (\\n) into both the header names and values. While the specification states that \\r\\n\\r\\n is used to terminate the header list, many servers in the wild will also accept \\n\\n. This is a follow-up to CVE-2022-24775 where the fix was incomplete. The issue has been patched in versions 1.9.1 and 2.4.5. There are no known workarounds for this vulnerability. Users are advised to upgrade. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-29197 |
CVE-2021-38363 | An issue was discovered in ONOS 2.5.1. In IntentManager, the install-requested intent (which causes an exception) remains in pendingMap (in memory) forever. Deletion is possible neither by a user nor by the intermittent Intent Cleanup process. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-38363 |
CVE-2022-24035 | An issue was discovered in ONOS 2.5.1. The purge-requested intent remains on the list, but it does not respond to changes in topology (e.g., link failure). In combination with other applications, it could lead to a failure of network management. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-24035 |
CVE-2022-29605 | An issue was discovered in ONOS 2.5.1. IntentManager attempts to install the IPv6 flow rules of an intent into an OpenFlow 1.0 switch that does not support IPv6. Improper handling of the difference in capabilities of the intent and switch is misleading to a network operator. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-29605 |
CVE-2022-29607 | An issue was discovered in ONOS 2.5.1. Modification of an existing intent to have the same source and destination shows the INSTALLED state without any flow rule. Improper handling of such an intent is misleading to a network operator. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-29607 |
CVE-2022-29608 | An issue was discovered in ONOS 2.5.1. An intent with a port that is an intermediate point of its path installs an invalid flow rule, causing a network loop. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-29608 |
CVE-2021-33589 | Ribose RNP before 0.15.1 does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than on the tin of the algorithm. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-33589 |
CVE-2023-26101 | In Progress Flowmon Packet Investigator before 12.1.0, a Flowmon user with access to Flowmon Packet Investigator could leverage a path-traversal vulnerability to retrieve files on the Flowmon appliance's local filesystem. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-26101 |
CVE-2023-2140 | A Server-Side Request Forgery vulnerability in DELMIA Apriso Release 2017 through Release 2022 \n\ncould allow an unauthenticated attacker to issue requests to arbitrary hosts on behalf of the server running the DELMIA Apriso application.\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2140 |
CVE-2023-24818 | RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a NULL pointer dereference. During forwarding of a fragment an uninitialized entry in the reassembly buffer is used. The NULL pointer dereference triggers a hard fault exception resulting in denial of service. Version 2022.10 fixes this issue. As a workaround, disable support for fragmented IP datagrams or apply the patches manually. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24818 |
CVE-2023-24820 | RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. An attacker can send a crafted frame to the device resulting in a large out of bounds write beyond the packet buffer. The write will create a hard fault exception after reaching the last page of RAM. The hard fault is not handled and the system will be stuck until reset. Thus the impact is denial of service. Version 2022.10 fixes this issue. As a workaround, apply the patch manually. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24820 |
CVE-2023-29480 | Ribose RNP before 0.16.3 sometimes lets secret keys remain unlocked after use. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-29480 |
CVE-2023-2251 | Uncaught Exception in GitHub repository eemeli/yaml prior to 2.0.0-5. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2251 |
CVE-2023-24821 | RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a large out of bounds write beyond the packet buffer. The write will create a hard fault exception after reaching the last page of RAM. The hard fault is not handled and the system will be stuck until reset, thus the impact is denial of service. Version 2022.10 fixes this issue. As a workaround, disable support for fragmented IP datagrams or apply the patches manually. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24821 |
CVE-2023-24822 | RIOT-OS, an operating system that supports Internet of Things devices, contains a network stack with the ability to process 6LoWPAN frames. Prior to version 2022.10, an attacker can send a crafted frame to the device resulting in a NULL pointer dereference while encoding a 6LoWPAN IPHC header. The NULL pointer dereference causes a hard fault exception, leading to denial of service. Version 2022.10 fixes this issue. As a workaround, apply the patches manually. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24822 |
CVE-2023-22915 | A buffer overflow vulnerability in the “fbwifi_forward.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.30 through 5.35, USG20(W)-VPN firmware versions 4.30 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote unauthenticated attacker to cause DoS conditions by sending a crafted HTTP request if the Facebook WiFi function were enabled on an affected device. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-22915 |
CVE-2023-22917 | A buffer overflow vulnerability in the “sdwan_iface_ipc” binary of Zyxel ATP series firmware versions 5.10 through 5.32, USG FLEX series firmware versions 5.00 through 5.32, USG FLEX 50(W) firmware versions 5.10 through 5.32, USG20(W)-VPN firmware versions 5.10 through 5.32, and VPN series firmware versions 5.00 through 5.35, which could allow a remote unauthenticated attacker to cause a core dump with a request error message on a vulnerable device by uploading a crafted configuration file. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-22917 |
CVE-2023-29780 | Third Reality Smart Blind 1.00.54 contains a denial-of-service vulnerability, which allows a remote attacker to send malicious Zigbee messages to a vulnerable device and cause crashes. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-29780 |
CVE-2023-30629 | Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.1 through 0.3.7, the Vyper compiler generates the wrong bytecode. Any contract that uses the `raw_call` with `revert_on_failure=False` and `max_outsize=0` receives the wrong response from `raw_call`. Depending on the memory garbage, the result can be either `True` or `False`. A patch is available and, as of time of publication, anticipated to be part of Vyper 0.3.8. As a workaround, one may always put `max_outsize>0`. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-30629 |
CVE-2023-29779 | Sengled Dimmer Switch V0.0.9 contains a denial of service (DOS) vulnerability, which allows a remote attacker to send malicious Zigbee messages to a vulnerable device and cause crashes. After receiving the malicious command, the device will keep reporting its status and finally drain its battery after receiving the 'Set_short_poll_interval' command. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-29779 |
CVE-2023-29552 | The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the attacker to use spoofed UDP traffic to conduct a denial-of-service attack with a significant amplification factor. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-29552 |
CVE-2023-28847 | Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. In Nextcloud Server 24.0.0 prior to 24.0.11 and 25.0.0 prior to 25.0.5; as well as Nextcloud Server Enterprise 23.0.0 prior to 23.0.12.6, 24.0.0 prior to 24.0.11, and 25.0.0 prior to 25.0.5; an attacker is not restricted in verifying passwords of share links so they can just start brute forcing the password. Nextcloud Server 24.0.11 and 25.0.5 and Nextcloud Enterprise Server 23.0.12.6, 24.0.11, and 25.0.5 contain a fix for this issue. No known workarounds are available. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28847 |
CVE-2023-23837 | No exception handling vulnerability which revealed sensitive or excessive information to users. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-23837 |
CVE-2021-23178 | Improper access control in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows attackers to validate online payments with a tokenized payment method that belongs to another user, causing the victim's payment method to be charged instead. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-23178 |
CVE-2021-23203 | Improper access control in reporting engine of Odoo Community 14.0 through 15.0, and Odoo Enterprise 14.0 through 15.0, allows remote attackers to download PDF reports for arbitrary documents, via crafted requests. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-23203 |
CVE-2023-25652 | Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, by feeding specially crafted input to `git apply --reject`, a path outside the working tree can be overwritten with partially controlled contents (corresponding to the rejected hunk(s) from the given patch). A fix is available in versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1. As a workaround, avoid using `git apply` with `--reject` when applying patches from an untrusted source. Use `git apply --stat` to inspect a patch before applying; avoid applying one that create a conflict where a link corresponding to the `*.rej` file exists. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-25652 |
CVE-2023-0045 | The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is only issued on the next schedule, when the TIF bits are checked. This leaves the victim vulnerable to values already injected on the BTB, prior to the prctl syscall. The patch that added the support for the conditional mitigation via prctl (ib_prctl_set) dates back to the kernel 4.9.176.\n\nWe recommend upgrading past commit a664ec9158eeddd75121d39c9a0758016097fa96\n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0045 |
CVE-2023-2273 | Rapid7 Insight Agent token handler versions 3.2.6 and below, suffer from a Directory Traversal vulnerability whereby unsanitized input from a CLI argument flows into io.ioutil.WriteFile, where it is used as a path. This can result in a Path Traversal vulnerability and allow an attacker to write arbitrary files. This issue is remediated in version 3.3.0 via safe guards that reject inputs that attempt to do path traversal. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2273 |
CVE-2022-25273 | Drupal core's form API has a vulnerability where certain contributed or custom modules' forms may be vulnerable to improper input validation. This could allow an attacker to inject disallowed values or overwrite data. Affected forms are uncommon, but in certain cases an attacker could alter critical or sensitive data. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-25273 |
CVE-2022-25275 | In some situations, the Image module does not correctly check access to image files not stored in the standard public files directory when generating derivative images using the image styles system. Access to a non-public file is checked only if it is stored in the "private" file system. However, some contributed modules provide additional file systems, or schemes, which may lead to this vulnerability. This vulnerability is mitigated by the fact that it only applies when the site sets (Drupal 9) $config['image.settings']['allow_insecure_derivatives'] or (Drupal 7) $conf['image_allow_insecure_derivatives'] to TRUE. The recommended and default setting is FALSE, and Drupal core does not provide a way to change that in the admin UI. Some sites may require configuration changes following this security release. Review the release notes for your Drupal version if you have issues accessing files or image styles after updating. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-25275 |
CVE-2023-1387 | Grafana is an open-source platform for monitoring and observability. \n\nStarting with the 9.1 branch, Grafana introduced the ability to search for a JWT in the URL query parameter auth_token and use it as the authentication token. \n\nBy enabling the "url_login" configuration option (disabled by default), a JWT might be sent to data sources. If an attacker has access to the data source, the leaked token could be used to authenticate to Grafana.\n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-1387 |
CVE-2023-30112 | Medicine Tracker System in PHP 1.0.0 is vulnerable to SQL Injection. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-30112 |
CVE-2022-27978 | Tooljet v1.6 does not properly handle missing values in the API, allowing attackers to arbitrarily reset passwords via a crafted HTTP request. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-27978 |
CVE-2022-44232 | libming 0.4.8 0.4.8 is vulnerable to Buffer Overflow. In getInt() in decompile.c unknown type may lead to denial of service. This is a different vulnerability than CVE-2018-9132 and CVE-2018-20427. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-44232 |
CVE-2023-30546 | Contiki-NG is an operating system for Internet of Things devices. An off-by-one error can be triggered in the Antelope database management system in the Contiki-NG operating system in versions 4.8 and prior. The problem exists in the Contiki File System (CFS) backend for the storage of data (file os/storage/antelope/storage-cfs.c). In the functions `storage_get_index` and `storage_put_index`, a buffer for merging two strings is allocated with one byte less than the maximum size of the merged strings, causing subsequent function calls to the cfs_open function to read from memory beyond the buffer size. The vulnerability has been patched in the "develop" branch of Contiki-NG, and is expected to be included in the next release. As a workaround, the problem can be fixed by applying the patch in Contiki-NG pull request #2425. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-30546 |
CVE-2022-45456 | Denial of service due to unauthenticated API endpoint. The following products are affected: Acronis Agent (Windows, macOS, Linux) before build 30161. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-45456 |
CVE-2023-27559 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted subquery. IBM X-Force ID: 249196. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-27559 |
CVE-2023-30846 | typed-rest-client is a library for Node Rest and Http Clients with typings for use with TypeScript. Users of the typed-rest-client library version 1.7.3 or lower are vulnerable to leak authentication data to 3rd parties. The flow of the vulnerability is as follows: First, send any request with `BasicCredentialHandler`, `BearerCredentialHandler` or `PersonalAccessTokenCredentialHandler`. Second, the target host may return a redirection (3xx), with a link to a second host. Third, the next request will use the credentials to authenticate with the second host, by setting the `Authorization` header. The expected behavior is that the next request will *NOT* set the `Authorization` header. The problem was fixed in version 1.8.0. There are no known workarounds. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-30846 |
CVE-2023-28770 | The sensitive information exposure vulnerability in the CGI “Export_Log” and the binary “zcmd” in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated attacker to read the system files and to retrieve the password of the supervisor from the encrypted file. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28770 |
CVE-2023-29255 | IBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as it may trap when compiling a variation of an anonymous block. IBM X-Force ID: 251991. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-29255 |
CVE-2023-2335 | \nPlaintext Password in Registry\n\n vulnerability in 42gears surelock windows surelockwinsetupv2.40.0.Exe on Windows (Registery modules) allows Retrieve \n\nAdmin user credentials\n\nThis issue affects surelock windows: from 2.3.12 through 2.40.0.\n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2335 |
CVE-2023-30380 | An issue in the component /dialog/select_media.php of DedeCMS v5.7.107 allows attackers to execute a directory traversal. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-30380 |
CVE-2023-2356 | Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2356 |
CVE-2023-27556 | IBM Counter Fraud Management for Safer Payments 6.1.0.00, 6.2.0.00, 6.3.0.00 through 6.3.1.03, 6.4.0.00 through 6.4.2.02 and 6.5.0.00 does not properly allocate resources without limits or throttling which could allow a remote attacker to cause a denial of service. IBM X-Force ID: 249190. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-27556 |
CVE-2023-27557 | IBM Counter Fraud Management for Safer Payments 6.1.0.00 through 6.1.1.02, 6.2.0.00 through 6.2.2.02, 6.3.0.00 through 6.3.1.02, 6.4.0.00 through 6.4.2.01, and 6.5.0.00 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 249192. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-27557 |
CVE-2023-28882 | Trustwave ModSecurity 3.0.5 through 3.0.8 before 3.0.9 allows a denial of service (worker crash and unresponsiveness) because some inputs cause a segfault in the Transaction class for some configurations. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28882 |
CVE-2023-2360 | Sensitive information disclosure due to CORS misconfiguration. The following products are affected: Acronis Cyber Infrastructure (ACI) before build 5.2.0-135. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2360 |
CVE-2022-41398 | The optional Global Search feature for Sage 300 through version 2022 uses a set of hard-coded credentials for the accompanying Apache Solr instance. This issue could allow attackers to login to the Solr dashboard with admin privileges and access sensitive information. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-41398 |
CVE-2022-41399 | The optional Web Screens feature for Sage 300 through version 2022 uses a hard-coded 40-byte blowfish key ("PASS_KEY") to encrypt and decrypt the database connection string for the PORTAL database found in the "dbconfig.xml". This issue could allow attackers to obtain access to the SQL database. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-41399 |
CVE-2023-2379 | A vulnerability classified as critical has been found in Ubiquiti EdgeRouter X up to 2.0.9-hotfix.6. This affects an unknown part of the component Web Service. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227655. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2379 |
CVE-2023-27555 | IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5 is vulnerable to a denial of service when attempting to use ACR client affinity for unfenced DRDA federation wrappers. IBM X-Force ID: 249187. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-27555 |
CVE-2023-30455 | An issue was discovered in ebankIT before 7. A Denial-of-Service attack is possible through the GET parameter EStatementsIds located on the /Controls/Generic/EBMK/Handlers/EStatements/DownloadEStatement.ashx endpoint. The GET parameter accepts over 100 comma-separated e-statement IDs without throwing an error. When this many IDs are supplied, the server takes around 60 seconds to respond and successfully generate the expected ZIP archive (during this time period, no other pages load). A threat actor could issue a request to this endpoint with 100+ statement IDs every 30 seconds, potentially resulting in an overload of the server for all users. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-30455 |
CVE-2023-1968 | \nInstruments with Illumina Universal Copy Service v2.x are vulnerable due to binding to an unrestricted IP address. An unauthenticated malicious actor could use UCS to listen on all IP addresses, including those capable of accepting remote communications. \n\n\n\n\n\n\n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-1968 |
CVE-2023-26021 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service as the server may crash when compiling a specially crafted SQL query using a LIMIT clause. IBM X-Force ID: 247864. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-26021 |
CVE-2023-26022 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) is vulnerable to a denial of service as the server may crash when an Out of Memory occurs using the DBMS_OUTPUT module. IBM X-Force ID: 247868. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-26022 |
CVE-2023-30858 | The Denosaurs emoji package provides emojis for dinosaurs. Starting in version 0.1.0 and prior to version 0.3.0, the reTrimSpace regex has 2nd degree polynomial inefficiency, leading to a delayed response given a big payload. The issue has been patched in 0.3.0. As a workaround, avoid using the `replace`, `unemojify`, or `strip` functions. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-30858 |
CVE-2023-31444 | In Talend Studio before 7.3.1-R2022-10 and 8.x before 8.0.1-R2022-09, microservices allow unauthenticated access to the Jolokia endpoint of the microservice. This allows for remote access to the JVM via the Jolokia JMX-HTTP bridge. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-31444 |
CVE-2023-31483 | tar/TarFileReader.cpp in Cauldron cbang before bastet-v8.1.17 has a directory traversal during extraction that allows the attacker to create or write to files outside the current directory via a crafted tar archive. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-31483 |
CVE-2023-30441 | IBM Runtime Environment, Java Technology Edition IBMJCEPlus and JSSE 8.0.7.0 through 8.0.7.11 components could expose sensitive information using a combination of flaws and configurations. IBM X-Force ID: 253188. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-30441 |
CVE-2023-30061 | D-Link DIR-879 v105A1 is vulnerable to Authentication Bypass via phpcgi. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-30061 |
CVE-2023-30063 | D-Link DIR-890L FW1.10 A1 is vulnerable to Authentication bypass. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-30063 |
CVE-2022-48186 | A certificate validation vulnerability exists in the Baiying Android application which could lead to information disclosure. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-48186 |
CVE-2023-22921 | A cross-site scripting (XSS) vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote authenticated attacker with administrator privileges to store malicious scripts using a web management interface parameter, resulting in denial-of-service (DoS) conditions on an affected device. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-22921 |
CVE-2023-22922 | A buffer overflow vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote unauthenticated attacker to cause DoS conditions by sending crafted packets if Telnet is enabled on a vulnerable device. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-22922 |
CVE-2023-27035 | An issue discovered in Obsidian Canvas 1.1.9 allows remote attackers to send desktop notifications, record user audio and other unspecified impacts via embedded website on the canvas page. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-27035 |
CVE-2022-33304 | Transient DOS due to NULL pointer dereference in Modem while performing pullup for received TCP/UDP packet. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-33304 |
CVE-2022-33305 | Transient DOS due to NULL pointer dereference in Modem while sending invalid messages in DCCH. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-33305 |
CVE-2022-34144 | Transient DOS due to reachable assertion in Modem during OSI decode scheduling. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34144 |
CVE-2022-40505 | Information disclosure due to buffer over-read in Modem while parsing DNS hostname. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-40505 |
CVE-2022-40508 | Transient DOS due to reachable assertion in Modem while processing config related to cross carrier scheduling, which is not supported. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-40508 |
CVE-2023-1809 | The Download Manager WordPress plugin before 6.3.0 leaks master key information without the need for a password, allowing attackers to download arbitrary password-protected package files. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-1809 |
CVE-2023-2473 | A vulnerability was found in Dreamer CMS up to 4.1.3. It has been declared as problematic. This vulnerability affects the function updatePwd of the file UserController.java of the component Password Hash Calculation. The manipulation leads to inefficient algorithmic complexity. The attack can be initiated remotely. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227860. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2473 |
CVE-2022-30995 | Sensitive information disclosure due to improper authentication. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30995 |
CVE-2023-27378 | \nMultiple reflected cross-site scripting (XSS) vulnerabilities exist in undisclosed pages of the BIG-IP Configuration utility which allow an attacker to run JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-27378 |
CVE-2023-29163 | \nWhen UDP profile with idle timeout set to immediate or the value 0 is configured on a virtual server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-29163 |
CVE-2017-20184 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Carlo Gavazzi Powersoft up to version 2.1.1.1 allows an unauthenticated, remote attacker to download any file from the affected device. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2017-20184 |
CVE-2023-29350 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-29350 |
CVE-2023-24898 | Windows SMB Denial of Service Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24898 |
CVE-2023-24901 | Windows NFS Portmapper Information Disclosure Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24901 |
CVE-2023-24939 | Server for NFS Denial of Service Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24939 |
CVE-2023-24940 | Windows Pragmatic General Multicast (PGM) Denial of Service Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24940 |
CVE-2023-24942 | Remote Procedure Call Runtime Denial of Service Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24942 |
CVE-2023-29335 | Microsoft Word Security Feature Bypass Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-29335 |
CVE-2021-25217 | In ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16, ISC DHCP 4.4.0 -> 4.4.2 (Other branches of ISC DHCP (i.e., releases in the 4.0.x series or lower and releases in the 4.3.x series) are beyond their End-of-Life (EOL) and no longer supported by ISC. From inspection it is clear that the defect is also present in releases from those series, but they have not been officially tested for the vulnerability), The outcome of encountering the defect while reading a lease that will trigger it varies, according to: the component being affected (i.e., dhclient or dhcpd) whether the package was built as a 32-bit or 64-bit binary whether the compiler flag -fstack-protection-strong was used when compiling In dhclient, ISC has not successfully reproduced the error on a 64-bit system. However, on a 32-bit system it is possible to cause dhclient to crash when reading an improper lease, which could cause network connectivity problems for an affected system due to the absence of a running DHCP client process. In dhcpd, when run in DHCPv4 or DHCPv6 mode: if the dhcpd server binary was built for a 32-bit architecture AND the -fstack-protection-strong flag was specified to the compiler, dhcpd may exit while parsing a lease file containing an objectionable lease, resulting in lack of service to clients. Additionally, the offending lease and the lease immediately following it in the lease database may be improperly deleted. if the dhcpd server binary was built for a 64-bit architecture OR if the -fstack-protection-strong compiler flag was NOT specified, the crash will not occur, but it is possible for the offending lease and the lease which immediately followed it to be improperly deleted. | 7.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-25217 |
CVE-2023-24461 | \nAn improper certificate validation vulnerability exists in the BIG-IP Edge Client for Windows and macOS and may allow an attacker to impersonate a BIG-IP APM system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 7.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-24461 |
CVE-2023-24948 | Windows Bluetooth Driver Elevation of Privilege Vulnerability | 7.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-24948 |
CVE-2023-26293 | A vulnerability has been identified in Totally Integrated Automation Portal (TIA Portal) V15 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 6), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 1). Affected products contain a path traversal vulnerability that could allow the creation or overwrite of arbitrary files in the engineering system. If the user is tricked to open a malicious PC system configuration file, an attacker could exploit this vulnerability to achieve arbitrary code execution. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-26293 |
CVE-2023-1731 | In LTOS versions prior to V7.06.013, the configuration file upload function would not correctly validate the input, which would allow an remote authenticated attacker with high privileges to execute arbitrary commands.\n | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-1731 |
CVE-2023-22914 | A path traversal vulnerability in the “account_print.cgi” CGI program of Zyxel USG FLEX series firmware versions 4.50 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow a remote authenticated attacker with administrator privileges to execute unauthorized OS commands in the “tmp” directory by uploading a crafted file if the hotspot function were enabled. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-22914 |
CVE-2023-2259 | Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-2259 |
CVE-2022-45291 | PWS Personal Weather Station Dashboard (PWS_Dashboard) LTS December 2020 (2012_lts) allows remote code execution by injecting PHP code into settings.php. Attacks can use the PWS_printfile.php, PWS_frame_text.php, PWS_listfile.php, PWS_winter.php, and PWS_easyweathersetup.php endpoints. A contributing factor is a hardcoded login password of support, which is not documented. (This is not the same as the documented setup password, which is 12345.) The issue was fixed in late 2022. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-45291 |
CVE-2022-36769 | \nIBM Cloud Pak for Data 4.5 and 4.6 could allow a privileged user to upload malicious files of dangerous types that can be automatically processed within the product's environment. IBM X-Force ID: 232034.\n\n | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-36769 |
CVE-2023-29257 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to remote code execution as a database administrator of one database may execute code or read/write files from another database within the same instance. IBM X-Force ID: 252011. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-29257 |
CVE-2022-25277 | Drupal core sanitizes filenames with dangerous extensions upon upload (reference: SA-CORE-2020-012) and strips leading and trailing dots from filenames to prevent uploading server configuration files (reference: SA-CORE-2019-010). However, the protections for these two vulnerabilities previously did not work correctly together. As a result, if the site were configured to allow the upload of files with an htaccess extension, these files' filenames would not be properly sanitized. This could allow bypassing the protections provided by Drupal core's default .htaccess files and possible remote code execution on Apache web servers. This issue is mitigated by the fact that it requires a field administrator to explicitly configure a file field to allow htaccess as an extension (a restricted permission), or a contributed module or custom code that overrides allowed file uploads. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-25277 |
CVE-2023-2419 | A vulnerability was found in Zhong Bang CRMEB 4.6.0. It has been declared as critical. This vulnerability affects the function videoUpload of the file \\crmeb\\app\\services\\system\\attachment\\SystemAttachmentServices.php. The manipulation of the argument filename leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227716. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-2419 |
CVE-2023-0924 | The ZYREX POPUP WordPress plugin through 1.0 does not validate the type of files uploaded when creating a popup, allowing a high privileged user (such as an Administrator) to upload arbitrary files, even when modifying the file system is disallowed, such as in a multisite install. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-0924 |
CVE-2023-1669 | The SEOPress WordPress plugin before 6.5.0.3 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-1669 |
CVE-2023-28742 | \nWhen DNS is provisioned, an authenticated remote command execution vulnerability exists in DNS iQuery mesh.\n\n \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-28742 |
CVE-2023-28832 | A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). The web based management of affected devices does not properly validate user input, making it susceptible to command injection. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-28832 |
CVE-2023-24955 | Microsoft SharePoint Server Remote Code Execution Vulnerability | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-24955 |
CVE-2019-13939 | A vulnerability has been identified in APOGEE MEC/MBC/PXC (P2) (All versions < V2.8.2), APOGEE PXC Series (BACnet) (All versions < V3.5.3), APOGEE PXC Series (P2) (All versions >= V2.8.2 and < V2.8.19), Desigo PXC00-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC00-U (All versions >= V2.3x and < V6.00.327), Desigo PXC001-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC100-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC12-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC128-U (All versions >= V2.3x and < V6.00.327), Desigo PXC200-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC22-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC22.1-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC36.1-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC50-E.D (All versions >= V2.3x and < V6.00.327), Desigo PXC64-U (All versions >= V2.3x and < V6.00.327), Desigo PXM20-E (All versions >= V2.3x and < V6.00.327), Nucleus NET (All versions), Nucleus RTOS (All versions), Nucleus ReadyStart for ARM, MIPS, and PPC (All versions < V2017.02.2 with patch "Nucleus 2017.02.02 Nucleus NET Patch"), Nucleus SafetyCert (All versions), Nucleus Source Code (All versions), SIMOTICS CONNECT 400 (All versions < V0.3.0.330), TALON TC Series (BACnet) (All versions < V3.5.3), VSTAR (All versions). By sending specially crafted DHCP packets to a device where the DHCP client is enabled, an attacker could change the IP address of the device to an invalid value. The vulnerability could affect availability and integrity of the device. Adjacent network access is required, but no authentication and no user interaction is needed to conduct an attack. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-13939 |
CVE-2022-2287 | Out-of-bounds Read in GitHub repository vim/vim prior to 9.0. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-2287 |
CVE-2022-47092 | GPAC MP4box 2.1-DEV-rev574-g9d5bb184b is contains an Integer overflow vulnerability in gf_hevc_read_sps_bs_internal function of media_tools/av_parsers.c:8316 | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-47092 |
CVE-2023-26099 | An issue was discovered in Telindus Apsal 3.14.2022.235 b. The consultation permission is insecure. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-26099 |
CVE-2023-28089 | An HPE OneView appliance dump may expose FTP credentials for c7000 Interconnect Modules | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-28089 |
CVE-2022-31647 | Docker Desktop before 4.6.0 on Windows allows attackers to delete any file through the hyperv/destroy dockerBackendV2 API via a symlink in the DataFolder parameter, a different vulnerability than CVE-2022-26659. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-31647 |
CVE-2022-34292 | Docker Desktop for Windows before 4.6.0 allows attackers to overwrite any file through a symlink attack on the hyperv/create dockerBackendV2 API by controlling the DataFolder parameter for DockerDesktop.vhdx, a similar issue to CVE-2022-31647. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-34292 |
CVE-2023-2460 | Insufficient validation of untrusted input in Extensions in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to bypass file access checks via a crafted HTML page. (Chromium security severity: Medium) | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-2460 |
CVE-2023-28724 | \nNGINX Management Suite default file permissions are set such that an authenticated attacker may be able to modify sensitive files on NGINX Instance Manager and NGINX API Connectivity Manager. \n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\n\n | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-28724 |
CVE-2023-24904 | Windows Installer Elevation of Privilege Vulnerability | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-24904 |
CVE-2023-28466 | do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference). | 7 | https://nvd.nist.gov/vuln/detail/CVE-2023-28466 |
CVE-2023-1989 | A use-after-free flaw was found in btsdio_remove in drivers\\bluetooth\\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2023-1989 |
CVE-2023-1872 | A use-after-free vulnerability in the Linux Kernel io_uring system can be exploited to achieve local privilege escalation.\n\nThe io_file_get_fixed function lacks the presence of ctx->uring_lock which can lead to a Use-After-Free vulnerability due a race condition with fixed files getting unregistered.\n\nWe recommend upgrading past commit da24142b1ef9fd5d36b76e36bab328a5b27523e8.\n\n | 7 | https://nvd.nist.gov/vuln/detail/CVE-2023-1872 |
CVE-2023-2006 | A race condition was found in the Linux kernel's RxRPC network protocol, within the processing of RxRPC bundles. This issue results from the lack of proper locking when performing operations on an object. This may allow an attacker to escalate privileges and execute arbitrary code in the context of the kernel. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2023-2006 |
CVE-2023-24899 | Windows Graphics Component Elevation of Privilege Vulnerability | 7 | https://nvd.nist.gov/vuln/detail/CVE-2023-24899 |
CVE-2023-1079 | A flaw was found in the Linux kernel. A use-after-free may be triggered in asus_kbd_backlight_set when plugging/disconnecting in a malicious USB device, which advertises itself as an Asus device. Similarly to the previous known CVE-2023-25012, but in asus devices, the work_struct may be scheduled by the LED controller while the device is disconnecting, triggering a use-after-free on the struct asus_kbd_leds *led structure. A malicious USB device may exploit the issue to cause memory corruption with controlled data. | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1079 |
CVE-2023-2228 | Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.1.0. | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2228 |
CVE-2021-44476 | A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read local files on the server, including sensitive configuration files. | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-44476 |
CVE-2023-25832 | There is a cross-site-request forgery vulnerability in Esri Portal for ArcGIS Versions 11.0 and below that may allow an attacker to trick an authorized user into executing unwanted actions. | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25832 |
CVE-2022-35868 | A vulnerability has been identified in TIA Multiuser Server V14 (All versions), TIA Multiuser Server V15 (All versions < V15.1 Update 8), TIA Project-Server (All versions < V1.1), TIA Project-Server V16 (All versions), TIA Project-Server V17 (All versions < V17 Update 6). Affected applications contain an untrusted search path vulnerability that could allow an attacker to escalate privileges, when tricking a legitimate user to start the service from an attacker controlled path. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-35868 |
CVE-2023-2194 | An out-of-bounds write vulnerability was found in the Linux kernel's SLIMpro I2C device driver. The userspace "data->block[0]" variable was not capped to a number between 0-255 and was used as the size of a memcpy, possibly writing beyond the end of dma_buffer. This flaw could allow a local privileged user to crash the system or potentially achieve code execution. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-2194 |
CVE-2023-24932 | Secure Boot Security Feature Bypass Vulnerability | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-24932 |
CVE-2022-41115 | Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability. | 6.6 | https://nvd.nist.gov/vuln/detail/CVE-2022-41115 |
CVE-2023-1073 | A memory corruption flaw was found in the Linux kernel’s human interface device (HID) subsystem in how a user inserts a malicious USB device. This flaw allows a local user to crash or potentially escalate their privileges on the system. | 6.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-1073 |
CVE-2018-4843 | A vulnerability has been identified in SIMATIC S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 414F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), SIMATIC S7-400 CPU 416F-3 PN/DP V7 (All versions < V7.0.3), SIMATIC CP 343-1 (incl. SIPLUS variants) (All versions), SIMATIC CP 343-1 Advanced (incl. SIPLUS variants) (All versions), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 (All versions < V3.3), SIMATIC CP 443-1 Advanced (All versions < V3.3), SIMATIC ET 200pro IM154-8 PN/DP CPU (All versions < V3.2.16), SIMATIC ET 200pro IM154-8F PN/DP CPU (All versions < V3.2.16), SIMATIC ET 200pro IM154-8FX PN/DP CPU (All versions < V3.2.16), SIMATIC ET 200S IM151-8 PN/DP CPU (All versions < V3.2.16), SIMATIC ET 200S IM151-8F PN/DP CPU (All versions < V3.2.16), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions < V1.7.0), SIMATIC S7-1500 Software Controller (All versions < V1.7.0), SIMATIC S7-300 CPU 314C-2 PN/DP (All versions < V3.3.16), SIMATIC S7-300 CPU 315-2 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 315F-2 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 315T-3 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 317-2 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 317F-2 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 317T-3 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 317TF-3 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 319-3 PN/DP (All versions < V3.2.16), SIMATIC S7-300 CPU 319F-3 PN/DP (All versions < V3.2.16), SIMATIC S7-400 CPU 412-2 PN V7 (All versions < V7.0.3), SIMATIC S7-400 H V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.9), SIMATIC S7-400 PN/DP V6 CPU family (incl. SIPLUS variants) (All versions < V6.0.7), SIMATIC S7-410 CPU family (incl. SIPLUS variants) (All versions < V8.1), SIMATIC WinAC RTX 2010 (All versions < V2010 SP3), SIMATIC WinAC RTX F 2010 (All versions < V2010 SP3), SINUMERIK 828D (All versions < V4.7 SP6 HF1), SIPLUS ET 200S IM151-8 PN/DP CPU (All versions < V3.2.16), SIPLUS ET 200S IM151-8F PN/DP CPU (All versions < V3.2.16), SIPLUS NET CP 443-1 (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (All versions < V3.3), SIPLUS S7-300 CPU 314C-2 PN/DP (All versions < V3.3.16), SIPLUS S7-300 CPU 315-2 PN/DP (All versions < V3.2.16), SIPLUS S7-300 CPU 315F-2 PN/DP (All versions < V3.2.16), SIPLUS S7-300 CPU 317-2 PN/DP (All versions < V3.2.16), SIPLUS S7-300 CPU 317F-2 PN/DP (All versions < V3.2.16), SIPLUS S7-400 CPU 414-3 PN/DP V7 (All versions < V7.0.3), SIPLUS S7-400 CPU 416-3 PN/DP V7 (All versions < V7.0.3), Softnet PROFINET IO for PC-based Windows systems (All versions). Responding to a PROFINET DCP request with a specially crafted PROFINET DCP packet could cause a denial of service condition of the requesting system.\r\n\r\nThe security vulnerability could be exploited by an attacker located on the same Ethernet segment (OSI Layer 2) as the targeted device. A manual restart is required to recover the system. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-4843 |
CVE-2021-28363 | The urllib3 library 1.26.x before 1.26.4 for Python omits SSL certificate validation in some cases involving HTTPS to HTTPS proxies. The initial connection to the HTTPS proxy (if an SSLContext isn't given via proxy_config) doesn't verify the hostname of the certificate. This means certificates for different servers that still validate properly with the default urllib3 SSLContext will be silently accepted. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-28363 |
CVE-2022-0108 | Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-0108 |
CVE-2022-2928 | In ISC DHCP 4.4.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1, when the function option_code_hash_lookup() is called from add_option(), it increases the option's refcount field. However, there is not a corresponding call to option_dereference() to decrement the refcount field. The function add_option() is only used in server responses to lease query packets. Each lease query response calls this function for several options, so eventually, the reference counters could overflow and cause the server to abort. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-2928 |
CVE-2022-2929 | In ISC DHCP 1.0 -> 4.4.3, ISC DHCP 4.1-ESV-R1 -> 4.1-ESV-R16-P1 a system with access to a DHCP server, sending DHCP packets crafted to include fqdn labels longer than 63 bytes, could eventually cause the server to run out of memory. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-2929 |
CVE-2022-42010 | An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message with certain invalid type signatures. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-42010 |
CVE-2022-42011 | An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash when receiving a message where an array length is inconsistent with the size of the element type. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-42011 |
CVE-2022-42012 | An issue was discovered in D-Bus before 1.12.24, 1.13.x and 1.14.x before 1.14.4, and 1.15.x before 1.15.2. An authenticated attacker can cause dbus-daemon and other programs that use libdbus to crash by sending a message with attached file descriptors in an unexpected format. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-42012 |
CVE-2022-3957 | A vulnerability classified as problematic was found in GPAC. Affected by this vulnerability is the function svg_parse_preserveaspectratio of the file scenegraph/svg_attributes.c of the component SVG Parser. The manipulation leads to memory leak. The attack can be launched remotely. The name of the patch is 2191e66aa7df750e8ef01781b1930bea87b713bb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213463. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-3957 |
CVE-2022-4187 | Insufficient policy enforcement in DevTools in Google Chrome on Windows prior to 108.0.5359.71 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium) | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-4187 |
CVE-2022-3643 | Guests can trigger NIC interface reset/abort/crash via netback It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux based network backend by sending certain kinds of packets. It appears to be an (unwritten?) assumption in the rest of the Linux network stack that packet protocol headers are all contained within the linear section of the SKB and some NICs behave badly if this is not the case. This has been reported to occur with Cisco (enic) and Broadcom NetXtrem II BCM5780 (bnx2x) though it may be an issue with other NICs/drivers as well. In case the frontend is sending requests with split headers, netback will forward those violating above mentioned assumption to the networking core, resulting in said misbehavior. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-3643 |
CVE-2022-46875 | The executable file warning was not presented when downloading .atloc and .ftploc files, which can run commands on a user's computer. <br>*Note: This issue only affected Mac OS operating systems. Other operating systems are unaffected.*. This vulnerability affects Firefox < 108, Firefox ESR < 102.6, and Thunderbird < 102.6. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-46875 |
CVE-2022-46880 | A missing check related to tex units could have led to a use-after-free and potentially exploitable crash.<br />*Note*: This advisory was added on December 13th, 2022 after we better understood the impact of the issue. The fix was included in the original release of Firefox 105. This vulnerability affects Firefox ESR < 102.6, Firefox < 105, and Thunderbird < 102.6. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-46880 |
CVE-2023-0130 | Inappropriate implementation in in Fullscreen API in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0130 |
CVE-2023-0131 | Inappropriate implementation in in iframe Sandbox in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to bypass file download restrictions via a crafted HTML page. (Chromium security severity: Medium) | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0131 |
CVE-2023-0132 | Inappropriate implementation in in Permission prompts in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to force acceptance of a permission prompt via a crafted HTML page. (Chromium security severity: Medium) | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0132 |
CVE-2023-0133 | Inappropriate implementation in in Permission prompts in Google Chrome on Android prior to 109.0.5414.74 allowed a remote attacker to bypass main origin permission delegation via a crafted HTML page. (Chromium security severity: Medium) | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0133 |
CVE-2023-0139 | Insufficient validation of untrusted input in Downloads in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass download restrictions via a crafted HTML page. (Chromium security severity: Low) | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0139 |
CVE-2023-0140 | Inappropriate implementation in in File System API in Google Chrome on Windows prior to 109.0.5414.74 allowed a remote attacker to bypass file system restrictions via a crafted HTML page. (Chromium security severity: Low) | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0140 |
CVE-2023-23589 | The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-23589 |
CVE-2023-21719 | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21719 |
CVE-2023-24857 | Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24857 |
CVE-2023-30456 | An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64 lacks consistency checks for CR0 and CR4. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-30456 |
CVE-2023-22950 | An issue was discovered in TigerGraph Enterprise Free Edition 3.x. Data loading jobs in gsql_server, created by any user with designer permissions, can read sensitive data from arbitrary locations. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-22950 |
CVE-2021-38364 | An issue was discovered in ONOS 2.5.1. There is an incorrect comparison of flow rules installed by intents. A remote attacker can install or remove a new intent, and consequently modify or delete the existing flow rules related to other intents. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-38364 |
CVE-2022-24109 | An issue was discovered in ONOS 2.5.1. To attack an intent installed by a normal user, a remote attacker can install a duplicate intent with a different key, and then remove the duplicate one. This will remove the flow rules of the intent, even though the intent still exists in the controller. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-24109 |
CVE-2023-28459 | pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non-default feature). Users were able to upload crafted HTML documents that trigger the reading of arbitrary files. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28459 |
CVE-2023-27353 | This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Sonos One Speaker 70.3-35220. Authentication is not required to exploit this vulnerability. The specific flaw exists within the msprox endpoint. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-19846. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-27353 |
CVE-2023-27354 | This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Sonos One Speaker 70.3-35220. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of the SMB directory query command. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before reading from memory. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-19727. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-27354 |
CVE-2023-29020 | @fastify/passport is a port of passport authentication library for the Fastify ecosystem. The CSRF (Cross-Site Request Forger) protection enforced by the `@fastify/csrf-protection` library, when combined with `@fastify/passport` in affected versions, can be bypassed by network and same-site attackers. `fastify/csrf-protection` implements the synchronizer token pattern (using plugins `@fastify/session` and `@fastify/secure-session`) by storing a random value used for CSRF token generation in the `_csrf` attribute of a user's session. The `@fastify/passport` library does not clear the session object upon authentication, preserving the `_csrf` attribute between pre-login and authenticated sessions. Consequently, CSRF tokens generated before authentication are still valid. Network and same-site attackers can thus obtain a CSRF token for their pre-session, fixate that pre-session in the victim's browser via cookie tossing, and then perform a CSRF attack after the victim authenticates. As a solution, newer versions of `@fastify/passport` include the configuration options: `clearSessionOnLogin (default: true)` and `clearSessionIgnoreFields (default: ['passport', 'session'])` to clear all the session attributes by default, preserving those explicitly defined in `clearSessionIgnoreFields`. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-29020 |
CVE-2023-22918 | A post-authentication information exposure vulnerability in the CGI program of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, VPN series firmware versions 4.30 through 5.35, NWA110AX firmware version 6.50(ABTG.2) and earlier versions, WAC500 firmware version 6.50(ABVS.0) and earlier versions, and WAX510D firmware version 6.50(ABTF.2) and earlier versions, which could allow a remote authenticated attacker to retrieve encrypted information of the administrator on an affected device. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-22918 |
CVE-2023-1623 | The Custom Post Type UI WordPress plugin before 1.13.5 does not properly check for CSRF when sending the debug information to a user supplied email, which could allow attackers to make a logged in admin send such information to an arbitrary email address via a CSRF attack. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-1623 |
CVE-2023-1624 | The WPCode WordPress plugin before 2.0.9 has a flawed CSRF when deleting log, and does not ensure that the file to be deleted is inside the expected folder. This could allow attackers to make users with the wpcode_activate_snippets capability delete arbitrary log files on the server, including outside of the blog folders | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-1624 |
CVE-2023-29530 | Laminas Diactoros provides PSR HTTP Message implementations. In versions 2.18.0 and prior, 2.19.0, 2.20.0, 2.21.0, 2.22.0, 2.23.0, 2.24.0, and 2.25.0, users who create HTTP requests or responses using laminas/laminas-diactoros, when providing a newline at the start or end of a header key or value, can cause an invalid message. This can lead to denial of service vectors or application errors. The problem has been patched in following versions 2.18.1, 2.19.1, 2.20.1, 2.21.1, 2.22.1, 2.23.1, 2.24.1, and 2.25.1. As a workaround, validate HTTP header keys and/or values, and if using user-supplied values, filter them to strip off leading or trailing newline characters before calling `withHeader()`. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-29530 |
CVE-2023-28484 | In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28484 |
CVE-2023-29469 | An issue was discovered in libxml2 before 2.10.4. When hashing empty dict strings in a crafted XML document, xmlDictComputeFastKey in dict.c can produce non-deterministic values, leading to various logic and memory errors, such as a double free. This behavior occurs because there is an attempt to use the first byte of an empty string, and any value is possible (not solely the '\\0' value). | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-29469 |
CVE-2023-26057 | An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to the Configuration Dashboard page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as Jsession-id, a CSRF token, and an Nxsrf token would be needed. The attack can realistically only be performed by an internal user. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-26057 |
CVE-2023-26058 | An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to a Performance Manager page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as Jsession-id, a CSRF token, and an Nxsrf token would be needed. The attack can realistically only be performed by an internal user. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-26058 |
CVE-2023-23838 | Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-23838 |
CVE-2023-29200 | Contao is an open source content management system. Prior to versions 4.9.40, 4.13.21, and 5.1.4, logged in users can list arbitrary system files in the file manager by manipulating the Ajax request. However, it is not possible to read the contents of these files. Users should update to Contao 4.9.40, 4.13.21 or 5.1.4 to receive a patch. There are no known workarounds. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-29200 |
CVE-2023-30545 | PrestaShop is an Open Source e-commerce web application. Prior to versions 8.0.4 and 1.7.8.9, it is possible for a user with access to the SQL Manager (Advanced Options -> Database) to arbitrarily read any file on the operating system when using SQL function `LOAD_FILE` in a `SELECT` request. This gives the user access to critical information. A patch is available in PrestaShop 8.0.4 and PS 1.7.8.9\n | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-30545 |
CVE-2021-23176 | Improper access control in reporting engine of l10n_fr_fec module in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows remote authenticated users to extract accounting information via crafted RPC packets. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-23176 |
CVE-2022-40723 | The PingID RADIUS PCV adapter for PingFederate, which supports RADIUS authentication with PingID MFA, is vulnerable to MFA bypass under certain configurations. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-40723 |
CVE-2023-2282 | Improper access control in the Web Login listener in Devolutions Remote Desktop Manager 2023.1.22 and earlier on Windows allows an authenticated user to bypass administrator-enforced Web Login restrictions and gain access to entries via an unexpected vector.\n | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2282 |
CVE-2023-23839 | The SolarWinds Platform was susceptible to the Exposure of Sensitive Information Vulnerability. This vulnerability allows users to access Orion.WebCommunityStrings SWIS schema object and obtain sensitive information. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-23839 |
CVE-2023-24512 | On affected platforms running Arista EOS, an authorized attacker with permissions to perform gNMI requests could craft a request allowing it to update arbitrary configurations in the switch. This situation occurs only when the Streaming Telemetry Agent (referred to as the TerminAttr agent) is enabled and gNMI access is configured on the agent. Note: This gNMI over the Streaming Telemetry Agent scenario is mostly commonly used when streaming to a 3rd party system and is not used by default when streaming to CloudVision | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24512 |
CVE-2023-26560 | Northern.tech CFEngine Enterprise before 3.21.1 allows a subset of authenticated users to leverage the Scheduled Reports feature to read arbitrary files and potentially discover credentials. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-26560 |
CVE-2023-30265 | CLTPHP <=6.0 is vulnerable to Directory Traversal. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-30265 |
CVE-2022-25278 | Under certain circumstances, the Drupal core form API evaluates form element access incorrectly. This may lead to a user being able to alter data they should not have access to. No forms provided by Drupal core are known to be vulnerable. However, forms added through contributed or custom modules or themes may be affected. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-25278 |
CVE-2023-2307 | Cross-Site Request Forgery (CSRF) in GitHub repository builderio/qwik prior to 0.104.0. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2307 |
CVE-2023-31250 | The file download facility doesn't sufficiently sanitize file paths in certain situations. This may result in users gaining access to private files that they should not have access to. Some sites may require configuration changes following this security release. Review the release notes for your Drupal version if you have issues accessing private files after updating. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-31250 |
CVE-2023-30843 | Payload is a free and open source headless content management system. In versions prior to 1.7.0, if a user has access to documents that contain hidden fields or fields they do not have access to, the user could reverse-engineer those values via brute force. Version 1.7.0 contains a patch. As a workaround, write a `beforeOperation` hook to remove `where` queries that attempt to access hidden field data. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-30843 |
CVE-2023-2336 | Path Traversal in GitHub repository pimcore/pimcore prior to 10.5.21. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2336 |
CVE-2023-30444 | IBM Watson Machine Learning on Cloud Pak for Data 4.0 and 4.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 253350. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-30444 |
CVE-2023-2380 | A vulnerability, which was classified as problematic, was found in Netgear SRX5308 up to 4.3.5-3. Affected is an unknown function. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-227658 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2380 |
CVE-2023-26782 | An issue discovered in mccms 2.6.1 allows remote attackers to cause a denial of service via Backend management interface ->System Configuration->Cache Configuration->Cache security characters. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-26782 |
CVE-2023-29058 | A valid, authenticated XCC user with read-only permissions can modify custom user roles on other user accounts and the user trespass message through the XCC CLI. There is no exposure if SSH is disabled or if there are no users assigned optional read-only permissions. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-29058 |
CVE-2023-2408 | A vulnerability, which was classified as critical, has been found in SourceCodester AC Repair and Services System 1.0. Affected by this issue is some unknown functionality of the file services/view.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-227702 is the identifier assigned to this vulnerability. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2408 |
CVE-2023-2409 | A vulnerability, which was classified as critical, was found in SourceCodester AC Repair and Services System 1.0. This affects an unknown part of the file /admin/services/view_service.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227703. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2409 |
CVE-2023-2410 | A vulnerability has been found in SourceCodester AC Repair and Services System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/bookings/view_booking.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227704. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2410 |
CVE-2023-2411 | A vulnerability was found in SourceCodester AC Repair and Services System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/inquiries/view_inquiry.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227705 was assigned to this vulnerability. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2411 |
CVE-2023-2412 | A vulnerability was found in SourceCodester AC Repair and Services System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/user/manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-227706 is the identifier assigned to this vulnerability. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2412 |
CVE-2023-2413 | A vulnerability was found in SourceCodester AC Repair and Services System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/bookings/manage_booking.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227707. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2413 |
CVE-2023-22923 | A format string vulnerability in a binary of the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote authenticated attacker to cause denial-of-service (DoS) conditions on an affected device. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-22923 |
CVE-2023-26987 | An issue discovered in Konga 0.14.9 allows remote attackers to manipulate user accounts regardless of privilege via crafted POST request. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-26987 |
CVE-2023-1125 | The Ruby Help Desk WordPress plugin before 1.3.4 does not ensure that the ticket being modified belongs to the user making the request, allowing an attacker to close and/or add files and replies to tickets other than their own. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-1125 |
CVE-2023-2459 | Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to bypass permission restrictions via a crafted HTML page. (Chromium security severity: Medium) | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2459 |
CVE-2023-0485 | An issue has been discovered in GitLab affecting all versions starting from 13.11 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. It was possible that a project member demoted to a user role to read project updates by doing a diff with a pre-existing fork. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0485 |
CVE-2023-1965 | An issue has been discovered in GitLab EE affecting all versions starting from 14.2 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Lack of verification on RelayState parameter allowed a maliciously crafted URL to obtain access tokens granted for 3rd party Group SAML SSO logins. This feature isn't enabled by default. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-1965 |
CVE-2023-24944 | Windows Bluetooth Driver Information Disclosure Vulnerability | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24944 |
CVE-2023-24950 | Microsoft SharePoint Server Spoofing Vulnerability | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24950 |
CVE-2023-24954 | Microsoft SharePoint Server Information Disclosure Vulnerability | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24954 |
CVE-2023-29324 | Windows MSHTML Platform Security Feature Bypass Vulnerability | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-29324 |
CVE-2023-30772 | The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/power/supply/da9150-charger.c if a physically proximate attacker unplugs a device. | 6.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-30772 |
CVE-2023-1611 | A use-after-free flaw was found in btrfs_search_slot in fs/btrfs/ctree.c in btrfs in the Linux Kernel.This flaw allows an attacker to crash the system and possibly cause a kernel information lea | 6.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-1611 |
CVE-2023-1855 | A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon). This flaw could allow a local attacker to crash the system due to a race problem. This vulnerability could even lead to a kernel information leak problem. | 6.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-1855 |
CVE-2023-29002 | Cilium is a networking, observability, and security solution with an eBPF-based dataplane. When run in debug mode, Cilium will log the contents of the `cilium-secrets` namespace. This could include data such as TLS private keys for Ingress and GatewayAPI resources. An attacker with access to debug output from the Cilium containers could use the resulting output to intercept and modify traffic to and from the affected cluster. Output of the sensitive information would occur at Cilium agent restart, when secrets in the namespace are modified, and on creation of Ingress or GatewayAPI resources. This vulnerability is fixed in Cilium releases 1.11.16, 1.12.9, and 1.13.2. Users unable to upgrade should disable debug mode. | 6.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-29002 |
CVE-2022-38730 | Docker Desktop for Windows before 4.6 allows attackers to overwrite any file through the windowscontainers/start dockerBackendV2 API by controlling the data-root field inside the DaemonJSON field in the WindowsContainerStartRequest class. This allows exploiting a symlink vulnerability in ..\\dataRoot\\network\\files\\local-kv.db because of a TOCTOU race condition. | 6.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-38730 |
CVE-2021-3654 | A vulnerability was found in openstack-nova's console proxy, noVNC. By crafting a malicious URL, noVNC could be made to redirect to any desired URL. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-3654 |
CVE-2022-25772 | A cross-site scripting (XSS) vulnerability in the web tracking component of Mautic before 4.3.0 allows remote attackers to inject executable javascript | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-25772 |
CVE-2023-26100 | In Progress Flowmon before 12.2.0, an application endpoint failed to sanitize user-supplied input. A threat actor could leverage a reflected XSS vulnerability to execute arbitrary code within the context of a Flowmon user's web browser. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-26100 |
CVE-2023-2220 | A vulnerability was found in Dream Technology mica up to 3.0.5. It has been classified as problematic. Affected is an unknown function of the component Form Object Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-226986 is the identifier assigned to this vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-2220 |
CVE-2022-48150 | Shopware v5.5.10 was discovered to contain a cross-site scripting (XSS) vulnerability via the recovery/install/ URI. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-48150 |
CVE-2023-26494 | lorawan-stack is an open source LoRaWAN network server. Prior to version 3.24.1, an open redirect exists on the login page of the lorawan stack server, allowing an attacker to supply a user controlled redirect upon sign in. This issue may allows malicious actors to phish users, as users assume they were redirected to the homepage on login. Version 3.24.1 contains a fix.\n\n | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-26494 |
CVE-2012-10013 | A vulnerability was found in Kau-Boy Backend Localization Plugin up to 1.6.1 on WordPress. It has been rated as problematic. This issue affects some unknown processing of the file backend_localization.php. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.0 is able to address this issue. The name of the patch is 43dc96defd7944da12ff116476a6890acd7dd24b. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-227231. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2012-10013 |
CVE-2012-10014 | A vulnerability classified as problematic has been found in Kau-Boy Backend Localization Plugin 2.0 on WordPress. Affected is the function backend_localization_admin_settings/backend_localization_save_setting/backend_localization_login_form/localize_backend of the file backend_localization.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.0.1 is able to address this issue. The name of the patch is 36f457ee16dd114e510fd91a3ea9fbb3c1f87184. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227232. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2012-10014 |
CVE-2022-28354 | In the Active Threads Plugin 1.3.0 for MyBB, the activethreads.php date parameter is vulnerable to XSS when setting a time period. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-28354 |
CVE-2023-25314 | Cross Site Scripting (XSS) vulnerability in World Wide Broadcast Network AVideo before 12.4, allows attackers to gain sensitive information via the success parameter to /user. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-25314 |
CVE-2023-30177 | CraftCMS 3.7.59 is vulnerable Cross Site Scripting (XSS). An attacker can inject javascript code into Volume Name. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-30177 |
CVE-2021-26263 | Cross-site scripting (XSS) issue in Discuss app of Odoo Community 14.0 through 15.0, and Odoo Enterprise 14.0 through 15.0, allows remote attackers to inject arbitrary web script in the browser of a victim, by posting crafted contents. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-26263 |
CVE-2021-26947 | Cross-site scripting (XSS) issue Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim, via a crafted link. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-26947 |
CVE-2021-44775 | Cross-site scripting (XSS) issue in Website app of Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim, by posting crafted contents. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-44775 |
CVE-2021-45071 | Cross-site scripting (XSS) issue Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim, via crafted uploaded file names. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-45071 |
CVE-2022-40725 | PingID Desktop prior to the latest released version 1.7.4 contains a vulnerability that can be exploited to bypass the maximum PIN attempts permitted before the time-based lockout is activated. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-40725 |
CVE-2012-5873 | ARC (aka ARC2) through 2011-12-01 allows reflected XSS via the end_point.php query parameter in an output=htmltab action. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2012-5873 |
CVE-2023-30106 | Sourcecodester Medicine Tracker System in PHP 1.0.0 is vulnerable to Cross Site Scripting (XSS) via page=about. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-30106 |
CVE-2023-30111 | Medicine Tracker System in PHP 1.0.0 is vulnerable to Cross Site Scripting (XSS). | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-30111 |
CVE-2023-2294 | A vulnerability was found in UCMS 1.6.0. It has been classified as problematic. This affects an unknown part of the file saddpost.php of the component Column Configuration. The manipulation of the argument strorder leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227481 was assigned to this vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-2294 |
CVE-2023-30267 | CLTPHP <=6.0 is vulnerable to Cross Site Scripting (XSS) via application/home/controller/Changyan.php. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-30267 |
CVE-2022-25276 | The Media oEmbed iframe route does not properly validate the iframe domain setting, which allows embeds to be displayed in the context of the primary domain. Under certain circumstances, this could lead to cross-site scripting, leaked cookies, or other vulnerabilities. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-25276 |
CVE-2023-22729 | Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, an attacker can display a link to a third party website on a login screen by convincing a legitimate content author to follow a specially crafted link. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-22729 |
CVE-2023-30210 | OURPHP <= 7.2.0 is vulnerable to Cross Site Scripting (XSS) via ourphp_tz.php. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-30210 |
CVE-2023-30212 | OURPHP <= 7.2.0 is vulnerale to Cross Site Scripting (XSS) via /client/manage/ourphp_out.php. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-30212 |
CVE-2023-29836 | Cross Site Scripting vulnerability found in Exelysis Unified Communication Solutions (EUCS) v.1.0 allows a remote attacker to execute arbitrary code via the Username parameter of the eucsAdmin login form. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-29836 |
CVE-2023-29442 | Zoho ManageEngine Applications Manager through 16390 allows DOM XSS. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-29442 |
CVE-2023-25292 | Reflected Cross Site Scripting (XSS) in Intermesh BV Group-Office version 6.6.145, allows attackers to gain escalated privileges and gain sensitive information via the GO_LANGUAGE cookie. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-25292 |
CVE-2023-31285 | An XSS issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. When users upload temporary files, some specific file endings are not allowed, but it is possible to upload .html or .htm files containing an XSS payload. The resulting link can be sent to an administrator user. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-31285 |
CVE-2023-24966 | IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 246904. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-24966 |
CVE-2023-2341 | Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-2341 |
CVE-2023-28286 | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-28286 |
CVE-2023-29489 | An issue was discovered in cPanel before 11.109.9999.116. XSS can occur on the cpsrvd error page via an invalid webcall ID, aka SEC-669. The fixed versions are 11.109.9999.116, 11.108.0.13, 11.106.0.18, and 11.102.0.31. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-29489 |
CVE-2023-28475 | Concrete CMS (previously concrete5) before 9.2 is vulnerable to Reflected XSS on the Reply form because msgID was not sanitized. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-28475 |
CVE-2023-30125 | EyouCms V1.6.1-UTF8-sp1 is vulnerable to Cross Site Scripting (XSS). | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-30125 |
CVE-2023-30454 | An issue was discovered in ebankIT before 7. Document Object Model based XSS exists within the /Security/Transactions/Transactions.aspx endpoint. Users can supply their own JavaScript within the ctl100$ctl00MainContent$TransactionMainContent$accControl$hdnAccountsArray POST parameter that will be passed to an eval() function and executed upon pressing the continue button. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-30454 |
CVE-2020-21643 | Cross Site Scripting (XSS) vulnerability in HongCMS 3.0 allows attackers to run arbitrary code via the callback parameter to /ajax/myshop. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-21643 |
CVE-2020-23647 | Cross Site Scripting (XSS) vulnerability in BoxBilling 4.19, 4.19.1, 4.20, and 4.21 allows remote attackers to run arbitrary code via the message field on the submit new ticket form. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-23647 |
CVE-2023-2395 | A vulnerability classified as problematic has been found in Netgear SRX5308 up to 4.3.5-3. This affects an unknown part of the component Web Management Interface. The manipulation of the argument Login.userAgent leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227673 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-2395 |
CVE-2023-2396 | A vulnerability classified as problematic was found in Netgear SRX5308 up to 4.3.5-3. This vulnerability affects unknown code of the component Web Management Interface. The manipulation of the argument USERDBUsers.Password leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-227674 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-2396 |
CVE-2023-2421 | A vulnerability classified as problematic has been found in Control iD RHiD 23.3.19.0. Affected is an unknown function of the file /v2/#/add/department. The manipulation of the argument Name leads to cross site scripting. It is possible to launch the attack remotely. VDB-227718 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-2421 |
CVE-2023-30792 | Anchor tag hrefs in Lexical prior to v0.10.0 would render javascript\: URLs, allowing for cross-site scripting on link clicks in cases where input was being parsed from untrusted sources. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-30792 |
CVE-2015-10104 | A vulnerability, which was classified as problematic, has been found in Icons for Features Plugin 1.0.0 on WordPress. Affected by this issue is some unknown functionality of the file classes/class-icons-for-features-admin.php. The manipulation of the argument redirect_url leads to open redirect. The attack may be launched remotely. Upgrading to version 1.0.1 is able to address this issue. The name of the patch is 63124c021ae24b68e56872530df26eb4268ad633. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227756. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2015-10104 |
CVE-2023-29637 | Cross Site Scripting (XSS) vulnerability in Qbian61 forum-java, allows attackers to inject arbitrary web script or HTML via editing the article content in the "article editor" page. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-29637 |
CVE-2023-29641 | Cross Site Scripting (XSS) vulnerability in pandao editor.md thru 1.5.0 allows attackers to inject arbitrary web script or HTML via crafted markdown text. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-29641 |
CVE-2013-10026 | A vulnerability, which was classified as problematic, has been found in Mail Subscribe List Plugin up to 2.0.10 on WordPress. This issue affects some unknown processing of the file index.php. The manipulation of the argument sml_name/sml_email leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.1 is able to address this issue. The name of the patch is 484970ef8285cae51d2de3bd4e4684d33c956c28. It is recommended to upgrade the affected component. The identifier VDB-227765 was assigned to this vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2013-10026 |
CVE-2014-125100 | A vulnerability classified as problematic was found in BestWebSoft Job Board Plugin 1.0.0 on WordPress. This vulnerability affects unknown code. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.0.1 is able to address this issue. The name of the patch is dbb71deee071422ce3e663fbcdce3ad24886f940. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-227764. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2014-125100 |
CVE-2023-1546 | The MyCryptoCheckout WordPress plugin before 2.124 does not escape some URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-1546 |
CVE-2023-1804 | The Product Catalog Feed by PixelYourSite WordPress plugin before 2.1.1 does not sanitise and escape the edit parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as administrators. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-1804 |
CVE-2023-1805 | The Product Catalog Feed by PixelYourSite WordPress plugin before 2.1.1 does not sanitise and escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-1805 |
CVE-2023-2477 | A vulnerability was found in Funadmin up to 3.2.3. It has been declared as problematic. Affected by this vulnerability is the function tagLoad of the file Cx.php. The manipulation of the argument file leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227869 was assigned to this vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-2477 |
CVE-2023-23830 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ProfilePress Membership Team ProfilePress plugin <= 4.5.4 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-23830 |
CVE-2023-25961 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Catch Themes Darcie theme <= 1.1.5 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-25961 |
CVE-2023-25829 | There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.0 and 10.9.1 that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-25829 |
CVE-2023-25830 | There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1, 10.8.1 and 10.7.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-25830 |
CVE-2023-25831 | There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1, 10.8.1 and 10.7.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.\n | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-25831 |
CVE-2023-20870 | VMware Workstation and Fusion contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. | 6 | https://nvd.nist.gov/vuln/detail/CVE-2023-20870 |
CVE-2023-29104 | A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). The filename in the upload feature of the web based management of the affected device is susceptible to a path traversal vulnerability. This could allow an authenticated privileged remote attacker to overwrite any file the Linux user `ccuser` has write access to, or to download any file the Linux user `ccuser` has read-only access to. | 6 | https://nvd.nist.gov/vuln/detail/CVE-2023-29104 |
CVE-2023-28828 | A vulnerability has been identified in Polarion ALM (All versions < V22R2). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on the application server filesystem. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-28828 |
CVE-2023-25930 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.1, 11.1, and 11.5 is vulnerable to a denial of service. Under rare conditions, setting a special register may cause the Db2 server to terminate abnormally. IBM X-Force ID: 247862. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-25930 |
CVE-2023-29056 | A valid LDAP user, under specific conditions, will default to read-only permissions when authenticating into XCC. To be vulnerable, XCC must be configured to use an LDAP server for Authentication/Authorization and have the login permission attribute not defined. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-29056 |
CVE-2023-31485 | GitLab::API::v4 through 0.26 does not verify TLS certificates when connecting to a GitLab server, enabling machine-in-the-middle attacks. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-31485 |
CVE-2023-2418 | A vulnerability was found in Konga 2.8.3 on Kong. It has been classified as problematic. This affects an unknown part of the component Login API. The manipulation leads to insufficiently random values. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. The associated identifier of this vulnerability is VDB-227715. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-2418 |
CVE-2023-22372 | \nIn the pre connection stage, an improper enforcement of message integrity vulnerability exists in BIG-IP Edge Client for Windows and Mac OS. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-22372 |
CVE-2023-29105 | A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC712 (All versions < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions < V2.1). The affected device is vulnerable to a denial of service while parsing a random (non-JSON) MQTT payload. This could allow an attacker who can manipulate the communication between the MQTT broker and the affected device to cause a denial of service (DoS). | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-29105 |
CVE-2023-24900 | Windows NTLM Security Support Provider Information Disclosure Vulnerability | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-24900 |
CVE-2022-40722 | A misconfiguration of RSA padding implemented in the PingID Adapter for PingFederate to support Offline MFA with PingID mobile authenticators is vulnerable to pre-computed dictionary attacks, leading to a bypass of offline MFA. | 5.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-40722 |
CVE-2023-29680 | Cleartext Transmission in set-cookie:ecos_pw: Tenda N301 v6.0, Firmware v12.02.01.61_multi allows an authenticated attacker on the LAN or WLAN to intercept communications with the router and obtain the password. | 5.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-29680 |
CVE-2023-29681 | Cleartext Transmission in cookie:ecos_pw: in Tenda N301 v6.0, firmware v12.03.01.06_pt allows an authenticated attacker on the LAN or WLAN to intercept communications with the router and obtain the password. | 5.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-29681 |
CVE-2023-1178 | An issue has been discovered in GitLab CE/EE affecting all versions from 8.6 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. File integrity may be compromised when source code or installation packages are pulled from a tag or from a release containing a ref to another commit. | 5.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-1178 |
CVE-2023-1998 | The Linux kernel allows userspace processes to enable mitigations by calling prctl with PR_SET_SPECULATION_CTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim process exposed to attacks in some cases even after enabling the spectre-BTI mitigation with prctl. The same behavior can be observed on a bare-metal machine when forcing the mitigation to IBRS on boot command line.\n\nThis happened because when plain IBRS was enabled (not enhanced IBRS), the kernel had some logic that determined that STIBP was not needed. The IBRS bit implicitly protects against cross-thread branch target injection. However, with legacy IBRS, the IBRS bit was cleared on returning to userspace, due to performance reasons, which disabled the implicit STIBP and left userspace threads vulnerable to cross-thread branch target injection against which STIBP protects.\n\n\n | 5.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-1998 |
CVE-2020-23930 | An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function nhmldump_send_header located in write_nhml.c. It allows an attacker to cause Denial of Service. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-23930 |
CVE-2021-37231 | A stack-buffer-overflow occurs in Atomicparsley 20210124.204813.840499f through APar_readX() in src/util.cpp while parsing a crafted mp4 file because of the missing boundary check. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-37231 |
CVE-2021-32269 | An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function ilst_item_box_dump located in box_dump.c. It allows an attacker to cause Denial of Service. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-32269 |
CVE-2021-32270 | An issue was discovered in gpac through 20200801. A NULL pointer dereference exists in the function vwid_box_del located in box_code_base.c. It allows an attacker to cause Denial of Service. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-32270 |
CVE-2021-44647 | Lua v5.4.3 and above are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c which can cause a local denial of service. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-44647 |
CVE-2022-24249 | A Null Pointer Dereference vulnerability exists in GPAC 1.1.0 via the xtra_box_write function in /box_code_base.c, which causes a Denial of Service. This vulnerability was fixed in commit 71f9871. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-24249 |
CVE-2022-27145 | GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a stack-overflow vulnerability in function gf_isom_get_sample_for_movie_time of mp4box. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-27145 |
CVE-2022-27146 | GPAC mp4box 1.1.0-DEV-rev1759-geb2d1e6dd-has a heap-buffer-overflow vulnerability in function gf_isom_apple_enum_tag. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-27146 |
CVE-2022-27147 | GPAC mp4box 1.1.0-DEV-rev1727-g8be34973d-master has a use-after-free vulnerability in function gf_node_get_attribute_by_tag. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-27147 |
CVE-2022-27148 | GPAC mp4box 1.1.0-DEV-rev1663-g881c6a94a-master is vulnerable to Integer Overflow. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-27148 |
CVE-2022-1420 | Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 8.2.4774. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-1420 |
CVE-2022-1674 | NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 in GitHub repository vim/vim prior to 8.2.4938. NULL Pointer Dereference in function vim_regexec_string at regexp.c:2733 allows attackers to cause a denial of service (application crash) via a crafted input. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-1674 |
CVE-2022-1771 | Uncontrolled Recursion in GitHub repository vim/vim prior to 8.2.4975. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-1771 |
CVE-2022-2208 | NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.5163. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-2208 |
CVE-2022-2231 | NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-2231 |
CVE-2022-36191 | A heap-buffer-overflow had occurred in function gf_isom_dovi_config_get of isomedia/avc_ext.c:2490, as demonstrated by MP4Box. This vulnerability was fixed in commit fef6242. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-36191 |
CVE-2022-2874 | NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0224. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-2874 |
CVE-2022-2873 | An out-of-bounds memory access flaw was found in the Linux kernel Intel’s iSMT SMBus host controller driver in the way a user triggers the I2C_SMBUS_BLOCK_DATA (with the ioctl I2C_SMBUS) with malicious input data. This flaw allows a local user to crash the system. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-2873 |
CVE-2022-2923 | NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0240. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-2923 |
CVE-2021-3997 | A flaw was found in systemd. An uncontrolled recursion in systemd-tmpfiles may lead to a denial of service at boot time when too many nested directories are created in /tmp. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-3997 |
CVE-2022-2980 | NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0259. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-2980 |
CVE-2022-3153 | NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0404. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-3153 |
CVE-2022-36280 | An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS). | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-36280 |
CVE-2022-41218 | In drivers/media/dvb-core/dmxdev.c in the Linux kernel through 5.19.10, there is a use-after-free caused by refcount races, affecting dvb_demux_open and dvb_dmxdev_release. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-41218 |
CVE-2022-3278 | NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.0552. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-3278 |
CVE-2022-1725 | NULL Pointer Dereference in GitHub repository vim/vim prior to 8.2.4959. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-1725 |
CVE-2022-43039 | GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_isom_meta_restore_items_ref at /isomedia/meta.c. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-43039 |
CVE-2022-43043 | GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function BD_CheckSFTimeOffset at /bifs/field_decode.c. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-43043 |
CVE-2022-43044 | GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_isom_get_meta_item_info at /isomedia/meta.c. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-43044 |
CVE-2022-43045 | GPAC 2.1-DEV-rev368-gfd054169b-master was discovered to contain a segmentation violation via the function gf_dump_vrml_sffield at /scene_manager/scene_dump.c. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-43045 |
CVE-2022-43254 | GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to contain a memory leak via the component gf_list_new at utils/list.c. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-43254 |
CVE-2022-43255 | GPAC v2.1-DEV-rev368-gfd054169b-master was discovered to contain a memory leak via the component gf_odf_new_iod at odf/odf_code.c. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-43255 |
CVE-2022-3821 | An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-3821 |
CVE-2022-4129 | A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-4129 |
CVE-2022-45204 | GPAC v2.1-DEV-rev428-gcb8ae46c8-master was discovered to contain a memory leak via the function dimC_box_read at isomedia/box_code_3gpp.c. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-45204 |
CVE-2022-4293 | Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-4293 |
CVE-2021-44694 | A vulnerability has been identified in SIMATIC Drive Controller family, SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants), SIMATIC S7-1200 CPU family (incl. SIPLUS variants), SIMATIC S7-1500 CPU 1510SP F-1 PN, SIMATIC S7-1500 CPU 1510SP-1 PN, SIMATIC S7-1500 CPU 1511-1 PN, SIMATIC S7-1500 CPU 1511-1 PN, SIMATIC S7-1500 CPU 1511C-1 PN, SIMATIC S7-1500 CPU 1511C-1 PN, SIMATIC S7-1500 CPU 1511F-1 PN, SIMATIC S7-1500 CPU 1511F-1 PN, SIMATIC S7-1500 CPU 1511T-1 PN, SIMATIC S7-1500 CPU 1511TF-1 PN, SIMATIC S7-1500 CPU 1512C-1 PN, SIMATIC S7-1500 CPU 1512C-1 PN, SIMATIC S7-1500 CPU 1512SP F-1 PN, SIMATIC S7-1500 CPU 1512SP-1 PN, SIMATIC S7-1500 CPU 1513-1 PN, SIMATIC S7-1500 CPU 1513-1 PN, SIMATIC S7-1500 CPU 1513F-1 PN, SIMATIC S7-1500 CPU 1513F-1 PN, SIMATIC S7-1500 CPU 1513R-1 PN, SIMATIC S7-1500 CPU 1515-2 PN, SIMATIC S7-1500 CPU 1515-2 PN, SIMATIC S7-1500 CPU 1515F-2 PN, SIMATIC S7-1500 CPU 1515F-2 PN, SIMATIC S7-1500 CPU 1515R-2 PN, SIMATIC S7-1500 CPU 1515T-2 PN, SIMATIC S7-1500 CPU 1515TF-2 PN, SIMATIC S7-1500 CPU 1516-3 PN/DP, SIMATIC S7-1500 CPU 1516-3 PN/DP, SIMATIC S7-1500 CPU 1516F-3 PN/DP, SIMATIC S7-1500 CPU 1516F-3 PN/DP, SIMATIC S7-1500 CPU 1516T-3 PN/DP, SIMATIC S7-1500 CPU 1516TF-3 PN/DP, SIMATIC S7-1500 CPU 1517-3 PN/DP, SIMATIC S7-1500 CPU 1517F-3 PN/DP, SIMATIC S7-1500 CPU 1517H-3 PN, SIMATIC S7-1500 CPU 1517T-3 PN/DP, SIMATIC S7-1500 CPU 1517TF-3 PN/DP, SIMATIC S7-1500 CPU 1518-4 PN/DP, SIMATIC S7-1500 CPU 1518-4 PN/DP MFP, SIMATIC S7-1500 CPU 1518F-4 PN/DP, SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP, SIMATIC S7-1500 CPU 1518HF-4 PN, SIMATIC S7-1500 CPU 1518T-4 PN/DP, SIMATIC S7-1500 CPU 1518TF-4 PN/DP, SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK, SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK, SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN, SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN, SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN, SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN, SIMATIC S7-1500 Software Controller, SIMATIC S7-PLCSIM Advanced, SIPLUS ET 200SP CPU 1510SP F-1 PN, SIPLUS ET 200SP CPU 1510SP F-1 PN RAIL, SIPLUS ET 200SP CPU 1510SP-1 PN, SIPLUS ET 200SP CPU 1510SP-1 PN, SIPLUS ET 200SP CPU 1510SP-1 PN RAIL, SIPLUS ET 200SP CPU 1510SP-1 PN RAIL, SIPLUS ET 200SP CPU 1512SP F-1 PN, SIPLUS ET 200SP CPU 1512SP F-1 PN, SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL, SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL, SIPLUS ET 200SP CPU 1512SP-1 PN, SIPLUS ET 200SP CPU 1512SP-1 PN, SIPLUS ET 200SP CPU 1512SP-1 PN RAIL, SIPLUS ET 200SP CPU 1512SP-1 PN RAIL, SIPLUS S7-1500 CPU 1511-1 PN, SIPLUS S7-1500 CPU 1511-1 PN, SIPLUS S7-1500 CPU 1511-1 PN, SIPLUS S7-1500 CPU 1511-1 PN, SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL, SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL, SIPLUS S7-1500 CPU 1511-1 PN TX RAIL, SIPLUS S7-1500 CPU 1511-1 PN TX RAIL, SIPLUS S7-1500 CPU 1511F-1 PN, SIPLUS S7-1500 CPU 1511F-1 PN, SIPLUS S7-1500 CPU 1513-1 PN, SIPLUS S7-1500 CPU 1513-1 PN, SIPLUS S7-1500 CPU 1513-1 PN, SIPLUS S7-1500 CPU 1513-1 PN, SIPLUS S7-1500 CPU 1513F-1 PN, SIPLUS S7-1500 CPU 1513F-1 PN, SIPLUS S7-1500 CPU 1515F-2 PN, SIPLUS S7-1500 CPU 1515F-2 PN, SIPLUS S7-1500 CPU 1515F-2 PN RAIL, SIPLUS S7-1500 CPU 1515F-2 PN T2 RAIL, SIPLUS S7-1500 CPU 1515R-2 PN, SIPLUS S7-1500 CPU 1515R-2 PN TX RAIL, SIPLUS S7-1500 CPU 1516-3 PN/DP, SIPLUS S7-1500 CPU 1516-3 PN/DP, SIPLUS S7-1500 CPU 1516-3 PN/DP, SIPLUS S7-1500 CPU 1516-3 PN/DP, SIPLUS S7-1500 CPU 1516-3 PN/DP RAIL, SIPLUS S7-1500 CPU 1516-3 PN/DP TX RAIL, SIPLUS S7-1500 CPU 1516F-3 PN/DP, SIPLUS S7-1500 CPU 1516F-3 PN/DP, SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL, SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL, SIPLUS S7-1500 CPU 1517H-3 PN, SIPLUS S7-1500 CPU 1518-4 PN/DP, SIPLUS S7-1500 CPU 1518-4 PN/DP MFP, SIPLUS S7-1500 CPU 1518F-4 PN/DP, SIPLUS S7-1500 CPU 1518HF-4 PN, SIPLUS TIM 1531 IRC, TIM 1531 IRC. Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-44694 |
CVE-2022-46489 | GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered to contain a memory leak via the gf_isom_box_parse_ex function at box_funcs.c. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-46489 |
CVE-2022-46490 | GPAC version 2.1-DEV-rev505-gb9577e6ad-master was discovered to contain a memory leak via the afrt_box_read function at box_code_adobe.c. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-46490 |
CVE-2022-47086 | GPAC MP4Box v2.1-DEV-rev574-g9d5bb184b contains a segmentation violation via the function gf_sm_load_init_swf at scene_manager/swf_parse.c | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-47086 |
CVE-2022-47662 | GPAC MP4Box 2.1-DEV-rev649-ga8f438d20 has a segment fault (/stack overflow) due to infinite recursion in Media_GetSample isomedia/media.c:662 | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-47662 |
CVE-2023-23454 | cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-23454 |
CVE-2023-23455 | atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-23455 |
CVE-2022-47929 | In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with "tc qdisc" and "tc class" commands. This affects qdisc_graft in net/sched/sch_api.c. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-47929 |
CVE-2023-0394 | A NULL pointer dereference flaw was found in rawv6_push_pending_frames in net/ipv6/raw.c in the network subcomponent in the Linux kernel. This flaw causes the system to crash. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0394 |
CVE-2023-22998 | In the Linux kernel before 6.0.3, drivers/gpu/drm/virtio/virtgpu_object.c misinterprets the drm_gem_shmem_get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer). | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-22998 |
CVE-2023-23004 | In the Linux kernel before 5.19, drivers/gpu/drm/arm/malidp_planes.c misinterprets the get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer). | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-23004 |
CVE-2022-3707 | A double-free memory flaw was found in the Linux kernel. The Intel GVT-g graphics driver triggers VGA card system resource overload, causing a fail in the intel_gvt_dma_map_guest_page function. This issue could allow a local user to crash the system. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-3707 |
CVE-2023-1074 | A memory leak flaw was found in the Linux kernel's Stream Control Transmission Protocol. This issue may occur when a user starts a malicious networking service and someone connects to this service. This could allow a local user to starve resources, causing a denial of service. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-1074 |
CVE-2023-1076 | A flaw was found in the Linux Kernel. The tun/tap sockets have their socket UID hardcoded to 0 due to a type confusion in their initialization function. While it will be often correct, as tuntap devices require CAP_NET_ADMIN, it may not always be the case, e.g., a non-root user only having that capability. This would make tun/tap sockets being incorrectly treated in filtering/routing decisions, possibly bypassing network filters. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-1076 |
CVE-2022-46703 | A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.7.2 and iPadOS 15.7.2, macOS Ventura 13.1, iOS 16.2 and iPadOS 16.2. An app may be able to read sensitive location information | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-46703 |
CVE-2023-2162 | A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2162 |
CVE-2021-3429 | When instructing cloud-init to set a random password for a new user account, versions before 21.2 would write that password to the world-readable log file /var/log/cloud-init-output.log. This could allow a local user to log in as another user. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-3429 |
CVE-2023-28328 | A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space is not checked properly before transferring into the device. This flaw allows a local user to crash the system or potentially cause a denial of service. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28328 |
CVE-2023-29579 | yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the component yasm/yasm+0x43b466 in vsprintf. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-29579 |
CVE-2023-29582 | yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parse_expr1 at /nasm/nasm-parse.c. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-29582 |
CVE-2023-29583 | yasm 1.3.0.55.g101bc was discovered to contain a stack overflow via the function parse_expr5 at /nasm/nasm-parse.c. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-29583 |
CVE-2023-26097 | An issue was discovered in Telindus Apsal 3.14.2022.235 b. Unauthorized actions that could modify the application behaviour may not be blocked. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-26097 |
CVE-2023-30406 | Jerryscript commit 1a2c047 was discovered to contain a segmentation violation via the component ecma_find_named_property at /base/ecma-helpers.c. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-30406 |
CVE-2023-30408 | Jerryscript commit 1a2c047 was discovered to contain a segmentation violation via the component build/bin/jerry. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-30408 |
CVE-2023-30410 | Jerryscript commit 1a2c047 was discovered to contain a stack overflow via the component ecma_op_function_construct at /operations/ecma-function-object.c. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-30410 |
CVE-2023-30414 | Jerryscript commit 1a2c047 was discovered to contain a stack overflow via the component vm_loop at /jerry-core/vm/vm.c. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-30414 |
CVE-2023-30402 | YASM v1.3.0 was discovered to contain a heap overflow via the function handle_dot_label at /nasm/nasm-token.re. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-30402 |
CVE-2023-28086 | An HPE OneView appliance dump may expose proxy credential settings | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28086 |
CVE-2023-28087 | An HPE OneView appliance dump may expose OneView user accounts | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28087 |
CVE-2023-28090 | An HPE OneView appliance dump may expose SNMPv3 read credentials | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28090 |
CVE-2023-28084 | HPE OneView and HPE OneView Global Dashboard appliance dumps may expose authentication tokens | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28084 |
CVE-2023-2269 | A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2269 |
CVE-2023-26930 | Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via the PDFDoc malloc in the pdftotext.cc function. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-26930 |
CVE-2023-26931 | Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via the TextOutputDev.cc function. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-26931 |
CVE-2023-26934 | An issue found in XPDF v.4.04 allows an attacker to cause a denial of service via a crafted pdf file in the object.cc parameter. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-26934 |
CVE-2023-26935 | Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via SharedFile::readBlock at /xpdf/Stream.cc. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-26935 |
CVE-2023-26936 | Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via gmalloc in gmem.cc | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-26936 |
CVE-2023-26937 | Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via GString::resize located in goo/GString.cc | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-26937 |
CVE-2023-26938 | Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service viaSharedFile::readBlock located in goo/gfile.cc. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-26938 |
CVE-2023-30841 | Baremetal Operator (BMO) is a bare metal host provisioning integration for Kubernetes. Prior to version 0.3.0, ironic and ironic-inspector deployed within Baremetal Operator using the included `deploy.sh` store their `.htpasswd` files as ConfigMaps instead of Secrets. This causes the plain-text username and hashed password to be readable by anyone having a cluster-wide read-access to the management cluster, or access to the management cluster's Etcd storage. This issue is patched in baremetal-operator PR#1241, and is included in BMO release 0.3.0 onwards. As a workaround, users may modify the kustomizations and redeploy the BMO, or recreate the required ConfigMaps as Secrets per instructions in baremetal-operator PR#1241. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-30841 |
CVE-2022-45876 | Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.\n\n | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-45876 |
CVE-2023-1786 | Sensitive data could be exposed in logs of cloud-init before version 23.1.2. An attacker could use this information to find hashed passwords and possibly escalate their privilege. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-1786 |
CVE-2023-29950 | swfrender v0.9.2 was discovered to contain a heap buffer overflow in the function enumerateUsedIDs_fillstyle at modules/swftools.c | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-29950 |
CVE-2023-29471 | Lightbend Alpakka Kafka before 5.0.0 logs its configuration as debug information, and thus log files may contain credentials (if plain cleartext login is configured). This occurs in akka.kafka.internal.KafkaConsumerActor. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-29471 |
CVE-2023-2426 | Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2426 |
CVE-2022-33273 | Information disclosure due to buffer over-read in Trusted Execution Environment while QRKS report generation. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-33273 |
CVE-2023-31207 | Transmission of credentials within query parameters in Checkmk <= 2.1.0p26, <= 2.0.0p35, and <= 2.2.0b6 (beta) may cause the automation user's secret to be written to the site Apache access log. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-31207 |
CVE-2023-24945 | Windows iSCSI Target Service Information Disclosure Vulnerability | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24945 |
CVE-2023-28251 | Windows Driver Revocation List Security Feature Bypass Vulnerability | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28251 |
CVE-2020-26298 | Redcarpet is a Ruby library for Markdown processing. In Redcarpet before version 3.5.1, there is an injection vulnerability which can enable a cross-site scripting attack. In affected versions no HTML escaping was being performed when processing quotes. This applies even when the `:escape_html` option was being used. This is fixed in version 3.5.1 by the referenced commit. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-26298 |
CVE-2022-26497 | BigBlueButton Greenlight 2.11.1 allows XSS. A threat actor could have a username containing a JavaScript payload. The payload gets executed in the browser of the victim in the "Share room access" dialog if the victim has shared access to the particular room with the attacker previously. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-26497 |
CVE-2023-26061 | An issue was discovered in Nokia NetAct before 22 FP2211. On the Scheduled Search tab under the Alarm Reports Dashboard page, users can create a script to inject XSS. Input validation was missing during creation of a scheduled task. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as Jsession-id, a CSRF token, and an Nxsrf token would be needed. The attack can realistically only be performed by an internal user. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-26061 |
CVE-2023-26059 | An issue was discovered in Nokia NetAct before 22 SP1037. On the Site Configuration Tool tab, attackers can upload a ZIP file which, when processed, exploits Stored XSS. The upload option of the Site Configuration tool does not validate the file contents. The application is in a demilitarised zone behind a perimeter firewall and without exposure to the internet. The attack can only be performed by an internal user. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-26059 |
CVE-2023-0276 | The Weaver Xtreme Theme Support WordPress plugin before 6.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-0276 |
CVE-2023-0418 | The Video Central for WordPress plugin through 1.3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-0418 |
CVE-2023-0424 | The MS-Reviews WordPress plugin through 1.5 does not sanitise and escape reviews, which could allow users any authenticated users, such as Subscribers to perform Stored Cross-Site Scripting attacks | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-0424 |
CVE-2023-30627 | jellyfin-web is the web client for Jellyfin, a free-software media system. Starting in version 10.1.0 and prior to version 10.8.10, a stored cross-site scripting vulnerability in device.js can be used to make arbitrary calls to the `REST` endpoints with admin privileges. When combined with CVE-2023-30626, this results in remote code execution on the Jellyfin instance in the context of the user who's running it. This issue is patched in version 10.8.10. There are no known workarounds. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-30627 |
CVE-2023-22665 | There is insufficient checking of user queries in Apache Jena versions 4.7.0 and earlier, when invoking custom scripts. It allows a remote user to execute arbitrary javascript via a SPARQL query. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-22665 |
CVE-2023-30417 | A cross-site scripting (XSS) vulnerability in Pear-Admin-Boot up to v2.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title of a private message. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-30417 |
CVE-2023-31223 | Dradis before 4.8.0 allows persistent XSS by authenticated author users, related to avatars. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-31223 |
CVE-2022-25274 | Drupal 9.3 implemented a generic entity access API for entity revisions. However, this API was not completely integrated with existing permissions, resulting in some possible access bypass for users who have access to use revisions of content generally, but who do not have access to individual items of node and media content. This vulnerability only affects sites using Drupal's revision system. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-25274 |
CVE-2022-27979 | A cross-site scripting (XSS) vulnerability in ToolJet v1.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment Body component. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-27979 |
CVE-2023-2322 | Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-2322 |
CVE-2023-2323 | Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-2323 |
CVE-2023-2327 | Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-2327 |
CVE-2023-2328 | Cross-site Scripting (XSS) - Generic in GitHub repository pimcore/pimcore prior to 10.5.21. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-2328 |
CVE-2023-2339 | Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-2339 |
CVE-2023-2340 | Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-2340 |
CVE-2023-2342 | Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.5.21. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-2342 |
CVE-2023-2343 | Cross-site Scripting (XSS) - DOM in GitHub repository pimcore/pimcore prior to 10.5.21. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-2343 |
CVE-2023-30338 | Multiple stored cross-site scripting (XSS) vulnerabilities in Emlog Pro v2.0.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Article Title or Article Summary parameters. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-30338 |
CVE-2023-2349 | A vulnerability classified as problematic has been found in SourceCodester Service Provider Management System 1.0. Affected is an unknown function of the file /admin/index.php. The manipulation of the argument page leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227592. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-2349 |
CVE-2023-2350 | A vulnerability classified as problematic was found in SourceCodester Service Provider Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Users.php. The manipulation of the argument id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227593 was assigned to this vulnerability. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-2350 |
CVE-2023-2361 | Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.5.21. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-2361 |
CVE-2023-2364 | A vulnerability, which was classified as problematic, was found in SourceCodester Resort Reservation System 1.0. Affected is an unknown function of the file registration.php. The manipulation of the argument fullname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227640. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-2364 |
CVE-2023-28471 | Concrete CMS (previously concrete5) before 9.2 is vulnerable to Stored XSS via a container name. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-28471 |
CVE-2023-28474 | Concrete CMS (previously concrete5) before 9.2 is vulnerable to Stored XSS on Saved Presets on search. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-28474 |
CVE-2023-28476 | Concrete CMS (previously concrete5) before 9.2 is vulnerable to Stored XSS on Tags on uploaded files. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-28476 |
CVE-2023-28477 | Concrete CMS (previously concrete5) before 9.2 is vulnerable to stored XSS on API Integrations via the name parameter. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-28477 |
CVE-2023-28819 | Concrete CMS (previously concrete5) before 9.1 is vulnerable to Stored XSS in uploaded file and folder names. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-28819 |
CVE-2023-28820 | Concrete CMS (previously concrete5) before 9.1 is vulnerable to stored XSS in RSS Displayer via the href attribute because the link element input was not sanitized. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-28820 |
CVE-2023-30123 | wuzhicms v4.1.0 is vulnerable to Cross Site Scripting (XSS) in the Member Center, Account Settings. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-30123 |
CVE-2023-27864 | IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 249327. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-27864 |
CVE-2023-30405 | A cross-site scripting (XSS) vulnerability in Aigital Wireless-N Repeater Mini_Router v0.131229 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the wl_ssid parameter at /boafrm/formHomeWlanSetup. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-30405 |
CVE-2022-43871 | IBM Financial Transaction Manager for SWIFT Services 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 239707. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-43871 |
CVE-2023-2428 | Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-2428 |
CVE-2022-45801 | Apache StreamPark 1.0.0 to 2.0.0 have a LDAP injection vulnerability.\nLDAP Injection is an attack used to exploit web based applications\nthat construct LDAP statements based on user input. When an\napplication fails to properly sanitize user input, it's possible to\nmodify LDAP statements through techniques similar to SQL Injection.\nLDAP injection attacks could result in the granting of permissions to\nunauthorized queries, and content modification inside the LDAP tree.\nThis risk may only occur when the user logs in with ldap, and the user\nname and password login will not be affected, Users of the affected\nversions should upgrade to Apache StreamPark 2.0.0 or later.\n\n\n\n\n\n\n | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-45801 |
CVE-2023-29636 | Cross site scripting (XSS) vulnerability in ZHENFENG13 My-Blog, allows attackers to inject arbitrary web script or HTML via the "title" field in the "blog management" page due to the the default configuration not using MyBlogUtils.cleanString. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-29636 |
CVE-2023-29639 | Cross site scripting (XSS) vulnerability in ZHENFENG13 My-Blog, allows attackers to inject arbitrary web script or HTML via editing an article in the "blog article" page due to the default configuration not utilizing MyBlogUtils.cleanString. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-29639 |
CVE-2023-29643 | Cross Site Scripting (XSS) vulnerability in PerfreeBlog 3.1.2 allows attackers to execute arbitrary code via the Post function. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-29643 |
CVE-2023-0891 | The StagTools WordPress plugin before 2.3.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-0891 |
CVE-2023-1861 | The Limit Login Attempts WordPress plugin through 1.7.2 does not sanitize and escape usernames when outputting them back in the logs dashboard, which could allow any authenticated users, such as subscriber to perform Stored Cross-Site Scripting attacks | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-1861 |
CVE-2023-2000 | Mattermost Desktop App fails to validate a mattermost server redirection and navigates to an arbitrary website\n | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-2000 |
CVE-2023-2475 | A vulnerability was found in Dromara J2eeFAST up to 2.6.0 and classified as problematic. This issue affects some unknown processing of the component System Message Handler. The manipulation of the argument ?? leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 7a9e1a00e3329fdc0ae05f7a8257cce77037134d. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-227867. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-2475 |
CVE-2023-2476 | A vulnerability was found in Dromara J2eeFAST up to 2.6.0. It has been classified as problematic. Affected is an unknown function of the component Announcement Handler. The manipulation of the argument ????/???? leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 7a9e1a00e3329fdc0ae05f7a8257cce77037134d. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-227868. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-2476 |
CVE-2023-29918 | RosarioSIS 10.8.4 is vulnerable to CSV injection via the Periods Module. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-29918 |
CVE-2022-47877 | A Stored cross-site scripting vulnerability in Jedox 2020.2.5 allows remote, authenticated users to inject arbitrary web script or HTML in the Logs page via the log module 'log'. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-47877 |
CVE-2023-29839 | A Stored Cross Site Scripting (XSS) vulnerability exists in multiple pages of Hotel Druid version 3.0.4, which allows arbitrary execution of commands. The vulnerable fields are Surname, Name, and Nickname in the Document function. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-29839 |
CVE-2023-22713 | Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in WordPress Download Manager Gutenberg Blocks by WordPress Download Manager plugin <= 2.1.8 versions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-22713 |
CVE-2023-25798 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Olevmedia Olevmedia Shortcodes plugin <= 1.1.9 versions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-25798 |
CVE-2023-23708 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Themeisle Visualizer: Tables and Charts Manager for WordPress plugin <= 3.9.4 versions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-23708 |
CVE-2023-23820 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ProfilePress Membership Team ProfilePress plugin <= 4.5.4 versions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-23820 |
CVE-2023-23874 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Metaphor Creations Ditty plugin <= 3.0.32 versions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-23874 |
CVE-2023-23876 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in TMS-Plugins wpDataTables plugin <= 2.1.49 versions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-23876 |
CVE-2023-29240 | \nAn authenticated attacker granted a Viewer or Auditor role on a BIG-IQ can upload arbitrary files using an undisclosed iControl REST endpoint. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-29240 |
CVE-2023-0155 | An issue has been discovered in GitLab CE/EE affecting all versions before 15.8.5, 15.9.4, 15.10.1. Open redirects was possible due to framing arbitrary content on any page allowing user controlled markdown | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-0155 |
CVE-2023-1836 | A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. When viewing an XML file in a repository in "raw" mode, it can be made to render as HTML if viewed under specific circumstances | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-1836 |
CVE-2023-27075 | A cross-site scripting vulnerability (XSS) in the component microbin/src/pasta.rs of Microbin v1.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-27075 |
CVE-2022-45818 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WP OnlineSupport, Essential Plugin Hero Banner Ultimate plugin <= 1.3.4 versions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-45818 |
CVE-2023-25982 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Eirudo Simple YouTube Responsive plugin <= 2.5 versions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-25982 |
CVE-2017-9947 | A vulnerability has been identified in Siemens APOGEE PXC and TALON TC BACnet Automation Controllers in all versions <V3.5. A directory traversal vulnerability could allow a remote attacker with network access to the integrated web server (80/tcp and 443/tcp) to obtain information on the structure of the file system of the affected devices. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2017-9947 |
CVE-2022-45044 | A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.50), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions < V9.50), SIPROTEC 5 6MD86 (CP200) (All versions), SIPROTEC 5 6MD86 (CP300) (All versions < V9.50), SIPROTEC 5 6MD89 (CP300) (All versions), SIPROTEC 5 6MU85 (CP300) (All versions < V9.50), SIPROTEC 5 7KE85 (CP200) (All versions), SIPROTEC 5 7KE85 (CP300) (All versions), SIPROTEC 5 7SA82 (CP100) (All versions), SIPROTEC 5 7SA82 (CP150) (All versions < V9.50), SIPROTEC 5 7SA84 (CP200) (All versions), SIPROTEC 5 7SA86 (CP200) (All versions), SIPROTEC 5 7SA86 (CP300) (All versions < V9.50), SIPROTEC 5 7SA87 (CP200) (All versions), SIPROTEC 5 7SA87 (CP300) (All versions < V9.50), SIPROTEC 5 7SD82 (CP100) (All versions), SIPROTEC 5 7SD82 (CP150) (All versions < V9.50), SIPROTEC 5 7SD84 (CP200) (All versions), SIPROTEC 5 7SD86 (CP200) (All versions), SIPROTEC 5 7SD86 (CP300) (All versions < V9.50), SIPROTEC 5 7SD87 (CP200) (All versions), SIPROTEC 5 7SD87 (CP300) (All versions < V9.50), SIPROTEC 5 7SJ81 (CP100) (All versions), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.50), SIPROTEC 5 7SJ82 (CP100) (All versions), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.50), SIPROTEC 5 7SJ85 (CP200) (All versions), SIPROTEC 5 7SJ85 (CP300) (All versions < V9.50), SIPROTEC 5 7SJ86 (CP200) (All versions), SIPROTEC 5 7SJ86 (CP300) (All versions < V9.50), SIPROTEC 5 7SK82 (CP100) (All versions), SIPROTEC 5 7SK82 (CP150) (All versions < V9.50), SIPROTEC 5 7SK85 (CP200) (All versions), SIPROTEC 5 7SK85 (CP300) (All versions < V9.50), SIPROTEC 5 7SL82 (CP100) (All versions), SIPROTEC 5 7SL82 (CP150) (All versions < V9.50), SIPROTEC 5 7SL86 (CP200) (All versions), SIPROTEC 5 7SL86 (CP300) (All versions < V9.50), SIPROTEC 5 7SL87 (CP200) (All versions), SIPROTEC 5 7SL87 (CP300) (All versions < V9.50), SIPROTEC 5 7SS85 (CP200) (All versions), SIPROTEC 5 7SS85 (CP300) (All versions < V9.50), SIPROTEC 5 7ST85 (CP200) (All versions), SIPROTEC 5 7ST85 (CP300) (All versions), SIPROTEC 5 7ST86 (CP300) (All versions), SIPROTEC 5 7SX82 (CP150) (All versions < V9.50), SIPROTEC 5 7SX85 (CP300) (All versions < V9.50), SIPROTEC 5 7UM85 (CP300) (All versions < V9.50), SIPROTEC 5 7UT82 (CP100) (All versions), SIPROTEC 5 7UT82 (CP150) (All versions < V9.50), SIPROTEC 5 7UT85 (CP200) (All versions), SIPROTEC 5 7UT85 (CP300) (All versions < V9.50), SIPROTEC 5 7UT86 (CP200) (All versions), SIPROTEC 5 7UT86 (CP300) (All versions < V9.50), SIPROTEC 5 7UT87 (CP200) (All versions), SIPROTEC 5 7UT87 (CP300) (All versions < V9.50), SIPROTEC 5 7VE85 (CP300) (All versions < V9.50), SIPROTEC 5 7VK87 (CP200) (All versions), SIPROTEC 5 7VK87 (CP300) (All versions < V9.50), SIPROTEC 5 7VU85 (CP300) (All versions < V9.50), SIPROTEC 5 Communication Module ETH-BA-2EL (All versions < V9.50 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BA-2EL (All versions installed on CP100 and CP200 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (All versions < V9.50 installed on CP150 and CP300 devices), SIPROTEC 5 Communication Module ETH-BB-2FO (All versions installed on CP100 and CP200 devices), SIPROTEC 5 Communication Module ETH-BD-2FO (All versions < V9.50), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V9.50). Affected devices do not properly restrict secure client-initiated renegotiations within the SSL and TLS protocols. This could allow an attacker to create a denial of service condition on the ports 443/tcp and 4443/tcp for the duration of the attack. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-45044 |
CVE-2022-29609 | An issue was discovered in ONOS 2.5.1. An intent with the same source and destination shows the INSTALLING state, indicating that its flow rules are installing. Improper handling of such an intent is misleading to a network operator. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-29609 |
CVE-2022-29944 | An issue was discovered in ONOS 2.5.1. There is an incorrect comparison of paths installed by intents. An existing intents does not redirect to a new path, even if a new intent that shares the path with higher priority is installed. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-29944 |
CVE-2023-2226 | Due to insufficient validation in the PE and OLE parsers in Rapid7's Velociraptor versions earlier than 0.6.8 allows attacker to crash Velociraptor during parsing of maliciously malformed files. \n\nFor this attack to succeed, the attacker needs to be able to introduce malicious files to the system at the same time that Velociraptor attempts to collect any artifacts that attempt to parse PE files, Authenticode signatures, or OLE files. After crashing, the Velociraptor service will restart and it will still be possible to collect other artifacts.\n\n | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-2226 |
CVE-2023-29479 | Ribose RNP before 0.16.3 may hang when the input is malformed. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-29479 |
CVE-2022-40482 | The authentication method in Laravel 8.x through 9.x before 9.32.0 was discovered to be vulnerable to user enumeration via timeless timing attacks with HTTP/2 multiplexing. This is caused by the early return inside the hasValidCredentials method in the Illuminate\\Auth\\SessionGuard class when a user is found to not exist. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-40482 |
CVE-2023-31286 | An issue was discovered in Serenity Serene (and StartSharp) before 6.7.0. When a password reset request occurs, the server response leaks the existence of users. If one tries to reset a password of a non-existent user, an error message indicates that this user does not exist. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-31286 |
CVE-2023-27860 | IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 could disclose sensitive information in an error message. This information could be used in further attacks against the system. IBM X-Force ID: 249207. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-27860 |
CVE-2022-25091 | Infopop Ultimate Bulletin Board up to v5.47a was discovered to allow all messages posted inside private forums to be disclosed by unauthenticated users via the quote reply feature. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-25091 |
CVE-2020-4729 | IBM Counter Fraud Management for Safer Payments 5.7.0.00 through 5.7.0.10, 6.0.0.00 through 6.0.0.07, 6.1.0.00 through 6.1.0.05, and 6.2.0.00 through 6.2.1.00 could allow an authenticated attacker under special circumstances to send multiple specially crafted API requests that could cause the application to crash. IBM X-Force ID: 188052. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-4729 |
CVE-2023-28472 | Concrete CMS (previously concrete5) before 9.2 does not have Secure and HTTP only attributes set for ccmPoll cookies. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-28472 |
CVE-2023-28821 | Concrete CMS (previously concrete5) before 9.1 did not have a rate limit for password resets. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-28821 |
CVE-2023-22503 | Affected versions of Atlassian Confluence Server and Data Center allow anonymous remote attackers to view the names of attachments and labels in a private Confluence space. This occurs via an Information Disclosure vulnerability in the macro preview feature.\r\n\r\nThis vulnerability was reported by Rojan Rijal of the Tinder Security Engineering team.\r\n\r\nThe affected versions are before version 7.13.15, from version 7.14.0 before 7.19.7, and from version 7.20.0 before 8.2.0. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-22503 |
CVE-2023-27108 | An issue was discovered in KaiOS 3.0. The pre-installed Communications application exposes a Web Activity that returns the user's call log without origin or permission checks. An attacker can inject a JavaScript payload that runs in a browser or app without user interaction or consent. This allows an attacker to send the user's call logs to a remote server via XMLHttpRequest or Fetch. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-27108 |
CVE-2023-2247 | In affected versions of Octopus Deploy it is possible to unmask variable secrets using the variable preview function | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-2247 |
CVE-2023-24594 | \nWhen an SSL profile is configured on a Virtual Server, undisclosed traffic can cause an increase in CPU or SSL accelerator resource utilization. \n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-24594 |
CVE-2023-29106 | A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). The export endpoint is accessible via REST API without authentication. This could allow an unauthenticated remote attacker to download the files available via the endpoint. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-29106 |
CVE-2023-29107 | A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). The export endpoint discloses some undocumented files. This could allow an unauthenticated remote attacker to gain access to additional information resources. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-29107 |
CVE-2023-28290 | Microsoft Remote Desktop app for Windows Information Disclosure Vulnerability | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-28290 |
CVE-2023-29772 | A Cross-site scripting (XSS) vulnerability in the System Log/General Log page of the administrator web UI in ASUS RT-AC51U wireless router firmware version up to and including 3.0.0.4.380.8591 allows remote attackers to inject arbitrary web script or HTML via a malicious network request. | 5.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-29772 |
CVE-2023-29338 | Visual Studio Code Information Disclosure Vulnerability | 5 | https://nvd.nist.gov/vuln/detail/CVE-2023-29338 |
CVE-2021-44693 | A vulnerability has been identified in SIMATIC Drive Controller family, SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants), SIMATIC S7-1200 CPU family (incl. SIPLUS variants), SIMATIC S7-1500 CPU 1510SP F-1 PN, SIMATIC S7-1500 CPU 1510SP-1 PN, SIMATIC S7-1500 CPU 1511-1 PN, SIMATIC S7-1500 CPU 1511-1 PN, SIMATIC S7-1500 CPU 1511C-1 PN, SIMATIC S7-1500 CPU 1511C-1 PN, SIMATIC S7-1500 CPU 1511F-1 PN, SIMATIC S7-1500 CPU 1511F-1 PN, SIMATIC S7-1500 CPU 1511T-1 PN, SIMATIC S7-1500 CPU 1511TF-1 PN, SIMATIC S7-1500 CPU 1512C-1 PN, SIMATIC S7-1500 CPU 1512C-1 PN, SIMATIC S7-1500 CPU 1512SP F-1 PN, SIMATIC S7-1500 CPU 1512SP-1 PN, SIMATIC S7-1500 CPU 1513-1 PN, SIMATIC S7-1500 CPU 1513-1 PN, SIMATIC S7-1500 CPU 1513F-1 PN, SIMATIC S7-1500 CPU 1513F-1 PN, SIMATIC S7-1500 CPU 1513R-1 PN, SIMATIC S7-1500 CPU 1515-2 PN, SIMATIC S7-1500 CPU 1515-2 PN, SIMATIC S7-1500 CPU 1515F-2 PN, SIMATIC S7-1500 CPU 1515F-2 PN, SIMATIC S7-1500 CPU 1515R-2 PN, SIMATIC S7-1500 CPU 1515T-2 PN, SIMATIC S7-1500 CPU 1515TF-2 PN, SIMATIC S7-1500 CPU 1516-3 PN/DP, SIMATIC S7-1500 CPU 1516-3 PN/DP, SIMATIC S7-1500 CPU 1516F-3 PN/DP, SIMATIC S7-1500 CPU 1516F-3 PN/DP, SIMATIC S7-1500 CPU 1516T-3 PN/DP, SIMATIC S7-1500 CPU 1516TF-3 PN/DP, SIMATIC S7-1500 CPU 1517-3 PN/DP, SIMATIC S7-1500 CPU 1517F-3 PN/DP, SIMATIC S7-1500 CPU 1517H-3 PN, SIMATIC S7-1500 CPU 1517T-3 PN/DP, SIMATIC S7-1500 CPU 1517TF-3 PN/DP, SIMATIC S7-1500 CPU 1518-4 PN/DP, SIMATIC S7-1500 CPU 1518-4 PN/DP MFP, SIMATIC S7-1500 CPU 1518F-4 PN/DP, SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP, SIMATIC S7-1500 CPU 1518HF-4 PN, SIMATIC S7-1500 CPU 1518T-4 PN/DP, SIMATIC S7-1500 CPU 1518TF-4 PN/DP, SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK, SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK, SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN, SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN, SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN, SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN, SIMATIC S7-1500 Software Controller, SIMATIC S7-PLCSIM Advanced, SIPLUS ET 200SP CPU 1510SP F-1 PN, SIPLUS ET 200SP CPU 1510SP F-1 PN RAIL, SIPLUS ET 200SP CPU 1510SP-1 PN, SIPLUS ET 200SP CPU 1510SP-1 PN, SIPLUS ET 200SP CPU 1510SP-1 PN RAIL, SIPLUS ET 200SP CPU 1510SP-1 PN RAIL, SIPLUS ET 200SP CPU 1512SP F-1 PN, SIPLUS ET 200SP CPU 1512SP F-1 PN, SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL, SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL, SIPLUS ET 200SP CPU 1512SP-1 PN, SIPLUS ET 200SP CPU 1512SP-1 PN, SIPLUS ET 200SP CPU 1512SP-1 PN RAIL, SIPLUS ET 200SP CPU 1512SP-1 PN RAIL, SIPLUS S7-1500 CPU 1511-1 PN, SIPLUS S7-1500 CPU 1511-1 PN, SIPLUS S7-1500 CPU 1511-1 PN, SIPLUS S7-1500 CPU 1511-1 PN, SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL, SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL, SIPLUS S7-1500 CPU 1511-1 PN TX RAIL, SIPLUS S7-1500 CPU 1511-1 PN TX RAIL, SIPLUS S7-1500 CPU 1511F-1 PN, SIPLUS S7-1500 CPU 1511F-1 PN, SIPLUS S7-1500 CPU 1513-1 PN, SIPLUS S7-1500 CPU 1513-1 PN, SIPLUS S7-1500 CPU 1513-1 PN, SIPLUS S7-1500 CPU 1513-1 PN, SIPLUS S7-1500 CPU 1513F-1 PN, SIPLUS S7-1500 CPU 1513F-1 PN, SIPLUS S7-1500 CPU 1515F-2 PN, SIPLUS S7-1500 CPU 1515F-2 PN, SIPLUS S7-1500 CPU 1515F-2 PN RAIL, SIPLUS S7-1500 CPU 1515F-2 PN T2 RAIL, SIPLUS S7-1500 CPU 1515R-2 PN, SIPLUS S7-1500 CPU 1515R-2 PN TX RAIL, SIPLUS S7-1500 CPU 1516-3 PN/DP, SIPLUS S7-1500 CPU 1516-3 PN/DP, SIPLUS S7-1500 CPU 1516-3 PN/DP, SIPLUS S7-1500 CPU 1516-3 PN/DP, SIPLUS S7-1500 CPU 1516-3 PN/DP RAIL, SIPLUS S7-1500 CPU 1516-3 PN/DP TX RAIL, SIPLUS S7-1500 CPU 1516F-3 PN/DP, SIPLUS S7-1500 CPU 1516F-3 PN/DP, SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL, SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL, SIPLUS S7-1500 CPU 1517H-3 PN, SIPLUS S7-1500 CPU 1518-4 PN/DP, SIPLUS S7-1500 CPU 1518-4 PN/DP MFP, SIPLUS S7-1500 CPU 1518F-4 PN/DP, SIPLUS S7-1500 CPU 1518HF-4 PN, SIPLUS TIM 1531 IRC, TIM 1531 IRC. Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device. | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2021-44693 |
CVE-2021-44695 | A vulnerability has been identified in SIMATIC Drive Controller family, SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants), SIMATIC S7-1200 CPU family (incl. SIPLUS variants), SIMATIC S7-1500 CPU 1510SP F-1 PN, SIMATIC S7-1500 CPU 1510SP-1 PN, SIMATIC S7-1500 CPU 1511-1 PN, SIMATIC S7-1500 CPU 1511-1 PN, SIMATIC S7-1500 CPU 1511C-1 PN, SIMATIC S7-1500 CPU 1511C-1 PN, SIMATIC S7-1500 CPU 1511F-1 PN, SIMATIC S7-1500 CPU 1511F-1 PN, SIMATIC S7-1500 CPU 1511T-1 PN, SIMATIC S7-1500 CPU 1511TF-1 PN, SIMATIC S7-1500 CPU 1512C-1 PN, SIMATIC S7-1500 CPU 1512C-1 PN, SIMATIC S7-1500 CPU 1512SP F-1 PN, SIMATIC S7-1500 CPU 1512SP-1 PN, SIMATIC S7-1500 CPU 1513-1 PN, SIMATIC S7-1500 CPU 1513-1 PN, SIMATIC S7-1500 CPU 1513F-1 PN, SIMATIC S7-1500 CPU 1513F-1 PN, SIMATIC S7-1500 CPU 1513R-1 PN, SIMATIC S7-1500 CPU 1515-2 PN, SIMATIC S7-1500 CPU 1515-2 PN, SIMATIC S7-1500 CPU 1515F-2 PN, SIMATIC S7-1500 CPU 1515F-2 PN, SIMATIC S7-1500 CPU 1515R-2 PN, SIMATIC S7-1500 CPU 1515T-2 PN, SIMATIC S7-1500 CPU 1515TF-2 PN, SIMATIC S7-1500 CPU 1516-3 PN/DP, SIMATIC S7-1500 CPU 1516-3 PN/DP, SIMATIC S7-1500 CPU 1516F-3 PN/DP, SIMATIC S7-1500 CPU 1516F-3 PN/DP, SIMATIC S7-1500 CPU 1516T-3 PN/DP, SIMATIC S7-1500 CPU 1516TF-3 PN/DP, SIMATIC S7-1500 CPU 1517-3 PN/DP, SIMATIC S7-1500 CPU 1517F-3 PN/DP, SIMATIC S7-1500 CPU 1517H-3 PN, SIMATIC S7-1500 CPU 1517T-3 PN/DP, SIMATIC S7-1500 CPU 1517TF-3 PN/DP, SIMATIC S7-1500 CPU 1518-4 PN/DP, SIMATIC S7-1500 CPU 1518-4 PN/DP MFP, SIMATIC S7-1500 CPU 1518F-4 PN/DP, SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP, SIMATIC S7-1500 CPU 1518HF-4 PN, SIMATIC S7-1500 CPU 1518T-4 PN/DP, SIMATIC S7-1500 CPU 1518TF-4 PN/DP, SIMATIC S7-1500 CPU S7-1518-4 PN/DP ODK, SIMATIC S7-1500 CPU S7-1518F-4 PN/DP ODK, SIMATIC S7-1500 ET 200pro: CPU 1513PRO F-2 PN, SIMATIC S7-1500 ET 200pro: CPU 1513PRO-2 PN, SIMATIC S7-1500 ET 200pro: CPU 1516PRO F-2 PN, SIMATIC S7-1500 ET 200pro: CPU 1516PRO-2 PN, SIMATIC S7-1500 Software Controller, SIMATIC S7-PLCSIM Advanced, SIPLUS ET 200SP CPU 1510SP F-1 PN, SIPLUS ET 200SP CPU 1510SP F-1 PN RAIL, SIPLUS ET 200SP CPU 1510SP-1 PN, SIPLUS ET 200SP CPU 1510SP-1 PN, SIPLUS ET 200SP CPU 1510SP-1 PN RAIL, SIPLUS ET 200SP CPU 1510SP-1 PN RAIL, SIPLUS ET 200SP CPU 1512SP F-1 PN, SIPLUS ET 200SP CPU 1512SP F-1 PN, SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL, SIPLUS ET 200SP CPU 1512SP F-1 PN RAIL, SIPLUS ET 200SP CPU 1512SP-1 PN, SIPLUS ET 200SP CPU 1512SP-1 PN, SIPLUS ET 200SP CPU 1512SP-1 PN RAIL, SIPLUS ET 200SP CPU 1512SP-1 PN RAIL, SIPLUS S7-1500 CPU 1511-1 PN, SIPLUS S7-1500 CPU 1511-1 PN, SIPLUS S7-1500 CPU 1511-1 PN, SIPLUS S7-1500 CPU 1511-1 PN, SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL, SIPLUS S7-1500 CPU 1511-1 PN T1 RAIL, SIPLUS S7-1500 CPU 1511-1 PN TX RAIL, SIPLUS S7-1500 CPU 1511-1 PN TX RAIL, SIPLUS S7-1500 CPU 1511F-1 PN, SIPLUS S7-1500 CPU 1511F-1 PN, SIPLUS S7-1500 CPU 1513-1 PN, SIPLUS S7-1500 CPU 1513-1 PN, SIPLUS S7-1500 CPU 1513-1 PN, SIPLUS S7-1500 CPU 1513-1 PN, SIPLUS S7-1500 CPU 1513F-1 PN, SIPLUS S7-1500 CPU 1513F-1 PN, SIPLUS S7-1500 CPU 1515F-2 PN, SIPLUS S7-1500 CPU 1515F-2 PN, SIPLUS S7-1500 CPU 1515F-2 PN RAIL, SIPLUS S7-1500 CPU 1515F-2 PN T2 RAIL, SIPLUS S7-1500 CPU 1515R-2 PN, SIPLUS S7-1500 CPU 1515R-2 PN TX RAIL, SIPLUS S7-1500 CPU 1516-3 PN/DP, SIPLUS S7-1500 CPU 1516-3 PN/DP, SIPLUS S7-1500 CPU 1516-3 PN/DP, SIPLUS S7-1500 CPU 1516-3 PN/DP, SIPLUS S7-1500 CPU 1516-3 PN/DP RAIL, SIPLUS S7-1500 CPU 1516-3 PN/DP TX RAIL, SIPLUS S7-1500 CPU 1516F-3 PN/DP, SIPLUS S7-1500 CPU 1516F-3 PN/DP, SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL, SIPLUS S7-1500 CPU 1516F-3 PN/DP RAIL, SIPLUS S7-1500 CPU 1517H-3 PN, SIPLUS S7-1500 CPU 1518-4 PN/DP, SIPLUS S7-1500 CPU 1518-4 PN/DP MFP, SIPLUS S7-1500 CPU 1518F-4 PN/DP, SIPLUS S7-1500 CPU 1518HF-4 PN, SIPLUS TIM 1531 IRC, TIM 1531 IRC. Affected devices don't process correctly certain special crafted packets sent to port 102/tcp, which could allow an attacker to cause a denial of service in the device. | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2021-44695 |
CVE-2023-22948 | An issue was discovered in TigerGraph Enterprise Free Edition 3.x. There is unsecured read access to an SSH private key. Any code that runs as the tigergraph user is able to read the SSH private key. With this, an attacker is granted password-less SSH access to all machines in the TigerGraph cluster. | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-22948 |
CVE-2023-29905 | H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the UpdateSnat interface at /goform/aspForm. | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-29905 |
CVE-2023-29906 | H3C Magic R200 version R200V100R004 was discovered to contain a stack overflow via the Edit_BasicSSID interface at /goform/aspForm. | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-29906 |
CVE-2023-29443 | Zoho ManageEngine ServiceDesk Plus through 14104 allows admin users to conduct an XXE attack. | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-29443 |
CVE-2023-22901 | ChangingTec MOTP system has a path traversal vulnerability. A remote attacker with administrator’s privilege can exploit this vulnerability to access arbitrary system files. | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-22901 |
CVE-2023-30852 | Pimcore is an open source data and experience management platform. Prior to version 10.5.21, the `/admin/misc/script-proxy` API endpoint that is accessible by an authenticated administrator user is vulnerable to arbitrary JavaScript and CSS file read via the `scriptPath` and `scripts` parameters. The `scriptPath` parameter is not sanitized properly and is vulnerable to path traversal attack. Any JavaScript/CSS file from the application server can be read by specifying sufficient number of `../` patterns to go out from the application webroot followed by path of the folder where the file is located in the "scriptPath" parameter and the file name in the "scripts" parameter. The JavaScript file is successfully read only if the web application has read access to it. Users should update to version 10.5.21 to receive a patch or, as a workaround, apply the patch manual. | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-30852 |
CVE-2023-25495 | A valid, authenticated administrative user can query a web interface API to reveal the configured LDAP client password used by XCC to authenticate to an external LDAP server in certain configurations. There is no exposure where no LDAP client password is configured | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-25495 |
CVE-2023-22924 | A buffer overflow vulnerability in the Zyxel NBG-418N v2 firmware versions prior to V1.00(AARP.14)C0 could allow a remote authenticated attacker with administrator privileges to cause denial-of-service (DoS) conditions by executing crafted CLI commands on a vulnerable device. | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-22924 |
CVE-2023-2445 | Improper access control in Subscriptions Folder path filter in Devolutions Server 2023.1.1 and earlier allows attackers with administrator privileges to retrieve usage information on folders in user vaults via a specific folder name. | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-2445 |
CVE-2023-27990 | The XSS vulnerability in Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow an authenticated attacker with administrator privileges to store malicious scripts in a vulnerable device. A successful XSS attack could then result in the stored malicious scripts being executed when the user visits the Logs page of the GUI on the device. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27990 |
CVE-2023-0420 | The Custom Post Type and Taxonomy GUI Manager WordPress plugin through 1.1 does not have CSRF, and is lacking sanitising as well as escaping in some parameters, allowing attackers to make a logged in admin put Stored Cross-Site Scripting payloads via CSRF | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0420 |
CVE-2023-2293 | A vulnerability was found in SourceCodester Purchase Order Management System 1.0. It has been classified as problematic. This affects an unknown part of the file classes/Master.php?f=save_item. The manipulation of the argument description with the input --redacted-- leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227463 | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2293 |
CVE-2023-2372 | A vulnerability, which was classified as problematic, has been found in SourceCodester Online DJ Management System 1.0. Affected by this issue is some unknown functionality of the file classes/Master.php?f=save_event. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227648. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2372 |
CVE-2023-2381 | A vulnerability has been found in Netgear SRX5308 up to 4.3.5-3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file scgi-bin/platform.cgi?page=bandwidth_profile.htm of the component Web Management Interface. The manipulation of the argument BandWidthProfile.ProfileName leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227659. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2381 |
CVE-2023-2382 | A vulnerability was found in Netgear SRX5308 up to 4.3.5-3 and classified as problematic. Affected by this issue is some unknown functionality of the file scgi-bin/platform.cgi?page=firewall_logs_email.htm of the component Web Management Interface. The manipulation of the argument sysLogInfo.serverName leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227660. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2382 |
CVE-2023-2383 | A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been classified as problematic. This affects an unknown part of the file scgi-bin/platform.cgi?page=firewall_logs_email.htm of the component Web Management Interface. The manipulation of the argument smtpServer.fromAddr leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227661 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2383 |
CVE-2023-2384 | A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been declared as problematic. This vulnerability affects unknown code of the file scgi-bin/platform.cgi?page=dmz_setup.htm of the component Web Management Interface. The manipulation of the argument dhcp.SecDnsIPByte2 leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-227662 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2384 |
CVE-2023-2385 | A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been rated as problematic. This issue affects some unknown processing of the file scgi-bin/platform.cgi?page=ike_policies.htm of the component Web Management Interface. The manipulation of the argument IpsecIKEPolicy.IKEPolicyName leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227663. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2385 |
CVE-2023-2386 | A vulnerability classified as problematic has been found in Netgear SRX5308 up to 4.3.5-3. Affected is an unknown function of the file scgi-bin/platform.cgi?page=firewall_logs_email.htm of the component Web Management Interface. The manipulation of the argument smtpServer.toAddr leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227664. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2386 |
CVE-2023-2387 | A vulnerability classified as problematic was found in Netgear SRX5308 up to 4.3.5-3. Affected by this vulnerability is an unknown functionality of the file scgi-bin/platform.cgi?page=dmz_setup.htm of the component Web Management Interface. The manipulation of the argument winsServer1 leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227665 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2387 |
CVE-2023-2388 | A vulnerability, which was classified as problematic, has been found in Netgear SRX5308 up to 4.3.5-3. Affected by this issue is some unknown functionality of the file scgi-bin/platform.cgi?page=firewall_logs_email.htm of the component Web Management Interface. The manipulation of the argument smtpServer.fromAddr leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-227666 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2388 |
CVE-2023-2389 | A vulnerability, which was classified as problematic, was found in Netgear SRX5308 up to 4.3.5-3. This affects an unknown part of the file scgi-bin/platform.cgi?page=firewall_logs_email.htm of the component Web Management Interface. The manipulation of the argument smtpServer.emailServer leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227667. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2389 |
CVE-2023-2390 | A vulnerability has been found in Netgear SRX5308 up to 4.3.5-3 and classified as problematic. This vulnerability affects unknown code of the file scgi-bin/platform.cgi?page=time_zone.htm of the component Web Management Interface. The manipulation of the argument ntp.server1 leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227668. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2390 |
CVE-2023-2391 | A vulnerability was found in Netgear SRX5308 up to 4.3.5-3 and classified as problematic. This issue affects some unknown processing of the file scgi-bin/platform.cgi?page=time_zone.htm of the component Web Management Interface. The manipulation of the argument ntp.server2 leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227669 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2391 |
CVE-2023-2392 | A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been classified as problematic. Affected is an unknown function of the file scgi-bin/platform.cgi?page=time_zone.htm of the component Web Management Interface. The manipulation of the argument ManualDate.minutes leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-227670 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2392 |
CVE-2023-2393 | A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file scgi-bin/platform.cgi?page=dmz_setup.htm of the component Web Management Interface. The manipulation of the argument ConfigPort.LogicalIfName leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227671. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2393 |
CVE-2023-2394 | A vulnerability was found in Netgear SRX5308 up to 4.3.5-3. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Web Management Interface. The manipulation of the argument wanName leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227672. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2394 |
CVE-2023-2397 | A vulnerability, which was classified as problematic, has been found in SourceCodester Simple Mobile Comparison Website 1.0. This issue affects some unknown processing of the file classes/Master.php?f=save_field. The manipulation of the argument Field Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227675. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2397 |
CVE-2023-2425 | A vulnerability was found in SourceCodester Simple Student Information System 1.0. It has been classified as problematic. This affects an unknown part of the file /classes/Master.php?f=save_course of the component Add New Course. The manipulation of the argument name with the input --redacted-- leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227751 | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2425 |
CVE-2018-25085 | A vulnerability classified as problematic was found in Responsive Menus 7.x-1.x-dev on Drupal. Affected by this vulnerability is the function responsive_menus_admin_form_submit of the file responsive_menus.module of the component Configuration Setting Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 7.x-1.7 is able to address this issue. The name of the patch is 3c554b31d32a367188f44d44857b061eac949fb8. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-227755. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-25085 |
CVE-2023-1021 | The amr ical events lists WordPress plugin through 6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1021 |
CVE-2023-1090 | The SMTP Mailing Queue WordPress plugin before 2.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1090 |
CVE-2023-1525 | The Site Reviews WordPress plugin before 6.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1525 |
CVE-2023-1554 | The Quick Paypal Payments WordPress plugin before 5.7.26.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1554 |
CVE-2023-1614 | The WP Custom Author URL WordPress plugin before 1.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1614 |
CVE-2023-23723 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Winwar Media WP Email Capture plugin <= 3.9.3 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23723 |
CVE-2023-25783 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex Moss FireCask Like & Share Button plugin <= 1.1.5 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25783 |
CVE-2023-25784 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Bon Plan Gratos Sticky Ad Bar plugin <= 1.3.1 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25784 |
CVE-2023-25786 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Thom Stark Eyes Only: User Access Shortcode plugin <= 1.8.2 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25786 |
CVE-2023-25787 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Wbolt team WP?????? plugin <= 1.3.9 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25787 |
CVE-2023-25789 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tapfiliate plugin <= 3.0.12 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25789 |
CVE-2023-25792 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in XiaoMac WP Open Social plugin <= 5.0 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25792 |
CVE-2023-25797 | Auth. Stored Cross-Site Scripting (XSS) vulnerability in Mr.Vibe vSlider Multi Image Slider for WordPress plugin <= 4.1.2 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25797 |
CVE-2023-25796 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Include WP BaiDu Submit plugin <= 1.2.1 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25796 |
CVE-2023-22683 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Themis Solutions, Inc. Clio Grow plugin <= 1.0.0 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22683 |
CVE-2023-25979 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Video Gallery by Total-Soft Video Gallery plugin <= 1.7.6 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25979 |
CVE-2022-46852 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP Table Builder plugin <= 1.4.6 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-46852 |
CVE-2023-23785 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in DgCult Exquisite PayPal Donation plugin <= v2.0.0 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23785 |
CVE-2023-23808 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Sergey Panasenko Sponsors Carousel plugin <= 4.02 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23808 |
CVE-2023-23809 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Moris Dov Stock market charts from finviz plugin <= 1.0.1 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23809 |
CVE-2023-23875 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Himanshu Bing Site Verification plugin using Meta Tag plugin <= 1.0 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23875 |
CVE-2023-23881 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GreenTreeLabs Circles Gallery plugin <= 1.0.10 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23881 |
CVE-2023-26017 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in BlueGlass Jobs for WordPress plugin <= 2.5.10.2 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-26017 |
CVE-2023-25458 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GMO Internet Group, Inc. TypeSquare Webfonts for ConoHa plugin <= 2.0.3 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25458 |
CVE-2023-25977 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in 9seeds.Com CPT – Speakers plugin <= 1.1 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25977 |
CVE-2023-26545 | In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device. | 4.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-26545 |
CVE-2023-1990 | A use-after-free flaw was found in ndlc_remove in drivers/nfc/st-nci/ndlc.c in the Linux Kernel. This flaw could allow an attacker to crash the system due to a race problem. | 4.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-1990 |
CVE-2023-30609 | matrix-react-sdk is a react-based SDK for inserting a Matrix chat/VoIP client into a web page. Prior to version 3.71.0, plain text messages containing HTML tags are rendered as HTML in the search results. To exploit this, an attacker needs to trick a user into searching for a specific message containing an HTML injection payload. No cross-site scripting attack is possible due to the hardcoded content security policy. Version 3.71.0 of the SDK patches over the issue. As a workaround, restarting the client will clear the HTML injection. | 4.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-30609 |
CVE-2023-0458 | A speculative pointer dereference problem exists in the Linux Kernel on the do_prlimit() function. The resource argument value is controlled and is used in pointer arithmetic for the 'rlim' variable and can be used to leak the contents. We recommend upgrading past version 6.1.8 or commit 739790605705ddcf18f21782b9c99ad7d53a8c11 | 4.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-0458 |
CVE-2023-29354 | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | 4.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-29354 |
CVE-2023-25012 | The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long. | 4.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-25012 |
CVE-2023-25834 | Changes to user permissions in Portal for ArcGIS 10.9.1 and below are incompletely applied in specific use cases. This issue may allow users to access content that they are no longer privileged to access. | 4.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-25834 |
CVE-2023-1265 | An issue has been discovered in GitLab affecting all versions starting from 11.9 before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. The condition allows for a privileged attacker, under certain conditions, to obtain session tokens from all users of a GitLab instance. | 4.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-1265 |
CVE-2023-2019 | A flaw was found in the Linux kernel's netdevsim device driver, within the scheduling of events. This issue results from the improper management of a reference count. This may allow an attacker to create a denial of service condition on the system. | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-2019 |
CVE-2022-3447 | Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 106.0.5249.119 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High) | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-3447 |
CVE-2022-4182 | Inappropriate implementation in Fenced Frames in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass fenced frame restrictions via a crafted HTML page. (Chromium security severity: Medium) | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-4182 |
CVE-2022-4183 | Insufficient policy enforcement in Popup Blocker in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-4183 |
CVE-2022-4184 | Insufficient policy enforcement in Autofill in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass autofill restrictions via a crafted HTML page. (Chromium security severity: Medium) | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-4184 |
CVE-2022-4185 | Inappropriate implementation in Navigation in Google Chrome on iOS prior to 108.0.5359.71 allowed a remote attacker to spoof the contents of the modal dialogue via a crafted HTML page. (Chromium security severity: Medium) | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-4185 |
CVE-2022-4186 | Insufficient validation of untrusted input in Downloads in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass Downloads restrictions via a crafted HTML page. (Chromium security severity: Medium) | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-4186 |
CVE-2022-4188 | Insufficient validation of untrusted input in CORS in Google Chrome on Android prior to 108.0.5359.71 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-4188 |
CVE-2022-4189 | Insufficient policy enforcement in DevTools in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restrictions via a crafted Chrome Extension. (Chromium security severity: Medium) | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-4189 |
CVE-2022-4195 | Insufficient policy enforcement in Safe Browsing in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to bypass Safe Browsing warnings via a malicious file. (Chromium security severity: Medium) | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-4195 |
CVE-2022-44688 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-44688 |
CVE-2022-46877 | By confusing the browser, the fullscreen notification could have been delayed or suppressed, resulting in potential user confusion or spoofing attacks. This vulnerability affects Firefox < 108. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-46877 |
CVE-2023-0141 | Insufficient policy enforcement in CORS in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-0141 |
CVE-2023-28458 | pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non-default feature). Organizers can trigger the overwriting (with the standard pretalx 404 page content) of an arbitrary file. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-28458 |
CVE-2023-30544 | Kiwi TCMS is an open source test management system. In versions of Kiwi TCMS prior to 12.2, users were able to update their email addresses via the `My profile` admin page. This page allowed them to change the email address registered with their account without the ownership verification performed during account registration. Operators of Kiwi TCMS should upgrade to v12.2 or later to receive a patch. No known workarounds exist. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-30544 |
CVE-2023-1414 | The WP VR WordPress plugin before 8.3.0 does not have authorisation and CSRF checks in various AJAX actions, one in particular could allow any authenticated users, such as subscriber to update arbitrary tours | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-1414 |
CVE-2023-2281 | When archiving a team, Mattermost fails to sanitize the related Websocket event sent to currently connected clients. This allows the clients to see the name, display name, description, and other data about the archived team.\n\n\n | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-2281 |
CVE-2021-44465 | Improper access control in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier allows authenticated attackers to subscribe to receive future notifications and comments related to arbitrary business records in the system, via crafted RPC requests. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-44465 |
CVE-2023-22728 | Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, the GridField print view incorrectly validates the permission of DataObjects potentially allowing a content author to view records they are not authorised to access. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-22728 |
CVE-2023-29334 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-29334 |
CVE-2023-1911 | The Blocksy Companion WordPress plugin before 1.8.82 does not ensure that posts to be accessed via a shortcode are already public and can be viewed, allowing any authenticated users, such as subscriber to access draft posts for example | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-1911 |
CVE-2023-2474 | A vulnerability has been found in Rebuild 3.2 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. VDB-227866 is the identifier assigned to this vulnerability. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-2474 |
CVE-2023-2462 | Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to obfuscate main origin data via a crafted HTML page. (Chromium security severity: Medium) | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-2462 |
CVE-2023-2463 | Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-2463 |
CVE-2023-2464 | Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to perform an origin spoof in the security UI via a crafted HTML page. (Chromium security severity: Medium) | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-2464 |
CVE-2023-2465 | Inappropriate implementation in CORS in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-2465 |
CVE-2023-2466 | Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: Low) | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-2466 |
CVE-2023-2467 | Inappropriate implementation in Prompts in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to bypass permissions restrictions via a crafted HTML page. (Chromium security severity: Low) | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-2467 |
CVE-2023-2468 | Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who had compromised the renderer process to obfuscate the security UI via a crafted HTML page. (Chromium security severity: Low) | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-2468 |
CVE-2023-28406 | A directory traversal vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which may allow an authenticated attacker to read files with .xml extension. Access to restricted information is limited and the attacker does not control what information is obtained. \n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-28406 |
CVE-2023-1204 | An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. A user could use an unverified email as a public email and commit email by sending a specifically crafted request on user update settings. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-1204 |
CVE-2023-2069 | An issue has been discovered in GitLab affecting all versions starting from 10.0 before 12.9.8, all versions starting from 12.10 before 12.10.7, all versions starting from 13.0 before 13.0.1. A user with the role of developer could use the import project feature to leak CI/CD variables. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-2069 |
CVE-2022-4376 | An issue has been discovered in GitLab affecting all versions before 15.9.6, all versions starting from 15.10 before 15.10.5, all versions starting from 15.11 before 15.11.1. Under certain conditions, an attacker may be able to map a private email of a GitLab user to their GitLab account on an instance. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-4376 |
CVE-2023-29103 | A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC712 (All versions < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions < V2.1). The affected device uses a hard-coded password to protect the diagnostic files. This could allow an authenticated attacker to access protected data. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-29103 |
CVE-2023-23920 | An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges. | 4.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-23920 |
CVE-2020-2978 | Vulnerability in the Oracle Database - Enterprise Edition component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1, 18c and 19c. Easily exploitable vulnerability allows high privileged attacker having DBA role account privilege with network access via Oracle Net to compromise Oracle Database - Enterprise Edition. While the vulnerability is in Oracle Database - Enterprise Edition, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database - Enterprise Edition accessible data. CVSS 3.1 Base Score 4.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N). | 4.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-2978 |
CVE-2023-29128 | A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1), SIMATIC Cloud Connect 7 CC716 (All versions >= V2.0 < V2.1). The filename in the upload feature of the web based management of the affected device is susceptible to a path traversal vulnerability. This could allow an authenticated privileged remote attacker to write any file with the extension `.db`. | 3.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29128 |
CVE-2023-30857 | @aedart/support is the support package for Ion, a monorepo for JavaScript/TypeScript packages. Prior to version `0.6.1`, there is a possible prototype pollution issue for the `MetadataRecord`, when merged with a base class' metadata object, in `meta` decorator from the `@aedart/support` package. The likelihood of exploitation is questionable, given that a class's metadata can only be set or altered when the class is decorated via `meta()`. Furthermore, object(s) of sensitive nature would have to be stored as metadata, before this can lead to a security impact. The issue has been patched in version `0.6.1`.\n | 3.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-30857 |
CVE-2023-1513 | A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-1513 |
CVE-2023-30618 | Kitchen-Terraform provides a set of Test Kitchen plugins which enable the use of Test Kitchen to converge a Terraform configuration and verify the resulting infrastructure systems with InSpec controls. Kitchen-Terraform v7.0.0 introduced a regression which caused all Terraform output values, including sensitive values, to be printed at the `info` logging level during the `kitchen converge` action. Prior to v7.0.0, the output values were printed at the `debug` level to avoid writing sensitive values to the terminal by default. An attacker would need access to the local machine in order to gain access to these logs during an operation. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-30618 |
CVE-2022-23721 | PingID integration for Windows login prior to 2.9 does not handle duplicate usernames, which can lead to a username collision when two people with the same username are provisioned onto the same machine at different times. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-23721 |
CVE-2023-27408 | A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). The `i2c` mutex file is created with the permissions bits of `-rw-rw-rw-`. This file is used as a mutex for multiple applications interacting with i2c. This could allow an authenticated attacker with access to the SSH interface on the affected device to interfere with the integrity of the mutex and the data it protects. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-27408 |
CVE-2023-30985 | A vulnerability has been identified in Solid Edge SE2023 (All versions < VX.223.0 Update 3), Solid Edge SE2023 (All versions < VX.223.0 Update 2). Affected applications contain an out of bounds read past the end of an allocated buffer while parsing a specially crafted OBJ file. This vulnerability could allow an attacker to disclose sensitive information. (ZDI-CAN-19426) | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-30985 |
CVE-2023-29333 | Microsoft Access Denial of Service Vulnerability | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-29333 |
CVE-2023-27410 | A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). A heap-based buffer overflow vulnerability was found in the `edgebox_web_app` binary. The binary will crash if supplied with a backup password longer than 255 characters. This could allow an authenticated privileged attacker to cause a denial of service. | 2.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-27410 |
CVE-2023-2197 | HashiCorp Vault Enterprise 1.13.0 up to 1.13.1 is vulnerable to a padding oracle attack when using an HSM in conjunction with the CKM_AES_CBC_PAD or CKM_AES_CBC encryption mechanisms. An attacker with privileges to modify storage and restart Vault may be able to intercept or modify cipher text in order to derive Vault’s root key. Fixed in 1.13.2 | 2.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2197 |
CVE-2023-27409 | A vulnerability has been identified in SCALANCE LPE9403 (All versions < V2.1). A path traversal vulnerability was found in the `deviceinfo` binary via the `mac` parameter. This could allow an authenticated attacker with access to the SSH interface on the affected device to read the contents of any file named `address`. | 2.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-27409 |
CVE-2023-25815 | In Git for Windows, the Windows port of Git, no localized messages are shipped with the installer. As a consequence, Git is expected not to localize messages at all, and skips the gettext initialization. However, due to a change in MINGW-packages, the `gettext()` function's implicit initialization no longer uses the runtime prefix but uses the hard-coded path `C:\\mingw64\\share\\locale` to look for localized messages. And since any authenticated user has the permission to create folders in `C:\\` (and since `C:\\mingw64` does not typically exist), it is possible for low-privilege users to place fake messages in that location where `git.exe` will pick them up in version 2.40.1.\n\nThis vulnerability is relatively hard to exploit and requires social engineering. For example, a legitimate message at the end of a clone could be maliciously modified to ask the user to direct their web browser to a malicious website, and the user might think that the message comes from Git and is legitimate. It does require local write access by the attacker, though, which makes this attack vector less likely. Version 2.40.1 contains a patch for this issue. Some workarounds are available. Do not work on a Windows machine with shared accounts, or alternatively create a `C:\\mingw64` folder and leave it empty. Users who have administrative rights may remove the permission to create folders in `C:\\`. | 2.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-25815 |
CVE-2007-2586 | The FTP Server in Cisco IOS 11.3 through 12.4 does not properly check user authorization, which allows remote attackers to execute arbitrary code, and have other impact including reading startup-config, as demonstrated by a crafted MKD command that involves access to a VTY device and overflows a buffer, aka bug ID CSCek55259. | – | https://nvd.nist.gov/vuln/detail/CVE-2007-2586 |
CVE-2014-5461 | Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attackers to cause a denial of service (crash) via a small number of arguments to a function with a large number of fixed arguments. | – | https://nvd.nist.gov/vuln/detail/CVE-2014-5461 |
CVE-2015-5122 | Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that leverages improper handling of the opaqueBackground property, as exploited in the wild in July 2015. | – | https://nvd.nist.gov/vuln/detail/CVE-2015-5122 |
CVE-2023-29867 | Zammad 5.3.x (Fixed 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker could gain information about linked accounts of users involved in their tickets using the Zammad API. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29867 |
CVE-2023-29868 | Zammad 5.3.x (Fixed in 5.4.0) is vulnerable to Incorrect Access Control. An authenticated attacker with agent and customer roles could perform unauthorized changes on articles where they only have customer permissions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29868 |
CVE-2023-30861 | Flask is a lightweight WSGI web application framework. When all of the following conditions are met, a response containing data intended for one client may be cached and subsequently sent by the proxy to other clients. If the proxy also caches `Set-Cookie` headers, it may send one client's `session` cookie to other clients. The severity depends on the application's use of the session and the proxy's behavior regarding cookies. The risk depends on all these conditions being met.\n\n1. The application must be hosted behind a caching proxy that does not strip cookies or ignore responses with cookies.\n2. The application sets `session.permanent = True`\n3. The application does not access or modify the session at any point during a request.\n4. `SESSION_REFRESH_EACH_REQUEST` enabled (the default).\n5. The application does not set a `Cache-Control` header to indicate that a page is private or should not be cached.\n\nThis happens because vulnerable versions of Flask only set the `Vary: Cookie` header when the session is accessed or modified, not when it is refreshed (re-sent to update the expiration) without being accessed or modified. This issue has been fixed in versions 2.3.2 and 2.2.5. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30861 |
CVE-2022-47874 | Improper Access Control in /tc/rpc in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to view details of database connections via class 'com.jedox.etl.mngr.Connections' and method 'getGlobalConnection'. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-47874 |
CVE-2022-47875 | A Directory Traversal vulnerability in /be/erpc.php in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to execute arbitrary code. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-47875 |
CVE-2022-47876 | The integrator in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to create Jobs to execute arbitrary code via Groovy-scripts. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-47876 |
CVE-2022-47878 | Incorrect input validation for the default-storage-path in the settings page in Jedox 2020.2.5 allows remote, authenticated users to specify the location as Webroot directory. Consecutive file uploads can lead to the execution of arbitrary code. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-47878 |
CVE-2023-26089 | European Chemicals Agency IUCLID 6.x before 6.27.6 allows authentication bypass because a weak hard-coded secret is used for JWT signing. The affected versions are 5.15.0 through 6.27.5. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26089 |
CVE-2023-26546 | European Chemicals Agency IUCLID before 6.27.6 allows remote authenticated users to execute arbitrary code via Server Side Template Injection (SSTI) with a crafted template file. The attacker must have template manager permission. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26546 |
CVE-2023-30403 | An issue in the time-based authentication mechanism of Aigital Aigital Wireless-N Repeater Mini_Router v0.131229 allows attackers to bypass login by connecting to the web app after a successful attempt by a legitimate user. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30403 |
CVE-2023-30943 | The vulnerability was found Moodle which exists because the application allows a user to control path of the older to create in TinyMCE loaders. A remote user can send a specially crafted HTTP request and create arbitrary folders on the system. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30943 |
CVE-2023-30944 | The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in external Wiki method for listing pages. A remote attacker can send a specially crafted request to the affected application and execute limited SQL commands within the application database. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30944 |
CVE-2023-31434 | The parameters nutzer_titel, nutzer_vn, and nutzer_nn in the user profile, and langID and ONLINEID in direct links, in evasys before 8.2 Build 2286 and 9.x before 9.0 Build 2401 do not validate input, which allows authenticated attackers to inject HTML Code and XSS payloads in multiple locations. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31434 |
CVE-2023-31435 | Multiple components (such as Onlinetemplate-Verwaltung, Liste aller Teilbereiche, Umfragen anzeigen, and questionnaire previews) in evasys before 8.2 Build 2286 and 9.x before 9.0 Build 2401 allow authenticated attackers to read and write to unauthorized data by accessing functions directly. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31435 |
CVE-2022-30759 | In Nokia One-NDS (aka Network Directory Server) through 20.9, some Sudo permissions can be exploited by some users to escalate to root privileges and execute arbitrary commands. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-30759 |
CVE-2023-26268 | Design documents with matching document IDs, from databases on the same cluster, may share a mutable Javascript environment when using these design document functions:\n * validate_doc_update\n\n * list\n\n * filter\n\n * filter views (using view functions as filters)\n\n * rewrite\n\n * update\n\n\n\nThis doesn't affect map/reduce or search (Dreyfus) index functions.\n\nUsers are recommended to upgrade to a version that is no longer affected by this issue (Apache CouchDB 3.3.2 or 3.2.3).\n\nWorkaround: Avoid using design documents from untrusted sources which may attempt to cache or store data in the Javascript environment.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26268 |
CVE-2023-27892 | Insufficient length checks in the ShapeShift KeepKey hardware wallet firmware before 7.7.0 allow a global buffer overflow via crafted messages. Flaws in cf_confirmExecTx() in ethereum_contracts.c can be used to reveal arbitrary microcontroller memory on the device screen or crash the device. With physical access to a PIN-unlocked device, attackers can extract the BIP39 mnemonic secret from the hardware wallet. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27892 |
CVE-2022-40302 | An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may cause a denial of service (assertion failure and daemon restart, or out-of-bounds read). This is possible because of inconsistent boundary checks that do not account for reading 3 bytes (instead of 2) in this 0xff case. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-40302 |
CVE-2022-40318 | An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may cause a denial of service (assertion failure and daemon restart, or out-of-bounds read). This is possible because of inconsistent boundary checks that do not account for reading 3 bytes (instead of 2) in this 0xff case. NOTE: this behavior occurs in bgp_open_option_parse in the bgp_open.c file, a different location (with a different attack vector) relative to CVE-2022-40302. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-40318 |
CVE-2022-43681 | An out-of-bounds read exists in the BGP daemon of FRRouting FRR through 8.4. When sending a malformed BGP OPEN message that ends with the option length octet (or the option length word, in case of an extended OPEN message), the FRR code reads of out of the bounds of the packet, throwing a SIGABRT signal and exiting. This results in a bgpd daemon restart, causing a Denial-of-Service condition. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-43681 |
CVE-2023-1383 | An Improper Enforcement of Behavioral Workflow vulnerability in the exchangeDeviceServices function on the amzn.dmgr service allowed an attacker to register services that are only locally accessible.\n\nThis issue affects:\n\nAmazon Fire TV Stick 3rd gen versions prior to 6.2.9.5. \nInsignia TV with FireOS versions prior to 7.6.3.3. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1383 |
CVE-2023-1384 | The setMediaSource function on the amzn.thin.pl service does not sanitize the "source" parameter allowing for arbitrary javascript code to be run\n\nThis issue affects:\n\nAmazon Fire TV Stick 3rd gen versions prior to 6.2.9.5.\nInsignia TV with FireOS versions prior to 7.6.3.3. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1384 |
CVE-2023-1385 | Improper JPAKE implementation allows offline PIN brute-forcing due to the initialization of random values to a known value, which leads to unauthorized authentication to amzn.lightning services.\n\nThis issue affects:\n\nAmazon Fire TV Stick 3rd gen versions prior to 6.2.9.5.\nInsignia TV with FireOS 7.6.3.3. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1385 |
CVE-2023-25826 | \nDue to insufficient validation of parameters passed to the legacy HTTP query API, it is possible to inject crafted OS commands into multiple parameters and execute malicious code on the OpenTSDB host system. This exploit exists due to an incomplete fix that was made when this vulnerability was previously disclosed as CVE-2020-35476. Regex validation that was implemented to restrict allowed input to the query API does not work as intended, allowing crafted commands to bypass validation.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25826 |
CVE-2023-25827 | \nDue to insufficient validation of parameters reflected in error messages by the legacy HTTP query API and the logging endpoint, it is possible to inject and execute malicious JavaScript within the browser of a targeted OpenTSDB user. This issue shares the same root cause as CVE-2018-13003, a reflected XSS vulnerability with the suggestion endpoint.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25827 |
CVE-2017-11197 | In CyberArk Viewfinity 5.5.10.95 and 6.x before 6.1.1.220, a low privilege user can escalate to an administrative user via a bug within the "add printer" option. | – | https://nvd.nist.gov/vuln/detail/CVE-2017-11197 |
CVE-2020-22429 | redox-os v0.1.0 was discovered to contain a use-after-free bug via the gethostbyaddr() function at /src/header/netdb/mod.rs. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-22429 |
CVE-2022-39161 | IBM WebSphere Application Server 7.0, 8.0, 8.5, 9.0, and IBM WebSphere Application Server Liberty, when configured to communicate with the Web Server Plug-ins for IBM WebSphere Application Server, could allow an authenticated user to conduct spoofing attacks. A man-in-the-middle attacker could exploit this vulnerability using a certificate issued by a trusted authority to obtain sensitive information. IBM X-Force ID: 235069. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-39161 |
CVE-2023-24744 | Cross Site Scripting (XSS) vulnerability in Rediker Software AdminPlus 6.1.91.00 allows remote attackers to run arbitrary code via the onload function within the application DOM. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24744 |
CVE-2023-30300 | An issue in the component hang.wasm of WebAssembly 1.0 causes an infinite loop. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30300 |
CVE-2023-30205 | A stored cross-site scripting (XSS) vulnerability in DouPHP v1.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the unique_id parameter in /admin/article.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30205 |
CVE-2022-43950 | A URL redirection to untrusted site ('Open Redirect') vulnerability [CWE-601] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.1 and below, 9.2 all versions, 9.1 all versions, \r\n 8.8 all versions, 8.7 all versions may allow an unauthenticated attacker to redirect users to any arbitrary website via a crafted URL. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-43950 |
CVE-2022-45858 | A use of a weak cryptographic algorithm vulnerability [CWE-327] in FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.0 all versions, 8.8.0 all versions, 8.7.0 all versions may increase the chances of an attacker to have access to sensitive information or to perform man-in-the-middle attacks. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-45858 |
CVE-2022-45859 | An insufficiently protected credentials vulnerability [CWE-522] in FortiNAC-F 7.2.0, FortiNAC 9.4.1 and below, 9.2.6 and below, 9.1.8 and below, 8.8.0 all versions, 8.7.0 all versions may allow a local attacker with system access to retrieve users' passwords. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-45859 |
CVE-2022-45860 | A weak authentication vulnerability [CWE-1390] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions in device registration page may allow an unauthenticated attacker to perform password spraying attacks with an increased chance of success. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-45860 |
CVE-2023-22640 | A out-of-bounds write in Fortinet FortiOS version 7.2.0 through 7.2.3, FortiOS version 7.0.0 through 7.0.10, FortiOS version 6.4.0 through 6.4.11, FortiOS version 6.2.0 through 6.2.13, FortiOS all versions 6.0, FortiProxy version 7.2.0 through 7.2.1, FortiProxy version 7.0.0 through 7.0.7, FortiProxy all versions 2.0, FortiProxy all versions 1.2, FortiProxy all versions 1.1, FortiProxy all versions 1.0 allows an authenticated attacker to execute unauthorized code or commands via specifically crafted requests. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22640 |
CVE-2023-26203 | A use of hard-coded credentials vulnerability [CWE-798] in FortiNAC-F version 7.2.0, FortiNAC version 9.4.2 and below, 9.2 all versions, 9.1 all versions, 8.8 all versions, 8.7 all versions may allow an authenticated attacker to access to the database via shell commands. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26203 |
CVE-2023-27993 | A relative path traversal [CWE-23] in Fortinet FortiADC version 7.2.0 and before 7.1.1 allows a privileged attacker to delete arbitrary directories from the underlying file system via crafted CLI commands. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27993 |
CVE-2022-47757 | In imo.im 2022.11.1051, a path traversal vulnerability delivered via an unsanitized deeplink can force the application to write a file into the application's data directory. This may allow an attacker to save a shared library under a special directory which the app uses to dynamically load modules. Loading the library can lead to arbitrary code execution. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-47757 |
CVE-2023-25438 | An issue was discovered in Genomedics MilleGP5 5.9.2, allows remote attackers to execute arbitrary code and gain escalated privileges via modifying specific files. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25438 |
CVE-2023-27568 | SQL injection vulnerability inSpryker Commerce OS 0.9 that allows for access to sensitive data via customer/order?orderSearchForm[searchText]= | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27568 |
CVE-2023-31099 | Zoho ManageEngine OPManager through 126323 allows an authenticated user to achieve remote code execution via probe servers. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31099 |
CVE-2023-29842 | ChurchCRM 4.5.4 endpoint /EditEventTypes.php is vulnerable to Blind SQL Injection (Time-based) via the EN_tyid POST parameter. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29842 |
CVE-2023-30077 | Judging Management System v1.0 by oretnom23 was discovered to vulnerable to SQL injection via /php-jms/review_result.php?mainevent_id=, mainevent_id. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30077 |
CVE-2023-30331 | An issue in the render function of beetl v3.15.0 allows attackers to execute server-side template injection (SSTI) via a crafted payload. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30331 |
CVE-2023-25934 | \nDELL ECS prior to 3.8.0.2 contains an improper verification of cryptographic signature vulnerability. A network attacker with an ability to intercept the request could potentially exploit this vulnerability to modify the body data of the request.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25934 |
CVE-2023-22651 | Improper Privilege Management vulnerability in SUSE Rancher allows Privilege Escalation. A failure in the update logic of Rancher's admission Webhook may lead to\n the misconfiguration of the Webhook. This component enforces validation\n rules and security checks before resources are admitted into the \nKubernetes cluster.\nThe issue only affects users that upgrade from 2.6.x or 2.7.x to 2.7.2. Users that did a fresh install of 2.7.2 (and did not follow an upgrade path) are not affected.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22651 |
CVE-2022-4259 | Due to improper input validation in the Alerts controller, a SQL injection vulnerability in Nozomi Networks Guardian and CMC allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-4259 |
CVE-2023-25962 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Biplob Adhikari Accordion – Multiple Accordion or FAQs Builder plugin <= 2.3.0 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25962 |
CVE-2023-26016 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Tauhidul Alam Simple Portfolio Gallery plugin <= 0.1 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26016 |
CVE-2023-23470 | IBM i 7.2, 7.3, 7.4, and 7.5 could allow an authenticated privileged administrator to gain elevated privileges in non-default configurations, as a result of improper SQL processing. By using a specially crafted SQL operation, the administrator could exploit the vulnerability to perform additional administrator operations. IBM X-Force ID: 244510. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23470 |
CVE-2023-24958 | A vulnerability in the IBM TS7700 Management Interface 8.51.2.12, 8.52.200.111, 8.52.102.13, and 8.53.0.63 could allow an authenticated user to submit a specially crafted URL leading to privilege escalation and remote code execution. IBM X-Force ID: 246320. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24958 |
CVE-2023-26010 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPMobile.App plugin <= 11.18 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26010 |
CVE-2023-26012 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Denzel Chia | Phire Design Custom Login Page plugin <= 2.0 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26012 |
CVE-2023-29827 | ejs v3.1.9 is vulnerable to server-side template injection. If the ejs file is controllable, template injection can be implemented through the configuration settings of the closeDelimiter parameter. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29827 |
CVE-2023-30619 | Tuleap Open ALM is a Libre and Open Source tool for end to end traceability of application and system developments. The title of an artifact is not properly escaped in the tooltip. A malicious user with the capability to create an artifact or to edit a field title could force victim to execute uncontrolled code. This issue has been patched in version 14.7.99.143.\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30619 |
CVE-2023-29994 | In NanoMQ v0.15.0-0, Heap overflow occurs in read_byte function of mqtt_code.c. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29994 |
CVE-2023-29995 | In NanoMQ v0.15.0-0, a Heap overflow occurs in copyn_utf8_str function of mqtt_parser.c | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29995 |
CVE-2023-29996 | In NanoMQ v0.15.0-0, segment fault with Null Pointer Dereference occurs in the process of decoding subinfo_decode and unsubinfo_decode. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29996 |
CVE-2023-2519 | A vulnerability has been found in Caton CTP Relay Server 1.2.9 and classified as critical. This vulnerability affects unknown code of the file /server/api/v1/login of the component API. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. VDB-228010 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2519 |
CVE-2023-2520 | A vulnerability was found in Caton Prime 2.1.2.51.e8d7225049(202303031001) and classified as critical. This issue affects some unknown processing of the file cgi-bin/tools_ping.cgi?action=Command of the component Ping Handler. The manipulation of the argument Destination leads to command injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-228011. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2520 |
CVE-2023-2521 | A vulnerability was found in NEXTU NEXT-7004N 3.0.1. It has been classified as problematic. Affected is an unknown function of the file /boafrm/formFilter of the component POST Request Handler. The manipulation of the argument url with the input <svg onload=alert(1337)> leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-228012. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2521 |
CVE-2023-30184 | A stored cross-site scripting (XSS) vulnerability in Typecho v1.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter at /index.php/archives/1/comment. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30184 |
CVE-2023-30203 | Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the event_id parameter at /php-jms/result_sheet.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30203 |
CVE-2023-2522 | A vulnerability was found in Chengdu VEC40G 3.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /send_order.cgi?parameter=access_detect of the component Network Detection. The manipulation of the argument COUNT with the input 3 | netstat -an leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228013 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2522 |
CVE-2023-2523 | A vulnerability was found in Weaver E-Office 9.5. It has been rated as critical. Affected by this issue is some unknown functionality of the file App/Ajax/ajax.php?action=mobile_upload_save. The manipulation of the argument upload_quwan leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-228014 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2523 |
CVE-2023-30550 | MeterSphere is an open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing, and performance testing. This IDOR vulnerability allows the administrator of a project to modify other projects under the workspace. An attacker can obtain some operating permissions. The issue has been fixed in version 2.9.0. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30550 |
CVE-2023-2524 | A vulnerability classified as critical has been found in Control iD RHiD 23.3.19.0. This affects an unknown part of the file /v2/#/. The manipulation leads to direct request. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-228015. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2524 |
CVE-2023-20126 | A vulnerability in the web-based management interface of Cisco SPA112 2-Port Phone Adapters could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to a missing authentication process within the firmware upgrade function. An attacker could exploit this vulnerability by upgrading an affected device to a crafted version of firmware. A successful exploit could allow the attacker to execute arbitrary code on the affected device with full privileges. Cisco has not released firmware updates to address this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20126 |
CVE-2023-23059 | An issue was discovered in GeoVision GV-Edge Recording Manager 2.2.3.0 for windows, which contains improper permissions within the default installation and allows attackers to execute arbitrary code and gain escalated privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23059 |
CVE-2023-30094 | A stored cross-site scripting (XSS) vulnerability in TotalJS Flow v10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the platform name field in the settings module. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30094 |
CVE-2023-30095 | A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the channel description field. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30095 |
CVE-2023-30096 | A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user information field. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30096 |
CVE-2023-30097 | A stored cross-site scripting (XSS) vulnerability in TotalJS messenger commit b6cf1c9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the private task field. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30097 |
CVE-2023-30264 | CLTPHP <=6.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via application/admin/controller/Template.php:update. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30264 |
CVE-2023-30268 | CLTPHP <=6.0 is vulnerable to Improper Input Validation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30268 |
CVE-2023-31284 | illumos illumos-gate before 676abcb has a stack buffer overflow in /dev/net, leading to privilege escalation via a stat on a long file name in /dev/net. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31284 |
CVE-2022-47434 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PB SEO Friendly Images plugin <= 4.0.5 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-47434 |
CVE-2022-47449 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RexTheme Cart Lift – Abandoned Cart Recovery for WooCommerce and EDD plugin <= 3.1.5 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-47449 |
CVE-2023-21484 | Improper access control vulnerability in AppLock prior to SMR May-2023 Release 1 allows local attackers without proper permission to execute a privileged operation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21484 |
CVE-2023-21485 | Improper export of android application components vulnerability in VideoPreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21485 |
CVE-2023-21486 | Improper export of android application components vulnerability in ImagePreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21486 |
CVE-2023-21487 | Improper access control vulnerability in Telephony framework prior to SMR May-2023 Release 1 allows local attackers to change a call setting. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21487 |
CVE-2023-21488 | Improper access control vulnerablility in Tips prior to SMR May-2023 Release 1 allows local attackers to launch arbitrary activity in Tips. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21488 |
CVE-2023-21489 | Heap out-of-bounds write vulnerability in bootloader prior to SMR May-2023 Release 1 allows a physical attacker to execute arbitrary code. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21489 |
CVE-2023-21490 | Improper access control in GearManagerStub prior to SMR May-2023 Release 1 allows a local attacker to delete applications installed by watchmanager. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21490 |
CVE-2023-21491 | Improper access control vulnerability in ThemeManager prior to SMR May-2023 Release 1 allows local attackers to write arbitrary files with system privilege. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21491 |
CVE-2023-21492 | Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21492 |
CVE-2023-21493 | Improper access control vulnerability in SemShareFileProvider prior to SMR May-2023 Release 1 allows local attackers to access protected data. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21493 |
CVE-2023-21494 | Potential buffer overflow vulnerability in auth api in mm_Authentication.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21494 |
CVE-2023-21495 | Improper access control vulnerability in Knox Enrollment Service prior to SMR May-2023 Release 1 allow attacker install KSP app when device admin is set. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21495 |
CVE-2023-21496 | Active Debug Code vulnerability in ActivityManagerService prior to SMR May-2023 Release 1 allows attacker to use debug function via setting debug level. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21496 |
CVE-2023-21497 | Use of externally-controlled format string vulnerability in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to access the memory address. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21497 |
CVE-2023-21498 | Improper input validation vulnerability in setPartnerTAInfo in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to overwrite the trustlet memory. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21498 |
CVE-2023-21499 | Out-of-bounds write vulnerability in TA_Communication_mpos_encrypt_pin in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to execute arbitrary code. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21499 |
CVE-2023-21500 | Double free validation vulnerability in setPinPadImages in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to access the trustlet memory. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21500 |
CVE-2023-21501 | Improper input validation vulnerability in mPOS fiserve trustlet prior to SMR May-2023 Release 1 allows local attackers to execute arbitrary code. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21501 |
CVE-2023-21502 | Improper input validation vulnerability in FactoryTest application prior to SMR May-2023 Release 1 allows local attackers to get privilege escalation via debugging commands. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21502 |
CVE-2023-21503 | Potential buffer overflow vulnerability in mm_LteInterRatManagement.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21503 |
CVE-2023-21504 | Potential buffer overflow vulnerability in mm_Plmncoordination.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21504 |
CVE-2023-21505 | Improper access control in Samsung Core Service prior to version 2.1.00.36 allows attacker to write arbitrary file in sandbox. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21505 |
CVE-2023-21506 | Out-of-bounds Write vulnerability while processing BC_TUI_CMD_SEND_RESOURCE_DATA_ARRAY command in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to execute arbitrary code. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21506 |
CVE-2023-21507 | Out-of-bounds Read vulnerability while processing BC_TUI_CMD_SEND_RESOURCE_DATA_ARRAY command in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to read arbitrary memory. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21507 |
CVE-2023-21508 | Out-of-bounds Write vulnerability while processing BC_TUI_CMD_SEND_RESOURCE_DATA command in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to execute arbitrary code. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21508 |
CVE-2023-21509 | Out-of-bounds Write vulnerability while processing BC_TUI_CMD_UPDATE_SCREEN in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to execute arbitrary code. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21509 |
CVE-2023-21510 | Out-of-bounds Read vulnerability while processing BC_TUI_CMD_UPDATE_SCREEN in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to read arbitrary memory. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21510 |
CVE-2023-21511 | Out-of-bounds Read vulnerability while processing CMD_COLDWALLET_BTC_SET_PRV_UTXO in bc_core trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to read arbitrary memory. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21511 |
CVE-2023-25289 | Directory Traversal vulnerability in virtualreception Digital Receptie version win7sp1_rtm.101119-1850 6.1.7601.1.0.65792 in embedded web server, allows attacker to gain sensitive information via a crafted GET request. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25289 |
CVE-2023-30216 | Insecure permissions in the updateUserInfo function of newbee-mall before commit 1f2c2dfy allows attackers to obtain user account information. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30216 |
CVE-2023-30328 | An issue in the helper tool of Mailbutler GmbH Shimo VPN Client for macOS v5.0.4 allows attackers to bypass authentication via PID re-use. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30328 |
CVE-2023-30399 | Insecure permissions in the settings page of GARO Wallbox GLB/GTB/GTC before v189 allows attackers to redirect users to a crafted update package link via a man-in-the-middle attack. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30399 |
CVE-2023-31413 | Filebeat versions through 7.17.9 and 8.6.2 have a flaw in httpjson input that allows the http request Authorization or Proxy-Authorization header contents to be leaked in the logs when debug logging is enabled. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31413 |
CVE-2023-31414 | Kibana versions 8.0.0 through 8.7.0 contain an arbitrary code execution flaw. An attacker with write access to Kibana yaml or env configuration could add a specific payload that will attempt to execute JavaScript code. This could lead to the attacker executing arbitrary commands on the host system with permissions of the Kibana process. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31414 |
CVE-2023-31415 | Kibana version 8.7.0 contains an arbitrary code execution flaw. An attacker with All privileges to the Uptime/Synthetics feature could send a request that will attempt to execute JavaScript code. This could lead to the attacker executing arbitrary commands on the host system with permissions of the Kibana process. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31415 |
CVE-2023-30093 | An arbitrary file upload vulnerability in Open Networking Foundation ONOS from version 1.9.0 until 2.7.0 allows attackers to execute arbitrary code via uploading a crafted YAML file. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30093 |
CVE-2023-30282 | PrestaShop scexportcustomers <= 3.6.1 is vulnerable to Incorrect Access Control. Due to a lack of permissions' control, a guest can access exports from the module which can lead to leak of personal information from customer table. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30282 |
CVE-2023-1894 | A Regular Expression Denial of Service (ReDoS) issue was discovered in Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down server operations. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1894 |
CVE-2017-20183 | A vulnerability was found in External Media without Import Plugin up to 1.0.0 on WordPress. It has been declared as problematic. This vulnerability affects the function print_media_new_panel of the file external-media-without-import.php. The manipulation of the argument url/error/width/height/mime-type leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.0.1 is able to address this issue. The name of the patch is 9d2ecd159a6e2e3f710b4f1c28e2714f66502746. It is recommended to upgrade the affected component. VDB-227950 is the identifier assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2017-20183 |
CVE-2023-2531 | Improper Restriction of Excessive Authentication Attempts in GitHub repository azuracast/azuracast prior to 0.18.3. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2531 |
CVE-2023-30122 | An arbitrary file upload vulnerability in the component /admin/ajax.php?action=save_menu of Online Food Ordering System v2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30122 |
CVE-2023-30135 | Tenda AC18 v15.03.05.19(6318_)_cn was discovered to contain a command injection vulnerability via the deviceName parameter in the setUsbUnload function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30135 |
CVE-2023-30090 | Semcms Shop v4.2 was discovered to contain an arbitrary file uplaod vulnerability via the component SEMCMS_Upfile.php. This vulnerability allows attackers to execute arbitrary code via uploading a crafted PHP file. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30090 |
CVE-2023-32235 | Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-32235 |
CVE-2023-28068 | \nDell Command Monitor, versions 10.9 and prior, contains an improper folder permission vulnerability. A local authenticated malicious user can potentially exploit this vulnerability leading to privilege escalation by writing to a protected directory when Dell Command Monitor is installed to a non-default path\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28068 |
CVE-2021-40331 | An Incorrect Permission Assignment for Critical Resource vulnerability was found in the Apache Ranger Hive Plugin. Any user with SELECT privilege on a database can alter the ownership of the table in Hive when Apache Ranger Hive Plugin is enabled\nThis issue affects Apache Ranger Hive Plugin: from 2.0.0 through 2.3.0. Users are recommended to upgrade to version 2.4.0 or later.\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2021-40331 |
CVE-2022-45048 | Authenticated users with appropriate privileges can create policies having expressions that can exploit code execution vulnerability. This issue affects Apache Ranger: 2.3.0. Users are recommended to update to version 2.4.0.\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2022-45048 |
CVE-2023-30242 | NS-ASG v6.3 was discovered to contain a SQL injection vulnerability via the component /admin/add_ikev2.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30242 |
CVE-2022-38707 | IBM Cognos Command Center 10.2.4.1 could allow a local attacker to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 234179. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-38707 |
CVE-2023-30013 | TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the "command" parameter. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30013 |
CVE-2023-30243 | Beijing Netcon NS-ASG Application Security Gateway v6.3 is vulnerable to SQL Injection via TunnelId that allows access to sensitive information. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30243 |
CVE-2022-43919 | IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow an authenticated attacker with authorization to craft messages to cause a denial of service. IBM X-Force ID: 241354. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-43919 |
CVE-2023-22874 | IBM MQ Clients 9.2 CD, 9.3 CD, and 9.3 LTS are vulnerable to a denial of service attack when processing configuration files. IBM X-Force ID: 244216. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22874 |
CVE-2023-29932 | llvm-project commit fdbc55a5 was discovered to contain a segmentation fault via the component mlir::IROperand<mlir::OpOperand. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29932 |
CVE-2023-29933 | llvm-project commit bd456297 was discovered to contain a segmentation fault via the component mlir::Block::getArgument. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29933 |
CVE-2023-29934 | llvm-project commit 6c01b5c was discovered to contain a segmentation fault via the component mlir::Type::getDialect(). | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29934 |
CVE-2023-29935 | llvm-project commit a0138390 was discovered to contain an assertion failure at !replacements.count(op) && "operation was already replaced. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29935 |
CVE-2023-29939 | llvm-project commit a0138390 was discovered to contain a segmentation fault via the component mlir::spirv::TargetEnv::TargetEnv(mlir::spirv::TargetEnvAttr). | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29939 |
CVE-2023-29941 | llvm-project commit a0138390 was discovered to contain a segmentation fault via the component matchAndRewriteSortOp<mlir::sparse_tensor::SortOp>(mlir::sparse_tensor::SortOp. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29941 |
CVE-2023-29942 | llvm-project commit a0138390 was discovered to contain a segmentation fault via the component mlir::Type::isa<mlir::LLVM::LLVMVoidType. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29942 |
CVE-2023-30053 | TOTOLINK A7100RU V7.4cu.2313_B20191024 is vulnerable to Command Injection. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30053 |
CVE-2023-30054 | TOTOLINK A7100RU V7.4cu.2313_B20191024 has a Command Injection vulnerability. An attacker can obtain a stable root shell through a specially constructed payload. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30054 |
CVE-2023-30434 | IBM Storage Scale (IBM Spectrum Scale 5.1.0.0 through 5.1.2.9, 5.1.3.0 through 5.1.6.1 and IBM Elastic Storage Systems 6.1.0.0 through 6.1.2.5, 6.1.3.0 through 6.1.6.0) could allow a local user to cause a kernel panic. IBM X-Force ID: 252187. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30434 |
CVE-2023-26285 | IBM MQ 9.2 CD, 9.2 LTS, 9.3 CD, and 9.3 LTS could allow a remote attacker to cause a denial of service due to an error processing invalid data. IBM X-Force ID: 248418. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26285 |
CVE-2023-29659 | A Segmentation fault caused by a floating point exception exists in libheif 1.15.1 using crafted heif images via the heif::Fraction::round() function in box.cc, which causes a denial of service. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29659 |
CVE-2023-32269 | An issue was discovered in the Linux kernel before 6.1.11. In net/netrom/af_netrom.c, there is a use-after-free because accept is also allowed for a successfully connected AF_NETROM socket. However, in order for an attacker to exploit this, the system must have netrom routing configured or the attacker must have the CAP_NET_ADMIN capability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-32269 |
CVE-2020-4914 | IBM Cloud Pak System Suite 2.3.3.0 through 2.3.3.5 does not invalidate session after logout which could allow a local user to impersonate another user on the system. IBM X-Force ID: 191290. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-4914 |
CVE-2022-43866 | IBM Maximo Asset Management 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 239436. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-43866 |
CVE-2023-2427 | Cross-site Scripting (XSS) - Reflected in GitHub repository thorsten/phpmyfaq prior to 3.1.13. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2427 |
CVE-2023-2516 | Cross-site Scripting (XSS) - Stored in GitHub repository nilsteampassnet/teampass prior to 3.0.7. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2516 |
CVE-2023-2550 | Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.13. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2550 |
CVE-2023-2551 | PHP Remote File Inclusion in GitHub repository unilogies/bumsys prior to 2.1.1. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2551 |
CVE-2023-2552 | Cross-Site Request Forgery (CSRF) in GitHub repository unilogies/bumsys prior to 2.1.1. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2552 |
CVE-2023-2553 | Cross-site Scripting (XSS) - Stored in GitHub repository unilogies/bumsys prior to 2.2.0. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2553 |
CVE-2023-2554 | External Control of File Name or Path in GitHub repository unilogies/bumsys prior to 2.2.0. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2554 |
CVE-2023-30065 | MitraStar GPT-2741GNAC-N2 with firmware BR_g5.9_1.11(WVK.0)b32 was discovered to contain a remote code execution (RCE) vulnerability in the ping function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30065 |
CVE-2023-29963 | S-CMS v5.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the component /admin/ajax.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29963 |
CVE-2016-15031 | A vulnerability was found in PHP-Login 1.0. It has been declared as critical. This vulnerability affects the function checkLogin of the file login/scripts/class.loginscript.php of the component POST Parameter Handler. The manipulation of the argument myusername leads to sql injection. The attack can be initiated remotely. Upgrading to version 2.0 is able to address this issue. The name of the patch is 0083ec652786ddbb81335ea20da590df40035679. It is recommended to upgrade the affected component. VDB-228022 is the identifier assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2016-15031 |
CVE-2022-22313 | IBM QRadar Data Synchronization App 1.0 through 3.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 217370. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-22313 |
CVE-2022-43877 | IBM UrbanCode Deploy (UCD) versions up to 7.3.0.1 could disclose sensitive password information during a manual edit of the agentrelay.properties file. IBM X-Force ID: 240148. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-43877 |
CVE-2023-24957 | IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 246115. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24957 |
CVE-2023-26517 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jeff Starr Dashboard Widgets Suite plugin <= 3.2.1 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26517 |
CVE-2023-26519 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Alex Benfica Publish to Schedule plugin <= 4.5.4 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26519 |
CVE-2023-2560 | A vulnerability was found in jja8 NewBingGoGo up to 2023.5.5.2. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228167. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2560 |
CVE-2023-25491 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Samuel Marshall JCH Optimize plugin <= 3.2.2 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25491 |
CVE-2023-24400 | Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Hu-manity.Co Cookie Notice & Compliance for GDPR / CCPA plugin <= 2.4.6 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24400 |
CVE-2023-31047 | In Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to upload multiple files. This multiple upload has never been supported by forms.FileField or forms.ImageField (only the last uploaded file was validated). However, Django's "Uploading multiple files" documentation suggested otherwise. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31047 |
CVE-2023-32290 | The myMail app through 14.30 for iOS sends cleartext credentials in a situation where STARTTLS is expected by a server. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-32290 |
CVE-2023-2564 | OS Command Injection in GitHub repository sbs20/scanservjs prior to v2.27.0. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2564 |
CVE-2023-2565 | A vulnerability has been found in SourceCodester Multi Language Hotel Management Software 1.0 and classified as problematic. This vulnerability affects unknown code of the file ajax.php of the component POST Parameter Handler. The manipulation of the argument complaint_type with the input --redacted-- leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228172 | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2565 |
CVE-2023-29944 | Metersphere v1.20.20-lts-79d354a6 is vulnerable to Remote Command Execution. The system command reverse-shell can be executed at the custom code snippet function of the metersphere system workbench | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29944 |
CVE-2023-30185 | CRMEB v4.4 to v4.6 was discovered to contain an arbitrary file upload vulnerability via the component \\attachment\\SystemAttachmentServices.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30185 |
CVE-2023-30257 | A buffer overflow in the component /proc/ftxxxx-debug of FiiO M6 Build Number v1.0.4 allows attackers to escalate privileges to root. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30257 |
CVE-2023-30018 | Judging Management System v1.0 is vulnerable to SQL Injection. via /php-jms/review_se_result.php?mainevent_id=. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30018 |
CVE-2023-2566 | Cross-site Scripting (XSS) - Stored in GitHub repository openemr/openemr prior to 7.0.1. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2566 |
CVE-2023-2534 | Improper Authorization vulnerability in OTRS AG OTRS 8 (Websocket API backend) allows any as Agent authenticated attacker to track user behaviour and to gain live insight into overall system usage. User IDs can easily be correlated with real names e. g. via\nticket histories by any user. (Fuzzing for garnering other adjacent user/sensitive data). Subscribing to all possible push events could also lead to performance implications on the server side, depending on the size of the installation\nand the number of active users. (Flooding)This issue affects OTRS: from 8.0.X before 8.0.32.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2534 |
CVE-2023-31038 | SQL injection in Log4cxx when using the ODBC appender to send log messages to a database. No fields sent to the database were properly escaped for SQL injection. This has been the case since at least version 0.9.0(released 2003-08-06)\n\n\n\n\nNote that Log4cxx is a C++ framework, so only C++ applications are affected.\n\nBefore version 1.1.0, the ODBC appender was automatically part of Log4cxx if the library was found when compiling the library. As of version 1.1.0, this must be both explicitly enabled in order to be compiled in.\n\n\n\n\nThree preconditions must be met for this vulnerability to be possible:\n\n1. Log4cxx compiled with ODBC support(before version 1.1.0, this was auto-detected at compile time)\n\n2. ODBCAppender enabled for logging messages to, generally done via a config file\n\n3. User input is logged at some point. If your application does not have user input, it is unlikely to be affected.\n\n\n\n\n\nUsers are recommended to upgrade to version 1.1.0 which properly binds the parameters to the SQL statement, or migrate to the new DBAppender class which supports an ODBC connection in addition to other databases. \nNote that this fix does require a configuration file update, as the old configuration files will not configure properly. An example is shown below, and more information may be found in the Log4cxx documentation on the ODBCAppender.\n\n\n\n\n\nExample of old configuration snippet:\n\n<appender name="SqlODBCAppender" class="ODBCAppender">\n\n <param name="sql" value="INSERT INTO logs (message) VALUES ('%m')" />\n\n ... other params here ...\n\n</appender>\n\n\n\n\nThe migrated configuration snippet with new ColumnMapping parameters:\n\n\n<appender name="SqlODBCAppender" class="ODBCAppender">\n\n\n\n\n <param name="sql" value="INSERT INTO logs (message) VALUES (?)" />\n\n <param name="ColumnMapping" value="message"/>\n ... other params here ...\n\n\n</appender>\n\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31038 |
CVE-2023-31039 | Security vulnerability in Apache bRPC <1.5.0 on all platforms allows attackers to execute arbitrary code via ServerOptions::pid_file.\nAn attacker that can influence the ServerOptions pid_file parameter with which the bRPC server is started can execute arbitrary code with the permissions of the bRPC process.\n\nSolution:\n1. upgrade to bRPC >= 1.5.0, download link: https://dist.apache.org/repos/dist/release/brpc/1.5.0/ https://dist.apache.org/repos/dist/release/brpc/1.5.0/ \n2. If you are using an old version of bRPC and hard to upgrade, you can apply this patch: https://github.com/apache/brpc/pull/2218 https://github.com/apache/brpc/pull/2218 | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31039 |
CVE-2023-29247 | Task instance details page in the UI is vulnerable to a stored XSS.This issue affects Apache Airflow: before 2.6.0.\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29247 |
CVE-2022-46799 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Easy Testimonial Slider and Form plugin <= 1.0.15 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-46799 |
CVE-2023-23668 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in GiveWP plugin <= 2.25.1 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23668 |
CVE-2023-25021 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in FareHarbor FareHarbor for WordPress plugin <= 3.6.6 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25021 |
CVE-2023-25754 | Privilege Context Switching Error vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.6.0.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25754 |
CVE-2022-45812 | Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in Martin Lees Exxp plugin <= 2.6.8 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-45812 |
CVE-2023-25052 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Teplitsa Yandex.News Feed by Teplitsa plugin <= 1.12.5 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25052 |
CVE-2023-25452 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Michael Pretty (prettyboymp) CMS Press plugin <= 0.2.3 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25452 |
CVE-2023-28169 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in CoreFortress Easy Event calendar plugin <= 1.0 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28169 |
CVE-2023-2573 | Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vulnerability in the NTP server input field, which can be triggered by authenticated users via a crafted POST request.\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2573 |
CVE-2023-2574 | Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by an command injection vulnerability in the device name input field, which can be triggered by authenticated users via a crafted POST request.\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2574 |
CVE-2023-2575 | Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stack-based Buffer Overflow vulnerability, which can be triggered by authenticated users via a crafted POST request. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2575 |
CVE-2020-18131 | Cross Site Request Forgery (CSRF) vulnerability in Bluethrust Clan Scripts v4 allows attackers to escilate privledges to an arbitrary account via a crafted request to /members/console.php?cID=5. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-18131 |
CVE-2020-18132 | Cross Site Scripting (XSS) vulnerability in MIPCMS 3.6.0 allows attackers to execute arbitrary code via the category name field to categoryEdit. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-18132 |
CVE-2020-18282 | Cross-site scripting (XSS) vulnerability in NoneCms 1.3.0 allows remote attackers to inject arbitrary web script or HTML via feedback feature. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-18282 |
CVE-2020-19660 | Cross Site Scripting (XSS) pandao editor.md 1.5.0 allows attackers to execute arbitrary code via crafted linked url values. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-19660 |
CVE-2020-21038 | Open redirect vulnerability in typecho 1.1-17.10.30-release via the referer parameter to Login.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-21038 |
CVE-2020-22334 | Cross Site Request Forgery (CSRF) vulnerability in beescms v4 allows attackers to delete the administrator account via crafted request to /admin/admin_admin.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-22334 |
CVE-2020-22755 | File upload vulnerability in MCMS 5.0 allows attackers to execute arbitrary code via a crafted thumbnail. A different vulnerability than CVE-2022-31943. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-22755 |
CVE-2020-23966 | SQL Injection vulnerability in victor cms 1.0 allows attackers to execute arbitrary commands via the post parameter to /post.php in a crafted GET request. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-23966 |
CVE-2020-36065 | Cross Site Request Forgery (CSRF) vulnerability in FlyCms 1.0 allows attackers to add arbitrary administrator accounts via system/admin/admin_save. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-36065 |
CVE-2021-27280 | OS Command injection vulnerability in mblog 3.5.0 allows attackers to execute arbitrary code via crafted theme when it gets selected. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-27280 |
CVE-2021-28998 | File upload vulnerability in CMS Made Simple through 2.2.15 allows remote authenticated attackers to gain a webshell via a crafted phar file. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-28998 |
CVE-2021-28999 | SQL Injection vulnerability in CMS Made Simple through 2.2.15 allows remote attackers to execute arbitrary commands via the m1_sortby parameter to modules/News/function.admin_articlestab.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-28999 |
CVE-2022-4118 | The Bitcoin / AltCoin Payment Gateway for WooCommerce & Multivendor store / shop WordPress plugin through 1.7.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by authenticated users | – | https://nvd.nist.gov/vuln/detail/CVE-2022-4118 |
CVE-2023-0267 | The Ultimate Carousel For WPBakery Page Builder WordPress plugin through 2.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0267 |
CVE-2023-0268 | The Mega Addons For WPBakery Page Builder WordPress plugin before 4.3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0268 |
CVE-2023-0280 | The Ultimate Carousel For Elementor WordPress plugin through 2.1.7 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0280 |
CVE-2023-0421 | The Cloud Manager WordPress plugin through 1.0 does not sanitise and escape the query param ricerca before outputting it in an admin panel, allowing unauthenticated attackers to trick a logged in admin to trigger a XSS payload by clicking a link. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0421 |
CVE-2023-0514 | The Membership Database WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0514 |
CVE-2023-0522 | The Enable/Disable Auto Login when Register WordPress plugin through 1.1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0522 |
CVE-2023-0526 | The Post Shortcode WordPress plugin through 2.0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0526 |
CVE-2023-0536 | The Wp-D3 WordPress plugin through 2.4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0536 |
CVE-2023-0537 | The Product Slider For WooCommerce Lite WordPress plugin through 1.1.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0537 |
CVE-2023-0542 | The Custom Post Type List Shortcode WordPress plugin through 1.4.4 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0542 |
CVE-2023-0544 | The WP Login Box WordPress plugin through 2.0.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0544 |
CVE-2023-0603 | The Sloth Logo Customizer WordPress plugin through 2.0.2 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0603 |
CVE-2023-0768 | The Avirato hotels online booking engine WordPress plugin through 5.0.5 does not validate and escape some of its shortcode attributes before using them in SQL statement/s, which could allow any authenticated users, such as subscriber to perform SQL Injection attacks. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0768 |
CVE-2023-0894 | The Pickup | Delivery | Dine-in date time WordPress plugin through 1.0.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0894 |
CVE-2023-0948 | The Japanized For WooCommerce WordPress plugin before 2.5.8 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0948 |
CVE-2023-1011 | The AI ChatBot WordPress plugin before 4.4.5 does not escape most of its settings before outputting them back in the dashboard, and does not have a proper CSRF check, allowing attackers to make a logged in admin set XSS payloads in them. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1011 |
CVE-2023-1347 | The Customizer Export/Import WordPress plugin before 0.9.6 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1347 |
CVE-2023-1408 | The Video List Manager WordPress plugin through 1.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1408 |
CVE-2023-1649 | The AI ChatBot WordPress plugin before 4.5.1 does not sanitise and escape numerous of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1649 |
CVE-2023-1650 | The AI ChatBot WordPress plugin before 4.4.7 unserializes user input from cookies via an AJAX action available to unauthenticated users, which could allow them to perform PHP Object Injection when a suitable gadget is present on the blog | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1650 |
CVE-2023-1651 | The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in the AJAX action responsible to update the OpenAI settings, allowing any authenticated users, such as subscriber to update them. Furthermore, due to the lack of escaping of the settings, this could also lead to Stored XSS | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1651 |
CVE-2023-1660 | The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in a function hooked to init, allowing unauthenticated users to update some settings, leading to Stored XSS due to the lack of escaping when outputting them in the admin dashboard | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1660 |
CVE-2023-1806 | The WP Inventory Manager WordPress plugin before 2.1.0.12 does not sanitise and escape the message parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as administrators. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1806 |
CVE-2023-1905 | The WP Popups WordPress plugin before 2.1.5.1 does not properly escape the href attribute of its spu-facebook-page shortcode before outputting it back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. This is due to an insufficient fix of CVE-2023-24003 | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1905 |
CVE-2023-2114 | The NEX-Forms WordPress plugin before 8.4 does not properly escape the `table` parameter, which is populated with user input, before concatenating it to an SQL query. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2114 |
CVE-2022-45065 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Squirrly SEO Plugin by Squirrly SEO plugin <= 12.1.20 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-45065 |
CVE-2022-47437 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Branko Borilovic WSB Brands plugin <= 1.1.8 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-47437 |
CVE-2022-47439 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Rocket Apps Open Graphite plugin <= 1.6.0 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-47439 |
CVE-2023-22779 | There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22779 |
CVE-2023-22780 | There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22780 |
CVE-2023-22781 | There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22781 |
CVE-2023-22782 | There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22782 |
CVE-2023-22783 | There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22783 |
CVE-2023-22784 | There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22784 |
CVE-2023-22785 | There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22785 |
CVE-2023-22786 | There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22786 |
CVE-2023-22787 | An unauthenticated Denial of Service (DoS) vulnerability exists in a service accessed via the PAPI protocol provided by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected access point. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22787 |
CVE-2023-22788 | Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22788 |
CVE-2023-22789 | Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22789 |
CVE-2023-22790 | Multiple authenticated command injection vulnerabilities exist in the Aruba InstantOS and ArubaOS 10 command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22790 |
CVE-2023-22791 | A vulnerability exists in Aruba InstantOS and ArubaOS 10 where an edge-case combination of network configuration, a specific WLAN environment and an attacker already possessing valid user credentials on that WLAN can lead to sensitive information being disclosed via the WLAN. The scenarios in which this disclosure of potentially sensitive information can occur are complex and depend on factors that are beyond the control of the attacker. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22791 |
CVE-2023-24408 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart plugin <= 6.11.4 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24408 |
CVE-2023-28493 | Auth (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Macho Themes NewsMag theme <= 2.4.4 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28493 |
CVE-2023-29693 | H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function set_tftp_upgrad. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29693 |
CVE-2023-29696 | H3C GR-1200W MiniGRW1A0V100R006 was discovered to contain a stack overflow via the function version_set. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29696 |
CVE-2023-30019 | imgproxy <=3.14.0 is vulnerable to Server-Side Request Forgery (SSRF) due to a lack of sanitization of the imageURL parameter. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30019 |
CVE-2023-30092 | SourceCodester Online Pizza Ordering System v1.0 is vulnerable to SQL Injection via the QTY parameter. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30092 |
CVE-2023-30551 | Rekor is an open source software supply chain transparency log. Rekor prior to version 1.1.1 may crash due to out of memory (OOM) conditions caused by reading archive metadata files into memory without checking their sizes first. Verification of a JAR file submitted to Rekor can cause an out of memory crash if files within the META-INF directory of the JAR are sufficiently large. Parsing of an APK file submitted to Rekor can cause an out of memory crash if the .SIGN or .PKGINFO files within the APK are sufficiently large. The OOM crash has been patched in Rekor version 1.1.1. There are no known workarounds. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30551 |
CVE-2023-1979 | The Web Stories for WordPress plugin supports the WordPress built-in functionality of protecting content with a password. The content is then only accessible to website visitors after entering the password. In WordPress, users with the "Author" role can create stories, but don't have the ability to edit password protected stories. The vulnerability allowed users with said role to bypass this permission check when trying to duplicate the protected story in the plugin's own dashboard, giving them access to the seemingly protected content. We recommend upgrading to version 1.32 or beyond commit ad49781c2a35c5c92ef704d4b621ab4e5cb77d68 https://github.com/GoogleForCreators/web-stories-wp/commit/ad49781c2a35c5c92ef704d4b621ab4e5cb77d68 \n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1979 |
CVE-2023-2583 | Code Injection in GitHub repository jsreport/jsreport prior to 3.11.3. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2583 |
CVE-2023-30837 | Vyper is a pythonic smart contract language for the EVM. The storage allocator does not guard against allocation overflows in versions prior to 0.3.8. An attacker can overwrite the owner variable. This issue was fixed in version 0.3.8.\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30837 |
CVE-2023-30840 | Fluid is an open source Kubernetes-native distributed dataset orchestrator and accelerator for data-intensive applications. Starting in version 0.7.0 and prior to version 0.8.6, if a malicious user gains control of a Kubernetes node running fluid csi pod (controlled by the `csi-nodeplugin-fluid` node-daemonset), they can leverage the fluid-csi service account to modify specs of all the nodes in the cluster. However, since this service account lacks `list node` permissions, the attacker may need to use other techniques to identify vulnerable nodes.\n\nOnce the attacker identifies and modifies the node specs, they can manipulate system-level-privileged components to access all secrets in the cluster or execute pods on other nodes. This allows them to elevate privileges beyond the compromised node and potentially gain full privileged access to the whole cluster.\n\nTo exploit this vulnerability, the attacker can make all other nodes unschedulable (for example, patch node with taints) and wait for system-critical components with high privilege to appear on the compromised node. However, this attack requires two prerequisites: a compromised node and identifying all vulnerable nodes through other means.\n\nVersion 0.8.6 contains a patch for this issue. As a workaround, delete the `csi-nodeplugin-fluid` daemonset in `fluid-system` namespace and avoid using CSI mode to mount FUSE file systems. Alternatively, using sidecar mode to mount FUSE file systems is recommended. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30840 |
CVE-2023-30844 | Mutagen provides real-time file synchronization and flexible network forwarding for developers. Prior to versions 0.16.6 and 0.17.1 in `mutagen` and prior to version 0.17.1 in `mutagen-compose`, Mutagen `list` and `monitor` commands are susceptible to control characters that could be provided by remote endpoints. This could cause terminal corruption, either intentional or unintentional, if these characters were present in error messages or file paths/names. This could be used as an attack vector if synchronizing with an untrusted remote endpoint, synchronizing files not under control of the user, or forwarding to/from an untrusted remote endpoint. On very old systems with terminals susceptible to issues such as CVE-2003-0069, the issue could theoretically cause code execution. The problem has been patched in Mutagen v0.16.6 and v0.17.1. Earlier versions of Mutagen are no longer supported and will not be patched. Versions of Mutagen after v0.18.0 will also have the patch merged. As a workaround, avoiding synchronization of untrusted files or interaction with untrusted remote endpoints should mitigate any risk. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30844 |
CVE-2023-30855 | Pimcore is an open source data and experience management platform. Versions of Pimcore prior to 10.5.18 are vulnerable to path traversal. The impact of this path traversal and arbitrary extension is limited to creation of arbitrary files and appending data to existing files. When combined with the SQL Injection, the exported data `RESTRICTED DIFFUSION 9 / 9` can be controlled and a webshell can be uploaded. Attackers can use that to execute arbitrary PHP code on the server with the permissions of the webserver. Users may upgrade to version 10.5.18 to receive a patch or, as a workaround, apply the patch manually. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30855 |
CVE-2023-30860 | WWBN AVideo is an open source video platform. In AVideo prior to version 12.4, a normal user can make a Meeting Schedule where the user can invite another user in that Meeting, but it does not properly sanitize the malicious characters when creating a Meeting Room. This allows attacker to insert malicious scripts. Since any USER including the ADMIN can see the meeting room that was created by the attacker this can lead to cookie hijacking and takeover of any accounts. Version 12.4 contains a patch for this issue. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30860 |
CVE-2022-46720 | An integer overflow was addressed with improved input validation. This issue is fixed in iOS 16.2 and iPadOS 16.2, macOS Ventura 13.1. An app may be able to break out of its sandbox | – | https://nvd.nist.gov/vuln/detail/CVE-2022-46720 |
CVE-2023-1031 | MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `settings` endpoint and first_name parameter. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1031 |
CVE-2023-1094 | MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/food` endpoint and food parameter. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-1094 |
CVE-2023-23494 | A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 16.4 and iPadOS 16.4. A user in a privileged network position may be able to cause a denial-of-service | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23494 |
CVE-2023-23523 | A logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. Photos belonging to the Hidden Photos Album could be viewed without authentication through Visual Lookup | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23523 |
CVE-2023-23525 | This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. An app may be able to gain root privileges | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23525 |
CVE-2023-23526 | This was addressed with additional checks by Gatekeeper on files downloaded from an iCloud shared-by-me folder. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. A file from an iCloud shared-by-me folder may be able to bypass Gatekeeper | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23526 |
CVE-2023-23527 | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4, watchOS 9.4, tvOS 16.4, iOS 16.4 and iPadOS 16.4. A user may gain access to protected parts of the file system | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23527 |
CVE-2023-23528 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in tvOS 16.4, iOS 16.4 and iPadOS 16.4. Processing a maliciously crafted Bluetooth packet may result in disclosure of process memory | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23528 |
CVE-2023-23532 | This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. An app may be able to break out of its sandbox | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23532 |
CVE-2023-23533 | A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4. An app may be able to modify protected parts of the file system | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23533 |
CVE-2023-23534 | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5. Processing a maliciously crafted image may result in disclosure of process memory | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23534 |
CVE-2023-23535 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, watchOS 9.4, tvOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. Processing a maliciously crafted image may result in disclosure of process memory | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23535 |
CVE-2023-23536 | The issue was addressed with improved bounds checks. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. An app may be able to execute arbitrary code with kernel privileges | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23536 |
CVE-2023-23537 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, watchOS 9.4, iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. An app may be able to read sensitive location information | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23537 |
CVE-2023-23538 | A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4. An app may be able to modify protected parts of the file system | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23538 |
CVE-2023-23540 | The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.4, macOS Big Sur 11.7.5, iOS 16.4 and iPadOS 16.4. An app may be able to execute arbitrary code with kernel privileges | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23540 |
CVE-2023-23541 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. An app may be able to access information about a user’s contacts | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23541 |
CVE-2023-23542 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to access user-sensitive data | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23542 |
CVE-2023-23543 | The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. A sandboxed app may be able to determine which app is currently using the camera | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23543 |
CVE-2023-27928 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, watchOS 9.4, tvOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. An app may be able to access information about a user’s contacts | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27928 |
CVE-2023-27929 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, watchOS 9.4, iOS 16.4 and iPadOS 16.4. Processing a maliciously crafted image may result in disclosure of process memory | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27929 |
CVE-2023-27931 | This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, watchOS 9.4, iOS 16.4 and iPadOS 16.4. An app may be able to access user-sensitive data | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27931 |
CVE-2023-27932 | This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, watchOS 9.4, tvOS 16.4, Safari 16.4, iOS 16.4 and iPadOS 16.4. Processing maliciously crafted web content may bypass Same Origin Policy | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27932 |
CVE-2023-27933 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, watchOS 9.4, tvOS 16.4, iOS 16.4 and iPadOS 16.4. An app with root privileges may be able to execute arbitrary code with kernel privileges | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27933 |
CVE-2023-27934 | A memory initialization issue was addressed. This issue is fixed in macOS Ventura 13.3. A remote user may be able to cause unexpected app termination or arbitrary code execution | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27934 |
CVE-2023-27935 | The issue was addressed with improved bounds checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. A remote user may be able to cause unexpected app termination or arbitrary code execution | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27935 |
CVE-2023-27936 | An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Big Sur 11.7.5. An app may be able to cause unexpected system termination or write kernel memory | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27936 |
CVE-2023-27937 | An integer overflow was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4, watchOS 9.4, tvOS 16.4, iOS 16.4 and iPadOS 16.4. Parsing a maliciously crafted plist may lead to an unexpected app termination or arbitrary code execution | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27937 |
CVE-2023-27938 | An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in GarageBand for macOS 10.4.8. Parsing a maliciously crafted MIDI file may lead to an unexpected application termination or arbitrary code execution | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27938 |
CVE-2023-27941 | A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4. An app may be able to disclose kernel memory | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27941 |
CVE-2023-27942 | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, watchOS 9.4, tvOS 16.4, iOS 16.4 and iPadOS 16.4. An app may be able to access user-sensitive data | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27942 |
CVE-2023-27943 | This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. Files downloaded from the internet may not have the quarantine flag applied | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27943 |
CVE-2023-27944 | This issue was addressed with a new entitlement. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to break out of its sandbox | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27944 |
CVE-2023-27945 | This issue was addressed with improved entitlements. This issue is fixed in Xcode 14.3. A sandboxed app may be able to collect system logs | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27945 |
CVE-2023-27946 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Big Sur 11.7.5. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27946 |
CVE-2023-27949 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27949 |
CVE-2023-27951 | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An archive may be able to bypass Gatekeeper | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27951 |
CVE-2023-27952 | A race condition was addressed with improved locking. This issue is fixed in macOS Ventura 13.3. An app may bypass Gatekeeper checks | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27952 |
CVE-2023-27953 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. A remote user may be able to cause unexpected system termination or corrupt kernel memory | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27953 |
CVE-2023-27954 | The issue was addressed by removing origin information. This issue is fixed in macOS Ventura 13.3, watchOS 9.4, tvOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, Safari 16.4, iOS 16.4 and iPadOS 16.4. A website may be able to track sensitive user information | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27954 |
CVE-2023-27955 | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5, iOS 16.4 and iPadOS 16.4. An app may be able to read arbitrary files | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27955 |
CVE-2023-27956 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, watchOS 9.4, tvOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. Processing a maliciously crafted image may result in disclosure of process memory | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27956 |
CVE-2023-27957 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27957 |
CVE-2023-27958 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. A remote user may be able to cause unexpected system termination or corrupt kernel memory | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27958 |
CVE-2023-27959 | The issue was addressed with improved memory handling. This issue is fixed in iOS 16.4 and iPadOS 16.4. An app may be able to execute arbitrary code with kernel privileges | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27959 |
CVE-2023-27960 | This issue was addressed by removing the vulnerable code. This issue is fixed in GarageBand for macOS 10.4.8. An app may be able to gain elevated privileges during the installation of GarageBand | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27960 |
CVE-2023-27961 | Multiple validation issues were addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4, watchOS 9.4, iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. Importing a maliciously crafted calendar invitation may exfiltrate user information | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27961 |
CVE-2023-27962 | A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to modify protected parts of the file system | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27962 |
CVE-2023-27963 | The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, watchOS 9.4, iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. A shortcut may be able to use sensitive data with certain actions without prompting the user | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27963 |
CVE-2023-27965 | A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Studio Display Firmware Update 16.4. An app may be able to execute arbitrary code with kernel privileges | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27965 |
CVE-2023-27966 | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3. An app may be able to break out of its sandbox | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27966 |
CVE-2023-27967 | The issue was addressed with improved memory handling. This issue is fixed in Xcode 14.3. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27967 |
CVE-2023-27968 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27968 |
CVE-2023-27969 | A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.3, watchOS 9.4, tvOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. An app may be able to execute arbitrary code with kernel privileges | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27969 |
CVE-2023-27970 | An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 16.4 and iPadOS 16.4. An app may be able to execute arbitrary code with kernel privileges | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27970 |
CVE-2023-28178 | A logic issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4. An app may be able to bypass Privacy preferences | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28178 |
CVE-2023-28180 | A denial-of-service issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. A user in a privileged network position may be able to cause a denial-of-service | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28180 |
CVE-2023-28181 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, watchOS 9.4, iOS 16.4 and iPadOS 16.4. An app may be able to execute arbitrary code with kernel privileges | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28181 |
CVE-2023-28182 | The issue was addressed with improved authentication. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. A user in a privileged network position may be able to spoof a VPN server that is configured with EAP-only authentication on a device | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28182 |
CVE-2023-28189 | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3. An app may be able to view sensitive information | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28189 |
CVE-2023-28190 | A privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixed in macOS Ventura 13.3. An app may be able to access user-sensitive data | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28190 |
CVE-2023-28192 | A permissions issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to read sensitive location information | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28192 |
CVE-2023-28194 | The issue was addressed with improved checks. This issue is fixed in iOS 16.4 and iPadOS 16.4. An app may be able to unexpectedly create a bookmark on the Home Screen | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28194 |
CVE-2023-28200 | A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Big Sur 11.7.5. An app may be able to disclose kernel memory | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28200 |
CVE-2023-28201 | This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, Safari 16.4, iOS 16.4 and iPadOS 16.4. A remote user may be able to cause unexpected app termination or arbitrary code execution | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28201 |
CVE-2023-30787 | MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/introductions` endpoint and first_met_additional_info parameter. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30787 |
CVE-2023-30788 | MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people/add` endpoint and nickName, description, lastName, middleName and firstName parameter. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30788 |
CVE-2023-30789 | MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/work` endpoint and job and company parameter. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30789 |
CVE-2023-30790 | MonicaHQ version 4.0.0 allows an authenticated remote attacker to execute malicious code in the application via CSTI in the `people:id/relationships` endpoint and first_name and last_name parameter. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30790 |
CVE-2023-32233 | In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-32233 |
CVE-2023-21404 | AXIS OS 11.0.X - 11.3.x use a static RSA key in legacy LUA-components to protect Axis-specific source code. The static RSA key is not used in any other secure communication nor can it be used to compromise the device or any customer data. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21404 |
CVE-2023-24505 | \nMilesight NCR/camera version 71.8.0.6-r5 discloses sensitive information through an unspecified request. \n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24505 |
CVE-2023-24506 | \n\n\nMilesight NCR/camera version 71.8.0.6-r5 exposes credentials through an unspecified request. \n\n \n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24506 |
CVE-2023-24507 | \n\n\nAgilePoint NX v8.0 SU2.2 & SU2.3 – Insecure File Upload - Vulnerability allows insecure file upload, by an unspecified request.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24507 |
CVE-2023-2478 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.9.7, all versions starting from 15.10 before 15.10.6, all versions starting from 15.11 before 15.11.2. Under certain conditions, a malicious unauthorized GitLab user may use a GraphQL endpoint to attach a malicious runner to any project. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2478 |
CVE-2023-2513 | A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2513 |
CVE-2023-2582 | A prototype pollution vulnerability exists in Strikingly CMS which can result in reflected cross-site scripting (XSS) in affected applications and sites built with Strikingly. The vulnerability exists because of Strikingly JavaScript library parsing the URL fragment allows access to the __proto__ or constructor properties and the Object prototype. By leveraging an embedded gadget like jQuery, an attacker who convinces a victim to visit a specially crafted link could achieve arbitrary javascript execution in the context of the user's browser. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2582 |
CVE-2023-30334 | AsmBB v2.9.1 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities via the MiniMag.asm and bbcode.asm libraries. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30334 |
CVE-2023-31123 | `effectindex/tripreporter` is a community-powered, universal platform for submitting and analyzing trip reports. Prior to commit bd80ba833b9023d39ca22e29874296c8729dd53b, any user with an account on an instance of `effectindex/tripreporter`, e.g. `subjective.report`, may be affected by an improper password verification vulnerability. The vulnerability allows any user with a password matching the password requirements to log in as any user. This allows access to accounts / data loss of the user. This issue is patched in commit bd80ba833b9023d39ca22e29874296c8729dd53b. No action necessary for users of `subjective.report`, and anyone running their own instance should update to this commit or newer as soon as possible. As a workaround, someone running their own instance may apply the patch manually. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31123 |
CVE-2023-31125 | Engine.IO is the implementation of transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. An uncaught exception vulnerability was introduced in version 5.1.0 and included in version 4.1.0 of the `socket.io` parent package. Older versions are not impacted. A specially crafted HTTP request can trigger an uncaught exception on the Engine.IO server, thus killing the Node.js process. This impacts all the users of the `engine.io` package, including those who use depending packages like `socket.io`. This issue was fixed in version 6.4.2 of Engine.IO. There is no known workaround except upgrading to a safe version.\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31125 |
CVE-2023-31127 | libspdm is a sample implementation that follows the DMTF SPDM specifications. A vulnerability has been identified in SPDM session establishment in libspdm prior to version 2.3.1. If a device supports both DHE session and PSK session with mutual\nauthentication, the attacker may be able to establish the session with `KEY_EXCHANGE` and `PSK_FINISH` to bypass the mutual authentication. This is most likely to happen when the Requester begins a session using one method (DHE, for example) and then uses the other method's finish (PSK_FINISH in this example) to establish the session. The session hashes would be expected to fail in this case, but the condition was not detected.\n\nThis issue only impacts the SPDM responder, which supports `KEY_EX_CAP=1 and `PSK_CAP=10b` at same time with mutual authentication requirement. The SPDM requester is not impacted. The SPDM responder is not impacted if `KEY_EX_CAP=0` or `PSK_CAP=0` or `PSK_CAP=01b`. The SPDM responder is not impacted if mutual authentication is not required.\n\nlibspdm 1.0, 2.0, 2.1, 2.2, 2.3 are all impacted. Older branches are not maintained, but users of the 2.3 branch may receive a patch in version 2.3.2. The SPDM specification (DSP0274) does not contain this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31127 |
CVE-2023-31129 | The Contiki-NG operating system versions 4.8 and prior can be triggered to dereference a NULL pointer in the message handling code for IPv6 router solicitiations. Contiki-NG contains an implementation of IPv6 Neighbor Discovery (ND) in the module `os/net/ipv6/uip-nd6.c`. The ND protocol includes a message type called Router Solicitation (RS), which is used to locate routers and update their address information via the SLLAO (Source Link-Layer Address Option). If the indicated source address changes, a given neighbor entry is set to the STALE state.\n\nThe message handler does not check for RS messages with an SLLAO that indicates a link-layer address change that a neighbor entry can actually be created for the indicated address. The resulting pointer is used without a check, leading to the dereference of a NULL pointer of type `uip_ds6_nbr_t`.\n\nThe problem has been patched in the `develop` branch of Contiki-NG, and will be included in the upcoming 4.9 release. As a workaround, users can apply Contiki-NG pull request #2271 to patch the problem directly. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31129 |
CVE-2023-31133 | Ghost is an app for new-media creators with tools to build a website, publish content, send newsletters, and offer paid subscriptions to members. Prior to version 5.46.1, due to a lack of validation when filtering on the public API endpoints, it is possible to reveal private fields via a brute force attack.\n\nGhost(Pro) has already been patched. Maintainers can find no evidence that the issue was exploited on Ghost(Pro) prior to the patch being added. Self-hosters are impacted if running Ghost a version below v5.46.1. v5.46.1 contains a fix for this issue. As a workaround, add a block for requests to `/ghost/api/content/*` where the `filter` query parameter contains `password` or `email`. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31133 |
CVE-2023-31140 | OpenProject is open source project management software. Starting with version 7.4.0 and prior to version 12.5.4, when a user registers and confirms their first two-factor authentication (2FA) device for an account, existing logged in sessions for that user account are not terminated. Likewise, if an administrators creates a mobile phone 2FA device on behalf of a user, their existing sessions are not terminated. The issue has been resolved in OpenProject version 12.5.4 by actively terminating sessions of user accounts having registered and confirmed a 2FA device. As a workaround, users who register the first 2FA device on their account can manually log out to terminate all other active sessions. This is the default behavior of OpenProject but might be disabled through a configuration option. Double check that this option is not overridden if one plans to employ the workaround. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31140 |
CVE-2023-31141 | OpenSearch is open-source software suite for search, analytics, and observability applications. Prior to versions 1.3.10 and 2.7.0, there is an issue with the implementation of fine-grained access control rules (document-level security, field-level security and field masking) where they are not correctly applied to the queries during extremely rare race conditions potentially leading to incorrect access authorization. For this issue to be triggered, two concurrent requests need to land on the same instance exactly when query cache eviction happens, once every four hours. OpenSearch 1.3.10 and 2.7.0 contain a fix for this issue. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31141 |
CVE-2023-31178 | AgilePoint NX v8.0 SU2.2 & SU2.3 – Arbitrary File Delete Vulnerability allows arbitrary file deletion, by an unspecified request.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31178 |
CVE-2023-31179 | AgilePoint NX v8.0 SU2.2 & SU2.3 - Path traversal - Vulnerability allows path traversal and downloading files from the server, by an unspecified request.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31179 |
CVE-2023-31180 | \nWJJ Software - InnoKB Server, InnoKB/Console 2.2.1 - Reflected cross-site scripting (RXSS) through an unspecified request.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31180 |
CVE-2023-31181 | \nWJJ Software - InnoKB Server, InnoKB/Console 2.2.1 - CWE-22: Path Traversal\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31181 |
CVE-2023-31182 | \n EasyTor Applications – Authorization Bypass - EasyTor Applications may allow authorization bypass via unspecified method.\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31182 |
CVE-2023-31183 | \n Cybonet PineApp Mail Secure A reflected cross-site scripting (XSS) vulnerability was identified in the product, using an unspecified endpoint.\n\n\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31183 |
CVE-2023-23894 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Surbma Surbma | GDPR Proof Cookie Consent & Notice Bar plugin <= 17.5.3 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23894 |
CVE-2023-24376 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Nico Graff WP Simple Events plugin <= 1.0 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24376 |
CVE-2023-22710 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in chilidevs Return and Warranty Management System for WooCommerce plugin <= 1.2.3 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22710 |
CVE-2023-22813 | A device API endpoint was missing access controls on Western Digital My Cloud OS 5 Mobile App on Android, iOS, Western Digital My Cloud Home Mobile App on iOS, Android, SanDIsk ibi Mobile App on Android, iOS, Western Digital WD Cloud Mobile App on Android, iOS, Western Digital My Cloud OS 5 Web App, Western Digital My Cloud Home Web App, SanDisk ibi Web App and the Western Digital WD Web App. Due to a permissive CORS policy and missing authentication requirement for private IPs, a remote attacker on the same network as the device could obtain device information by convincing a victim user to visit an attacker-controlled server and issue a cross-site request.This issue affects My Cloud OS 5 Mobile App: through 4.21.0; My Cloud Home Mobile App: through 4.21.0; ibi Mobile App: through 4.21.0; WD Cloud Mobile App: through 4.21.0; My Cloud OS 5 Web App: through 4.26.0-6126; My Cloud Home Web App: through 4.26.0-6126; ibi Web App: through 4.26.0-6126; WD Web App: through 4.26.0-6126.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22813 |
CVE-2023-28762 | SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker with administrator privileges to get the login token of any logged-in BI user over the network without any user interaction. The attacker can impersonate any user on the platform resulting into accessing and modifying data. The attacker can also make the system partially or entirely unavailable.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28762 |
CVE-2023-28764 | SAP BusinessObjects Platform - versions 420, 430, Information design tool transmits sensitive information as cleartext in the binaries over the network. This could allow an unauthenticated attacker with deep knowledge to gain sensitive information such as user credentials and domain names, which may have a low impact on confidentiality and no impact on the integrity and availability of the system.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28764 |
CVE-2023-29188 | SAP CRM WebClient UI - versions SAPSCORE 129, S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. After successful exploitation, an attacker with user level access can read and modify some sensitive information but cannot delete the data.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29188 |
CVE-2021-31239 | An issue found in SQLite SQLite3 v.3.35.4 that allows a remote attacker to cause a denial of service via the appendvfs.c function. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-31239 |
CVE-2022-38685 | In bluetooth service, there is a possible missing permission check. This could lead to local denial of service in bluetooth service with no additional execution privileges needed. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-38685 |
CVE-2022-39089 | In mlog service, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-39089 |
CVE-2022-44419 | In modem, there is a possible missing verification of NAS Security Mode Command Replay Attacks in LTE. This could local denial of service with no additional execution privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-44419 |
CVE-2022-44420 | In modem, there is a possible missing verification of HashMME value in Security Mode Command. This could local denial of service with no additional execution privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-44420 |
CVE-2022-44433 | In phoneEx service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-44433 |
CVE-2022-47334 | In phasecheck server, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-47334 |
CVE-2022-47340 | In h265 codec firmware, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-47340 |
CVE-2022-47469 | In ext4fsfilter driver, there is a possible out of bounds read due to a missing bounds check. This could local denial of service with System execution privileges needed. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-47469 |
CVE-2022-47470 | In ext4fsfilter driver, there is a possible out of bounds read due to a missing bounds check. This could local denial of service with System execution privileges needed. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-47470 |
CVE-2022-47485 | In modem control device, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-47485 |
CVE-2022-47486 | In ext4fsfilter driver, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-47486 |
CVE-2022-47487 | In thermal service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service local denial of service with no additional execution privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-47487 |
CVE-2022-47488 | In spipe drive, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-47488 |
CVE-2022-47489 | In soter service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-47489 |
CVE-2022-47490 | In soter service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-47490 |
CVE-2022-47491 | In soter service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-47491 |
CVE-2022-47492 | In soter service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-47492 |
CVE-2022-47493 | In soter service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-47493 |
CVE-2022-47494 | In soter service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-47494 |
CVE-2022-47495 | In soter service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-47495 |
CVE-2022-47496 | In soter service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-47496 |
CVE-2022-47497 | In soter service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-47497 |
CVE-2022-47498 | In soter service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-47498 |
CVE-2022-47499 | In soter service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-47499 |
CVE-2022-48231 | In soter service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48231 |
CVE-2022-48232 | In FM service , there is a possible missing params check. This could lead to local denial of service in FM service . | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48232 |
CVE-2022-48233 | In FM service , there is a possible missing params check. This could lead to local denial of service in FM service . | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48233 |
CVE-2022-48234 | In FM service , there is a possible missing params check. This could lead to local denial of service in FM service . | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48234 |
CVE-2022-48235 | In MP3 encoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48235 |
CVE-2022-48236 | In MP3 encoder, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48236 |
CVE-2022-48237 | In Image filter, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48237 |
CVE-2022-48238 | In Image filter, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48238 |
CVE-2022-48239 | In camera driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48239 |
CVE-2022-48240 | In camera driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48240 |
CVE-2022-48241 | In telephony service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48241 |
CVE-2022-48242 | In telephony service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48242 |
CVE-2022-48243 | In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48243 |
CVE-2022-48244 | In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48244 |
CVE-2022-48245 | In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48245 |
CVE-2022-48246 | In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48246 |
CVE-2022-48247 | In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48247 |
CVE-2022-48248 | In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48248 |
CVE-2022-48249 | In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48249 |
CVE-2022-48250 | In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48250 |
CVE-2022-48368 | In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48368 |
CVE-2022-48369 | In audio service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48369 |
CVE-2022-48370 | In dialer service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48370 |
CVE-2022-48371 | In dialer service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48371 |
CVE-2022-48372 | In bootcp service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48372 |
CVE-2022-48373 | In tee service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48373 |
CVE-2022-48374 | In tee service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48374 |
CVE-2022-48375 | In contacts service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48375 |
CVE-2022-48376 | In dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48376 |
CVE-2022-48377 | In dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48377 |
CVE-2022-48378 | In engineermode service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48378 |
CVE-2022-48379 | In dialer service, there is a possible missing permission check. This could lead to local denial of service with no additional execution privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48379 |
CVE-2022-48380 | In modem control device, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48380 |
CVE-2022-48381 | In modem control device, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48381 |
CVE-2022-48382 | In log service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48382 |
CVE-2022-48383 | .In srtd service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48383 |
CVE-2022-48384 | In srtd service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48384 |
CVE-2022-48385 | In cp_dump driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48385 |
CVE-2022-48386 | the apipe driver, there is a possible use after free due to a logic error. This could lead to local denial of service with System execution privileges needed. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48386 |
CVE-2022-48387 | the apipe driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48387 |
CVE-2022-48388 | In powerEx service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48388 |
CVE-2022-48389 | In modem control device, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48389 |
CVE-2023-29092 | An issue was discovered in Exynos Mobile Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, and Exynos 1080. Binding of a wrong resource can occur due to improper handling of parameters while binding a network interface. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29092 |
CVE-2023-30740 | SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker to access sensitive information which is otherwise restricted. On successful exploitation, there could be a high impact on confidentiality, limited impact on integrity and availability of the application.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30740 |
CVE-2023-30741 | Due to insufficient input validation, SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an unauthenticated attacker to redirect users to untrusted site using a malicious link. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30741 |
CVE-2023-30742 | SAP CRM (WebClient UI) - versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, WEBCUIF 700, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS) vulnerability.An attacker could store a malicious URL and lure the victim to click, causing the script supplied by the attacker to execute in the victim user's session. The information from the victim's session could then be modified or read by the attacker.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30742 |
CVE-2023-30743 | Due to improper neutralization of input in SAPUI5 - versions SAP_UI 750, SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, UI_700 200, sap.m.FormattedText SAPUI5 control allows injection of untrusted CSS. This blocks user’s interaction with the application. Further, in the absence of URL validation by the application, the vulnerability could lead to the attacker reading or modifying user’s information through phishing attack.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30743 |
CVE-2023-30744 | In SAP AS NetWeaver JAVA - versions SERVERCORE 7.50, J2EE-FRMW 7.50, CORE-TOOLS 7.50, an unauthenticated attacker can attach to an open interface and make use of an open naming and directory API to instantiate an object which has methods which can be called without further authorization and authentication. A subsequent call to one of these methods can read or change the state of existing services without any effect on availability.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30744 |
CVE-2023-31404 | Under certain conditions, SAP BusinessObjects Business Intelligence Platform (Central Management Service) - versions 420, 430, allows an attacker to access information which would otherwise be restricted. Some users with specific privileges could have access to credentials of other users. It could let them access data sources which would otherwise be restricted.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31404 |
CVE-2023-31406 | Due to insufficient input validation, SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an unauthenticated attacker to redirect users to untrusted site using a malicious link. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality and integrity of the application.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31406 |
CVE-2023-31407 | SAP Business Planning and Consolidation - versions 740, 750, allows an authorized attacker to upload a malicious file, resulting in Cross-Site Scripting vulnerability. After successful exploitation, an attacker can cause limited impact on confidentiality and integrity of the application.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31407 |
CVE-2023-32111 | In SAP PowerDesigner (Proxy) - version 16.7, an attacker can send a crafted request from a remote host to the proxy machine and crash the proxy server, due to faulty implementation of memory management causing a memory corruption. This leads to a high impact on availability of the application.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-32111 |
CVE-2023-32112 | Vendor Master Hierarchy - versions SAP_APPL 500, SAP_APPL 600, SAP_APPL 602, SAP_APPL 603, SAP_APPL 604, SAP_APPL 605, SAP_APPL 606, SAP_APPL 616, SAP_APPL 617, SAP_APPL 618, S4CORE 100, does not perform necessary authorization checks for an authenticated user to access some of its function. This could lead to modification of data impacting the integrity of the system.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-32112 |
CVE-2023-32113 | SAP GUI for Windows - version 7.70, 8.0, allows an unauthorized attacker to gain NTLM authentication information of a victim by tricking it into clicking a prepared shortcut file. Depending on the authorizations of the victim, the attacker can read and modify potentially sensitive information after successful exploitation.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-32113 |
CVE-2021-44283 | A buffer overflow in the component /Enclave.cpp of Electronics and Telecommunications Research Institute ShieldStore commit 58d455617f99705f0ffd8a27616abdf77bdc1bdc allows attackers to cause an information leak via a crafted structure from an untrusted operating system. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-44283 |
CVE-2022-4537 | The Hide My WP Ghost – Security Plugin plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 5.0.18. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the X-Forwarded-For header with with a different IP Address that will be logged and can be used to bypass settings that may have blocked out an IP address from logging in. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-4537 |
CVE-2023-30237 | CyberGhostVPN Windows Client before v8.3.10.10015 was discovered to contain a DLL injection vulnerability via the component Dashboard.exe. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30237 |
CVE-2023-2590 | Missing Authorization in GitHub repository answerdev/answer prior to 1.0.9. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2590 |
CVE-2023-23863 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Black and White Digital Ltd TreePress – Easy Family Trees & Ancestor Profiles plugin <= 2.0.22 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23863 |
CVE-2022-41640 | Auth. (subscriber+) Stored Cross-Site Scripting (XSS) vulnerability in Rymera Web Co Wholesale Suite plugin <= 2.1.5 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-41640 |
CVE-2023-23664 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ConvertBox ConvertBox Auto Embed WordPress plugin <= 1.0.19 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23664 |
CVE-2023-23793 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Eightweb Interactive Read More Without Refresh plugin <= 3.1 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23793 |
CVE-2023-2591 | Code Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.7. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2591 |
CVE-2023-23732 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joel James Disqus Conditional Load plugin <= 11.0.6 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23732 |
CVE-2023-23733 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joel James Lazy Social Comments plugin <= 2.0.4 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23733 |
CVE-2023-23734 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in David Voswinkel Userlike – WordPress Live Chat plugin <= 2.2 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23734 |
CVE-2023-23862 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Vertical scroll recent post plugin <= 14.0 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23862 |
CVE-2023-23883 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in David Gwyer WP Content Filter plugin <= 3.0.1 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23883 |
CVE-2023-23884 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Kanban for WordPress Kanban Boards for WordPress plugin <= 2.5.20 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23884 |
CVE-2023-24372 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in USB Memory Direct Simple Custom Author Profiles plugin <= 1.0.0 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24372 |
CVE-2022-46822 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in JC Development Team WooCommerce JazzCash Gateway Plugin plugin <= 2.0 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-46822 |
CVE-2022-46844 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in PixelGrade PixFields plugin <= 0.7.0 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-46844 |
CVE-2022-46858 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Amin A.Rezapour Product Specifications for Woocommerce plugin <= 0.6.0 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-46858 |
CVE-2022-46864 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Umair Saleem Woocommerce Custom Checkout Fields Editor With Drag & Drop plugin <= 0.1 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-46864 |
CVE-2023-23647 | Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in Sk. Abul Hasan Team Member – Team with Slider plugin <= 4.4 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23647 |
CVE-2023-2594 | A vulnerability, which was classified as critical, was found in SourceCodester Food Ordering Management System 1.0. Affected is an unknown function of the component Registration. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-228396. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2594 |
CVE-2023-2595 | A vulnerability has been found in SourceCodester Billing Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file ajax_service.php of the component POST Parameter Handler. The manipulation of the argument drop_services leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228397 was assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2595 |
CVE-2023-2596 | A vulnerability was found in SourceCodester Online Reviewer System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /reviewer/system/system/admins/manage/users/user-update.php of the component GET Parameter Handler. The manipulation of the argument user_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-228398 is the identifier assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2596 |
CVE-2023-31126 | `org.xwiki.commons:xwiki-commons-xml` is an XML library used by the open-source wiki platform XWiki. The HTML sanitizer, introduced in version 14.6-rc-1, allows the injection of arbitrary HTML code and thus cross-site scripting via invalid data attributes. This vulnerability does not affect restricted cleaning in HTMLCleaner as there attributes are cleaned and thus characters like `/` and `>` are removed in all attribute names. This problem has been patched in XWiki 14.10.4 and 15.0 RC1 by making sure that data attributes only contain allowed characters. There are no known workarounds apart from upgrading to a version including the fix. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31126 |
CVE-2023-31972 | yasm v1.3.0 was discovered to contain a use after free via the function pp_getline at /nasm/nasm-pp.c. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31972 |
CVE-2023-31974 | yasm v1.3.0 was discovered to contain a use after free via the function error at /nasm/nasm-pp.c. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31974 |
CVE-2023-31975 | yasm v1.3.0 was discovered to contain a memory leak via the function yasm_intnum_copy at /libyasm/intnum.c. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31975 |
CVE-2023-29460 | An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow potentially resulting in a complete loss of confidentiality, integrity, and availability.\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29460 |
CVE-2023-29461 | An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow in the heap. \n\n potentially resulting in a complete loss of confidentiality, integrity, and availability.\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29461 |
CVE-2023-29462 | An arbitrary code execution vulnerability contained in Rockwell Automation's Arena Simulation software was reported that could potentially allow a malicious user to commit unauthorized arbitrary code to the software by using a memory buffer overflow in the heap. \n\n potentially resulting in a complete loss of confidentiality, integrity, and availability.\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-29462 |
CVE-2023-31134 | Tauri is software for building applications for multi-platform deployment. The Tauri IPC is usually strictly isolated from external websites, but in versions 1.0.0 until 1.0.9, 1.1.0 until 1.1.4, and 1.2.0 until 1.2.5, the isolation can be bypassed by redirecting an existing Tauri window to an external website. This is either possible by an application implementing a feature for users to visit\narbitrary websites or due to a bug allowing the open redirect. This allows the external website access to the IPC layer and therefore to all configured and exposed Tauri API endpoints and application specific implemented Tauri commands. This issue has been patched in versions 1.0.9, 1.1.4, and 1.2.5. As a workaround, prevent arbitrary input in redirect features and/or only allow trusted websites access to the IPC. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31134 |
CVE-2023-31136 | PostgresNIO is a Swift client for PostgreSQL. Any user of PostgresNIO prior to version 1.14.2 connecting to servers with TLS enabled is vulnerable to a man-in-the-middle attacker injecting false responses to the client's first few queries, despite the use of TLS certificate verification and encryption. The vulnerability is addressed in PostgresNIO versions starting from 1.14.2. There are no known workarounds for unpatched users. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31136 |
CVE-2023-31137 | MaraDNS is open-source software that implements the Domain Name System (DNS). In version 3.5.0024 and prior, a remotely exploitable integer underflow vulnerability in the DNS packet decompression function allows an attacker to cause a Denial of Service by triggering an abnormal program termination.\n\nThe vulnerability exists in the `decomp_get_rddata` function within the `Decompress.c` file. When handling a DNS packet with an Answer RR of qtype 16 (TXT record) and any qclass, if the `rdlength` is smaller than `rdata`, the result of the line `Decompress.c:886` is a negative number `len = rdlength - total;`. This value is then passed to the `decomp_append_bytes` function without proper validation, causing the program to attempt to allocate a massive chunk of memory that is impossible to allocate. Consequently, the program exits with an error code of 64, causing a Denial of Service.\n\nOne proposed fix for this vulnerability is to patch `Decompress.c:887` by breaking `if(len <= 0)`, which has been incorporated in version 3.5.0036 via commit bab062bde40b2ae8a91eecd522e84d8b993bab58. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31137 |
CVE-2023-31973 | yasm v1.3.0 was discovered to contain a use after free via the function expand_mmac_params at /nasm/nasm-pp.c. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31973 |
CVE-2023-31976 | libming v0.4.8 was discovered to contain a stack buffer overflow via the function makeswf_preprocess at /util/makeswf_utils.c. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31976 |
CVE-2023-31979 | Catdoc v0.95 was discovered to contain a global buffer overflow via the function process_file at /src/reader.c. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31979 |
CVE-2023-31981 | Sngrep v1.6.0 was discovered to contain a stack buffer overflow via the function packet_set_payload at /src/packet.c. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31981 |
CVE-2023-31982 | Sngrep v1.6.0 was discovered to contain a heap buffer overflow via the function capture_packet_reasm_ip at /src/capture.c. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31982 |
CVE-2023-31138 | DHIS2 Core contains the service layer and Web API for DHIS2, an information system for data capture. Starting in the 2.36 branch and prior to versions 2.37.9.1, 2.38.3.1, and 2.39.1.2, using object model traversal in the payload of a PATCH request, authenticated users with write access to an object may be able to modify related objects that they should not have access to. DHIS2 implementers should upgrade to a supported version of DHIS2 to receive a patch: 2.37.9.1, 2.38.3.1, or 2.39.1.2. It is possible to work around this issue by blocking all PATCH requests on a reverse proxy, but this may cause some issues with the functionality of built-in applications using legacy PATCH requests. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31138 |
CVE-2023-31139 | DHIS2 Core contains the service layer and Web API for DHIS2, an information system for data capture. Starting in the 2.37 branch and prior to versions 2.37.9.1, 2.38.3.1, and 2.39.1.2, Personal Access Tokens (PATs) generate unrestricted session cookies. This may lead to a bypass of other access restrictions (for example, based on allowed IP addresses or HTTP methods). DHIS2 implementers should upgrade to a supported version of DHIS2: 2.37.9.1, 2.38.3.1, or 2.39.1.2. Implementers can work around this issue by adding extra access control validations on a reverse proxy. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31139 |
CVE-2023-31143 | mage-ai is an open-source data pipeline tool for transforming and integrating data. Those who use Mage starting in version 0.8.34 and prior to 0.8.72 with user authentication enabled may be affected by a vulnerability. The terminal could be accessed by users who are not signed in or do not have editor permissions. Version 0.8.72 contains a fix for this issue. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31143 |
CVE-2023-32060 | DHIS2 Core contains the service layer and Web API for DHIS2, an information system for data capture. Starting in the 2.35 branch and prior to versions 2.36.13, 2.37.8, 2.38.2, and 2.39.0, when the Category Option Combination Sharing settings are configured to control access to specific tracker program events or program stages, the `/trackedEntityInstances` and `/events` API endpoints may include all events regardless of the sharing settings applied to the category option combinations. When this specific configuration is present, users may have access to events which they should not be able to see based on the sharing settings of the category options. The events will not appear in the user interface for web-based Tracker Capture or Capture applications, but if the Android Capture App is used they will be displayed to the user. Versions 2.36.13, 2.37.8, 2.38.2, and 2.39.0 contain a fix for this issue. No workaround is known. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-32060 |
CVE-2020-18280 | Cross Site Scripting vulnerability found in Phodal CMD v.1.0 allows a local attacker to execute arbitrary code via the EMBED SRC function. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-18280 |
CVE-2020-23362 | Insecure Permissons vulnerability found in Shop_CMS YerShop all versions allows a remote attacker to escalate privileges via the cover_id parameter. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-23362 |
CVE-2020-23363 | Cross Site Request Forgery (CSRF) vulnerability found in Verytops Verydows all versions that allows an attacker to execute arbitrary code via a crafted script. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-23363 |
CVE-2021-31240 | An issue found in libming v.0.4.8 allows a local attacker to execute arbitrary code via the parseSWF_IMPORTASSETS function in the parser.c file. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-31240 |
CVE-2021-31711 | Cross Site Scripting vulnerability found in Trippo ResponsiveFilemanager v.9.14.0 and before allows a remote attacker to execute arbitrary code via the sort_by parameter in the dialog.php file. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-31711 |
CVE-2023-30083 | Buffer Overflow vulnerability found in Libming swftophp v.0.4.8 allows a local attacker to cause a denial of service via the newVar_N in util/decompile.c. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30083 |
CVE-2023-30084 | An issue found in libming swftophp v.0.4.8 allows a local attacker to cause a denial of service via the stackVal function in util/decompile.c. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30084 |
CVE-2023-30085 | Buffer Overflow vulnerability found in Libming swftophp v.0.4.8 allows a local attacker to cause a denial of service via the cws2fws function in util/decompile.c. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30085 |
CVE-2023-30086 | Buffer Overflow vulnerability found in Libtiff V.4.0.7 allows a local attacker to cause a denial of service via the tiffcp function in tiffcp.c. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30086 |
CVE-2023-30087 | Buffer Overflow vulnerability found in Cesanta MJS v.1.26 allows a local attacker to cause a denial of service via the mjs_mk_string function in mjs.c. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30087 |
CVE-2023-30088 | An issue found in Cesanta MJS v.1.26 allows a local attacker to cause a denial of service via the mjs_execute function in mjs.c. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30088 |
CVE-2023-31144 | Craft CMS is a content management system. Starting in version 3.0.0 and prior to versions 3.8.4 and 4.4.4, a malformed title in the feed widget can deliver a cross-site scripting payload. This issue is fixed in version 3.8.4 and 4.4.4. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31144 |
CVE-2023-31476 | An issue was discovered on GL.iNet devices running firmware before 3.216. There is an arbitrary file write in which an empty file can be created almost anywhere on the filesystem, as long as the filename and path is no more than 6 characters (the working directory is /www). | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31476 |
CVE-2023-31489 | An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_capability_llgr() function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31489 |
CVE-2023-31490 | An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_attr_psid_sub() function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31490 |
CVE-2023-31799 | Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the system annnouncements parameter. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31799 |
CVE-2023-31800 | Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the forum title parameter. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31800 |
CVE-2023-31801 | Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skills wheel parameter. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31801 |
CVE-2023-31802 | Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skype and linedin_url parameters. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31802 |
CVE-2023-31803 | Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the resource sequencing parameters. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31803 |
CVE-2023-31804 | Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the course category parameters. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31804 |
CVE-2023-31805 | Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local authenticated attacker to execute arbitrary code via the homepage function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31805 |
CVE-2023-31806 | Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via a crafted payload to the My Progress function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31806 |
CVE-2023-31807 | Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via a crafted payload to the personal notes function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31807 |
CVE-2023-32066 | Time Tracker is an open source time tracking system. The week view plugin in Time Tracker versions 1.22.11.5782 and prior was not escaping titles for notes in week view table. Because of that, it was possible for a logged in user to enter notes with elements of JavaScript. Such script could then be executed in user browser on subsequent requests to week view. This issue is fixed in version 1.22.12.5783. As a workaround, use `htmlspecialchars` when calling `$field->setTitle` on line #245 in the `week.php` file, as happens in version 1.22.12.5783. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-32066 |
CVE-2023-32069 | XWiki Platform is a generic wiki platform. Starting in version 3.3-milestone-2 and prior to versions 14.10.4 and 15.0-rc-1, it's possible for a user to execute anything with the right of the author of the XWiki.ClassSheet document. This has been patched in XWiki 15.0-rc-1 and 14.10.4. There are no known workarounds. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-32069 |
CVE-2023-32071 | XWiki Platform is a generic wiki platform. Starting in versions 2.2-milestone-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, it's possible to execute javascript with the right of any user by leading him to a special URL on the wiki targeting a page which contains an attachment. This has been patched in XWiki 15.0-rc-1, 14.10.4, and 14.4.8. The easiest possible workaround is to edit file `<xwiki app>/templates/importinline.vm` and apply the modification described in commit 28905f7f518cc6f21ea61fe37e9e1ed97ef36f01. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-32071 |
CVE-2023-20046 | A vulnerability in the key-based SSH authentication feature of Cisco StarOS Software could allow an authenticated, remote attacker to elevate privileges on an affected device.\r\n\r This vulnerability is due to insufficient validation of user-supplied credentials. An attacker could exploit this vulnerability by sending a valid low-privileged SSH key to an affected device from a host that has an IP address that is configured as the source for a high-privileged user account. A successful exploit could allow the attacker to log in to the affected device through SSH as a high-privileged user.\r\n\r There are workarounds that address this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20046 |
CVE-2023-20098 | A vulnerability in the CLI of Cisco SDWAN vManage Software could allow an authenticated, local attacker to delete arbitrary files.\r\n\r This vulnerability is due to improper filtering of directory traversal character sequences within system commands. An attacker with administrative privileges could exploit this vulnerability by running a system command containing directory traversal character sequences to target an arbitrary file. A successful exploit could allow the attacker to delete arbitrary files from the system, including files owned by root. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20098 |
CVE-2023-2609 | NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2609 |
CVE-2023-31472 | An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31472 |
CVE-2023-31474 | An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to inject arbitrary parameters in a request to cause opkg to obtain a list of files in a specific directory, by using the regex feature in a package name. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31474 |
CVE-2021-26354 | Insufficient bounds checking in ASP may allow an\nattacker to issue a system call from a compromised ABL which may cause\narbitrary memory values to be initialized to zero, potentially leading to a\nloss of integrity.\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2021-26354 |
CVE-2021-26356 | A TOCTOU in ASP bootloader may allow an attacker\nto tamper with the SPI ROM following data read to memory potentially resulting\nin S3 data corruption and information disclosure.\n\n\n\n\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2021-26356 |
CVE-2021-26365 | Certain size values in firmware binary headers\ncould trigger out of bounds reads during signature validation, leading to\ndenial of service or potentially limited leakage of information about\nout-of-bounds memory contents.\n\n\n\n\n\n\n\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2021-26365 |
CVE-2021-26371 | A compromised or malicious ABL or UApp could\nsend a SHA256 system call to the bootloader, which may result in exposure of\nASP memory to userspace, potentially leading to information disclosure.\n\n\n\n\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2021-26371 |
CVE-2021-26379 | Insufficient input validation of mailbox data in the\nSMU may allow an attacker to coerce the SMU to corrupt SMRAM, potentially\nleading to a loss of integrity and privilege escalation.\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2021-26379 |
CVE-2021-26397 | Insufficient address validation, may allow an\nattacker with a compromised ABL and UApp to corrupt sensitive memory locations\npotentially resulting in a loss of integrity or availability.\n\n\n\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2021-26397 |
CVE-2021-26406 | Insufficient validation in parsing Owner's\nCertificate Authority (OCA) certificates in SEV (AMD Secure Encrypted Virtualization)\nand SEV-ES user application can lead to a host crash potentially resulting in\ndenial of service.\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2021-26406 |
CVE-2021-46749 | Insufficient bounds checking in ASP (AMD Secure\nProcessor) may allow for an out of bounds read in SMI (System Management\nInterface) mailbox checksum calculation triggering a data abort, resulting in a\npotential denial of service.\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2021-46749 |
CVE-2021-46753 | Failure to validate the length fields of the ASP\n(AMD Secure Processor) sensor fusion hub headers may allow an attacker with a\nmalicious Uapp or ABL to map the ASP sensor fusion hub region and overwrite\ndata structures leading to a potential loss of confidentiality and integrity.\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2021-46753 |
CVE-2021-46762 | Insufficient input validation in the SMU may\nallow an attacker to corrupt SMU SRAM potentially leading to a loss of\nintegrity or denial of service.\n\n\n\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2021-46762 |
CVE-2021-46763 | Insufficient input validation in the SMU may\nenable a privileged attacker to write beyond the intended bounds of a shared\nmemory buffer potentially leading to a loss of integrity.\n\n\n\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2021-46763 |
CVE-2021-46764 | Improper validation of DRAM addresses in SMU may\nallow an attacker to overwrite sensitive memory locations within the ASP\npotentially resulting in a denial of service.\n\n\n\n\n\n\n\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2021-46764 |
CVE-2021-46769 | Insufficient syscall input validation in the ASP\nBootloader may allow a privileged attacker to execute arbitrary DMA copies,\nwhich can lead to code execution. \n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2021-46769 |
CVE-2021-46775 | Improper input validation in ABL may enable an\nattacker with physical access, to perform arbitrary memory overwrites,\npotentially leading to a loss of integrity and code execution.\n\n\n\n \n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2021-46775 |
CVE-2022-23818 | Insufficient input validation on the model\nspecific register: VM_HSAVE_PA may potentially lead to loss of SEV-SNP guest\nmemory integrity.\n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2022-23818 |
CVE-2023-20520 | Improper access control settings in ASP\nBootloader may allow an attacker to corrupt the return address causing a\nstack-based buffer overrun potentially leading to arbitrary code execution.\n\n\n\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20520 |
CVE-2023-20524 | An attacker with a compromised ASP could\npossibly send malformed commands to an ASP on another CPU, resulting in an out\nof bounds write, potentially leading to a loss a loss of integrity.\n\n\n\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20524 |
CVE-2021-46754 | Insufficient input validation in the ASP (AMD\nSecure Processor) bootloader may allow an attacker with a compromised Uapp or\nABL to coerce the bootloader into exposing sensitive information to the SMU\n(System Management Unit) resulting in a potential loss of confidentiality and\nintegrity.\n\n\n\n\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2021-46754 |
CVE-2021-46755 | Failure to unmap certain SysHub mappings in\nerror paths of the ASP (AMD Secure Processor) bootloader may allow an attacker\nwith a malicious bootloader to exhaust the SysHub resources resulting in a\npotential denial of service.\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2021-46755 |
CVE-2021-46756 | Insufficient validation of inputs in\nSVC_MAP_USER_STACK in the ASP (AMD Secure Processor) bootloader may allow an\nattacker with a malicious Uapp or ABL to send malformed or invalid syscall to\nthe bootloader resulting in a potential denial of service and loss of\nintegrity.\n\n\n\n\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2021-46756 |
CVE-2021-46759 | Improper syscall input validation in AMD TEE\n(Trusted Execution Environment) may allow an attacker with physical access and\ncontrol of a Uapp that runs under the bootloader to reveal the contents of the\nASP (AMD Secure Processor) bootloader accessible memory to a serial port,\nresulting in a potential loss of integrity.\n\n\n\n\n\n\n\n\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2021-46759 |
CVE-2021-46760 | A malicious or compromised UApp or ABL can send\na malformed system call to the bootloader, which may result in an out-of-bounds\nmemory access that may potentially lead to an attacker leaking sensitive\ninformation or achieving code execution.\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2021-46760 |
CVE-2021-46765 | Insufficient input validation in ASP may allow\nan attacker with a compromised SMM to induce out-of-bounds memory reads within\nthe ASP, potentially leading to a denial of service.\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2021-46765 |
CVE-2021-46773 | Insufficient input validation in ABL may enable\na privileged attacker to corrupt ASP memory, potentially resulting in a loss of\nintegrity or code execution.\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2021-46773 |
CVE-2021-46792 | Time-of-check Time-of-use (TOCTOU) in the\nBIOS2PSP command may allow an attacker with a malicious BIOS to create a race\ncondition causing the ASP bootloader to perform out-of-bounds SRAM reads upon\nan S3 resume event potentially leading to a denial of service.\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2021-46792 |
CVE-2021-46794 | Insufficient bounds checking in ASP (AMD Secure\nProcessor) may allow for an out of bounds read in SMI (System Management\nInterface) mailbox checksum calculation triggering a data abort, resulting in a\npotential denial of service.\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2021-46794 |
CVE-2023-30056 | A session takeover vulnerability exists in FICO Origination Manager Decision Module 4.8.1 due to insufficient protection of the JSESSIONID cookie. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30056 |
CVE-2023-30057 | Multiple stored cross-site scripting (XSS) vulnerabilities in FICO Origination Manager Decision Module 4.8.1 allow attackers to execute arbitrary web scripts or HTML via a crafted payload. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30057 |
CVE-2023-28125 | An improper authentication vulnerability exists in Avalanche Premise versions 6.3.x and below that could allow an attacker to gain access to the server by registering to receive messages from the server and perform an authentication bypass. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28125 |
CVE-2023-28126 | An authentication bypass vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to gain access by exploiting the SetUser method or can exploit the Race Condition in the authentication message. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28126 |
CVE-2023-28127 | A path traversal vulnerability exists in Avalanche version 6.3.x and below that when exploited could result in possible information disclosure. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28127 |
CVE-2023-28128 | An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28128 |
CVE-2023-28316 | A security vulnerability has been discovered in the implementation of 2FA on the rocket.chat platform, where other active sessions are not invalidated upon activating 2FA. This could potentially allow an attacker to maintain access to a compromised account even after 2FA is enabled. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28316 |
CVE-2023-28317 | A vulnerability has been discovered in Rocket.Chat, where editing messages can change the original timestamp, causing the UI to display messages in an incorrect order. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28317 |
CVE-2023-28318 | A vulnerability has been discovered in Rocket.Chat, where messages can be hidden regardless of the Message_KeepHistory or Message_ShowDeletedStatus server configuration. This allows users to bypass the intended message deletion behavior, hiding messages and deletion notices. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28318 |
CVE-2023-2156 | A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of proper handling of user-supplied data, which can lead to an assertion failure. This may allow an unauthenticated remote attacker to create a denial of service condition on the system. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2156 |
CVE-2023-2610 | Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2610 |
CVE-2023-31478 | An issue was discovered on GL.iNet devices before 3.216. An API endpoint reveals information about the Wi-Fi configuration, including the SSID and key. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31478 |