Security Bulletin 19 July 2023

Published on 19 Jul 2023 | Updated on 19 Jul 2023

SingCERT's Security Bulletin summarises the list of vulnerabilities collated from the National Institute of Standards and Technology (NIST)'s National Vulnerability Database (NVD) in the past week.

The vulnerabilities are tabled based on severity, in accordance to their CVSSv3 base scores:

Criticalvulnerabilities with a base score of 9.0 to 10.0
Highvulnerabilities with a base score of 7.0 to 8.9
Mediumvulnerabilities with a base score of 4.0 to 6.9
Lowvulnerabilities with a base score of 0.1 to 3.9
Nonevulnerabilities with a base score of 0.0

For those vulnerabilities without assigned CVSS scores, please visit NVD for the updated CVSS vulnerability entries.

CRITICAL VULNERABILITIES
CVE NumberDescriptionBase ScoreReference
CVE-2023-29130A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.5). Affected device consists of improper access controls in the configuration files that leads to privilege escalation. An attacker could gain admin access with this vulnerability leading to complete device control.10https://nvd.nist.gov/vuln/detail/CVE-2023-29130
CVE-2023-29131A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.5). Affected device consists of an incorrect default value in the SSH configuration. This could allow an attacker to bypass network isolation.10https://nvd.nist.gov/vuln/detail/CVE-2023-29131
CVE-2023-1547Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Elra Parkmatik allows SQL Injection through SOAP Parameter Tampering, Command Line Execution through SQL Injection.This issue affects Parkmatik: before 02.01-a51.\n\n10https://nvd.nist.gov/vuln/detail/CVE-2023-1547
CVE-2021-42001PingID Desktop prior to 1.7.3 has a misconfiguration in the encryption libraries which can lead to sensitive data exposure. An attacker capable of exploiting this vulnerability may be able to successfully complete an MFA challenge via OTP.9.9https://nvd.nist.gov/vuln/detail/CVE-2021-42001
CVE-2023-36460Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 3.5.0 and prior to versions 3.5.9, 4.0.5, and 4.1.3, attackers using carefully crafted media files can cause Mastodon's media processing code to create arbitrary files at any location. This allows attackers to create and overwrite any file Mastodon has access to, allowing Denial of Service and arbitrary Remote Code Execution. Versions 3.5.9, 4.0.5, and 4.1.3 contain a patch for this issue.9.9https://nvd.nist.gov/vuln/detail/CVE-2023-36460
CVE-2023-3342The User Registration plugin for WordPress is vulnerable to arbitrary file uploads due to a hardcoded encryption key and missing file type validation on the 'ur_upload_profile_pic' function in versions up to, and including, 3.0.2. This makes it possible for authenticated attackers with subscriber-level capabilities or above to upload arbitrary files on the affected site's server which may make remote code execution possible. This was partially patched in version 3.0.2 and fully patched in version 3.0.2.1.9.9https://nvd.nist.gov/vuln/detail/CVE-2023-3342
CVE-2019-1937A vulnerability in the web-based management interface of Cisco Integrated Management Controller (IMC) Supervisor, Cisco UCS Director, and Cisco UCS Director Express for Big Data could allow an unauthenticated, remote attacker to acquire a valid session token with administrator privileges, bypassing user authentication. The vulnerability is due to insufficient request header validation during the authentication process. An attacker could exploit this vulnerability by sending a series of malicious requests to an affected device. An exploit could allow the attacker to use the acquired session token to gain full administrator access to the affected device.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-1937
CVE-2019-5997Video Insight VMS versions prior to 7.6.1 allow remote attackers to conduct code injection attacks via unspecified vectors.\r\n9.8https://nvd.nist.gov/vuln/detail/CVE-2019-5997
CVE-2022-22963In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-22963
CVE-2022-23459Jsonxx or Json++ is a JSON parser, writer and reader written in C++. In affected versions of jsonxx use of the Value class may lead to memory corruption via a double free or via a use after free. The value class has a default assignment operator which may be used with pointer types which may point to alterable data where the pointer itself is not updated. This issue exists on the current commit of the jsonxx project. The project itself has been archived and updates are not expected. Users are advised to find a replacement.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-23459
CVE-2022-39243NuProcess is an external process execution implementation for Java. In all the versions of NuProcess where it forks processes by using the JVM's Java_java_lang_UNIXProcess_forkAndExec method (1.2.0+), attackers can use NUL characters in their strings to perform command line injection. Java's ProcessBuilder isn't vulnerable because of a check in ProcessBuilder.start. NuProcess is missing that check. This vulnerability can only be exploited to inject command line arguments on Linux. Version 2.0.5 contains a patch. As a workaround, users of the library can sanitize command strings to remove NUL characters prior to passing them to NuProcess for execution.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-39243
CVE-2022-39266isolated-vm is a library for nodejs which gives the user access to v8's Isolate interface. In versions 4.3.6 and prior, if the untrusted v8 cached data is passed to the API through CachedDataOptions, attackers can bypass the sandbox and run arbitrary code in the nodejs process. As of time of publication, there are no known fixed versions or workarounds.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-39266
CVE-2022-39237syslabs/sif is the Singularity Image Format (SIF) reference implementation. In versions prior to 2.8.1the `github.com/sylabs/sif/v2/pkg/integrity` package did not verify that the hash algorithm(s) used are cryptographically secure when verifying digital signatures. A patch is available in version >= v2.8.1 of the module. Users are encouraged to upgrade. Users unable to upgrade may independently validate that the hash algorithm(s) used for metadata digest(s) and signature hash are cryptographically secure.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-39237
CVE-2022-39892Improper access control in Samsung Pass prior to version 4.0.05.1 allows attackers to unauthenticated access via keep open feature.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-39892
CVE-2022-44808A command injection vulnerability has been found on D-Link DIR-823G devices with firmware version 1.02B03 that allows an attacker to execute arbitrary operating system commands through well-designed /HNAP1 requests. Before the HNAP API function can process the request, the system function executes an untrusted command that triggers the vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-44808
CVE-2021-40342In the DES implementation, the affected product versions use a default key for encryption. Successful exploitation allows an attacker to obtain sensitive information and gain access to the network elements that are managed by the affected products versions. This issue affects * FOXMAN-UN product: FOXMAN-UN R16A, FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B, FOXMAN-UN R11A, FOXMAN-UN R10C, FOXMAN-UN R9C; * UNEM product: UNEM R16A, UNEM R15B, UNEM R15A, UNEM R14B, UNEM R14A, UNEM R11B, UNEM R11A, UNEM R10C, UNEM R9C. List of CPEs: * cpe:2.3:a:hitachienergy:foxman-un:R16A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:foxman-un:R9C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R16A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R15A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R14A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11B:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R11A:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R10C:*:*:*:*:*:*:* * cpe:2.3:a:hitachienergy:unem:R9C:*:*:*:*:*:*:*9.8https://nvd.nist.gov/vuln/detail/CVE-2021-40342
CVE-2023-23513A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.2, macOS Monterey 12.6.3, macOS Big Sur 11.7.3. Mounting a maliciously crafted Samba network share may lead to arbitrary code execution.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-23513
CVE-2023-0090The webservices in Proofpoint Enterprise Protection (PPS/POD) contain a vulnerability that allows for an anonymous user to execute remote code through 'eval injection'. Exploitation requires network access to the webservices API, but such access is a non-standard configuration. This affects all versions 8.20.0 and below.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-0090
CVE-2023-28862An issue was discovered in LemonLDAP::NG before 2.16.1. Weak session ID generation in the AuthBasic handler and incorrect failure handling during a password check allow attackers to bypass 2FA verification. Any plugin that tries to deny session creation after the store step does not deny an AuthBasic session.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-28862
CVE-2023-27953The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, macOS Ventura 13.3. A remote user may be able to cause unexpected system termination or corrupt kernel memory9.8https://nvd.nist.gov/vuln/detail/CVE-2023-27953
CVE-2023-32569An issue was discovered in Veritas InfoScale Operations Manager (VIOM) before 7.4.2.800 and 8.x before 8.0.410. The InfoScale VIOM web application is vulnerable to SQL Injection in some of the areas of the application. This allows attackers (who must have admin credentials) to submit arbitrary SQL commands on the back-end database to create, read, update, or delete any sensitive data stored in the database.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-32569
CVE-2023-33246For RocketMQ versions 5.1.0 and below, under certain conditions, there is a risk of remote command execution. \n\nSeveral components of RocketMQ, including NameServer, Broker, and Controller, are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as. Additionally, an attacker can achieve the same effect by forging the RocketMQ protocol content. \n\nTo prevent these attacks, users are recommended to upgrade to version 5.1.1 or above for using RocketMQ 5.x or 4.9.6 or above for using RocketMQ 4.x .\n\n\n\n\n\n\n\n\n\n\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-33246
CVE-2023-20892The vCenter Server contains a heap overflow vulnerability due to the usage of uninitialized memory in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit heap-overflow vulnerability to execute arbitrary code on the underlying operating system that hosts vCenter Server.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-20892
CVE-2023-20893The VMware vCenter Server contains a use-after-free vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may exploit this issue to execute arbitrary code on the underlying operating system that hosts vCenter Server.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-20893
CVE-2023-20894The VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bound write by sending a specially crafted packet leading to memory corruption.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-20894
CVE-2023-20895The VMware vCenter Server contains a memory corruption vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger a memory corruption vulnerability which may bypass authentication.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-20895
CVE-2023-3326pam_krb5 authenticates a user by essentially running kinit with the password, getting a ticket-granting ticket (tgt) from the Kerberos KDC (Key Distribution Center) over the network, as a way to verify the password. However, if a keytab is not provisioned on the system, pam_krb5 has no way to validate the response from the KDC, and essentially trusts the tgt provided over the network as being valid. In a non-default FreeBSD installation that leverages pam_krb5 for authentication and does not have a keytab provisioned, an attacker that is able to control both the password and the KDC responses can return a valid tgt, allowing authentication to occur for any user on the system.\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-3326
CVE-2023-3128Grafana is validating Azure AD accounts based on the email claim. \n\nOn Azure AD, the profile email field is not unique and can be easily modified. \n\nThis leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app. \n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-3128
CVE-2023-32387A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. A remote attacker may be able to cause unexpected app termination or arbitrary code execution9.8https://nvd.nist.gov/vuln/detail/CVE-2023-32387
CVE-2023-35797Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Hive Provider.\nThis issue affects Apache Airflow Apache Hive Provider: before 6.1.1.\n\nBefore version 6.1.1 it was possible to bypass the security check to RCE via\nprincipal parameter. For this to be exploited it requires access to modifying the connection details.\n\nIt is recommended updating provider version to 6.1.1 in order to avoid this vulnerability.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-35797
CVE-2023-26258Arcserve UDP through 9.0.6034 allows authentication bypass. The method getVersionInfo at WebServiceImpl/services/FlashServiceImpl leaks the AuthUUID token. This token can be used at /WebServiceImpl/services/VirtualStandbyServiceImpl to obtain a valid session. This session can be used to execute any task as administrator.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-26258
CVE-2023-30990IBM i 7.2, 7.3, 7.4, and 7.5 could allow a remote attacker to execute CL commands as QUSER, caused by an exploitation of DDM architecture. IBM X-Force ID: 254036.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-30990
CVE-2023-3460The Ultimate Member WordPress plugin before 2.6.7 does not prevent visitors from creating user accounts with arbitrary capabilities, effectively allowing attackers to create administrator accounts at will. This is actively being exploited in the wild.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-3460
CVE-2023-36665protobuf.js (aka protobufjs) 6.10.0 through 7.x before 7.2.4 allows Prototype Pollution, a different vulnerability than CVE-2022-25878. A user-controlled protobuf message can be used by an attacker to pollute the prototype of Object.prototype by adding and overwriting its data and functions. Exploitation can involve: (1) using the function parse to parse protobuf messages on the fly, (2) loading .proto files by using load/loadSync functions, or (3) providing untrusted input to the functions ReflectionObject.setParsedOption and util.setProperty. NOTE: this CVE Record is about "Object.constructor.prototype.<new-property> = ...;" whereas CVE-2022-25878 was about "Object.__proto__.<new-property> = ...;" instead.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-36665
CVE-2023-27390A heap-based buffer overflow vulnerability exists in the Sequence::DrawText functionality of Diagon v1.0.139. A specially crafted markdown file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-27390
CVE-2023-31194An improper array index validation vulnerability exists in the GraphPlanar::Write functionality of Diagon v1.0.139. A specially crafted markdown file can lead to memory corruption. A victim would need to open a malicious file to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-31194
CVE-2023-34338AMI SPx contains a vulnerability in the BMC where an Attacker may cause a use of hard-coded cryptographic key by a hard-coded certificate. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability. 9.8https://nvd.nist.gov/vuln/detail/CVE-2023-34338
CVE-2022-46080Nexxt Nebula 1200-AC 15.03.06.60 allows authentication bypass and command execution by using the HTTPD service to enable TELNET.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-46080
CVE-2021-46894Use After Free (UAF) vulnerability in the uinput module.Successful exploitation of this vulnerability may lead to kernel privilege escalation.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-46894
CVE-2022-48510Input verification vulnerability in the AMS module. Successful exploitation of this vulnerability will cause unauthorized operations.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-48510
CVE-2022-48511Use After Free (UAF) vulnerability in the audio PCM driver module under special conditions. Successful exploitation of this vulnerability may cause audio features to perform abnormally.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-48511
CVE-2022-48512Use After Free (UAF) vulnerability in the Vdecoderservice service. Successful exploitation of this vulnerability may cause the image decoding feature to perform abnormally.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-48512
CVE-2022-48513Vulnerability of identity verification being bypassed in the Gallery module. Successful exploitation of this vulnerability may cause out-of-bounds access.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-48513
CVE-2023-37242Vulnerability of commands from the modem being intercepted in the atcmdserver module. Attackers may exploit this vulnerability to rewrite the non-volatile random-access memory (NVRAM), or facilitate the exploitation of other vulnerabilities.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-37242
CVE-2020-22336An issue was discovered in pdfcrack 0.17 thru 0.18, allows attackers to execute arbitrary code via a stack overflow in the MD5 function.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-22336
CVE-2023-36188An issue in langchain v.0.0.64 allows a remote attacker to execute arbitrary code via the PALChain parameter in the Python exec method.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-36188
CVE-2023-22653An OS command injection vulnerability exists in the vtysh_ubus tcpdump_start_cb functionality of Milesight UR32L v32.3.0.5. A specially crafted HTTP request can lead to command execution. An authenticated attacker can send an HTTP request to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-22653
CVE-2023-22844An authentication bypass vulnerability exists in the requestHandlers.js verifyToken functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to authentication bypass. An attacker can send a network request to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-22844
CVE-2023-23902A buffer overflow vulnerability exists in the uhttpd login functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to remote code execution. An attacker can send a network request to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-23902
CVE-2023-24018A stack-based buffer overflow vulnerability exists in the libzebra.so.0.0.0 security_decrypt_password functionality of Milesight UR32L v32.3.0.5. A specially crafted HTTP request can lead to a buffer overflow. An authenticated attacker can send an HTTP request to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-24018
CVE-2023-29381An issue in Zimbra Collaboration (ZCS) v.8.8.15 and v.9.0 allows a remote attacker to escalate privileges and obtain sensitive information via the password and 2FA parameters.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-29381
CVE-2023-29382An issue in Zimbra Collaboration ZCS v.8.8.15 and v.9.0 allows an attacker to execute arbitrary code via the sfdc_preauth.jsp component.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-29382
CVE-2023-3528A vulnerability was found in ThinuTech ThinuCMS 1.5. It has been rated as critical. Affected by this issue is some unknown functionality of the file /category.php. The manipulation of the argument cat_id leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-233252.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-3528
CVE-2023-33868\n\n\nThe number of login attempts is not limited. This could allow an attacker to perform a brute force on HTTP basic authentication.\n\n\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-33868
CVE-2023-35987\n\n\n\n\n\n\nPiiGAB M-Bus contains hard-coded credentials which it uses for authentication.\n\n\n\n\n\n\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-35987
CVE-2023-36859\nPiiGAB M-Bus \n\nSoftwarePack 900S\n\ndoes not correctly sanitize user input, which could allow an attacker to inject arbitrary commands.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-36859
CVE-2023-34433\n\n\n\n\n\n\n\n\n\n\n\n\nPiiGAB M-Bus stores passwords using a weak hash algorithm.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-34433
CVE-2023-34995\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nThere are no requirements for setting a complex password for PiiGAB M-Bus, which could contribute to a successful brute force attack if the password is inline with recommended password guidelines.\n\n\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-34995
CVE-2023-37144Tenda AC10 v15.03.06.26 was discovered to contain a command injection vulnerability via the mac parameter in the function formWriteFacMac.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-37144
CVE-2023-37145TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the hostname parameter in the setOpModeCfg function.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-37145
CVE-2023-37146TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the UploadFirmwareFile function.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-37146
CVE-2023-37148TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the ussd parameter in the setUssd function.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-37148
CVE-2023-37149TOTOLINK LR350 V9.3.5u.6369_B20220309 was discovered to contain a command injection vulnerability via the FileName parameter in the setUploadSetting function.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-37149
CVE-2023-27845SQL injection vulnerability found in PrestaShop lekerawen_ocs before v.1.4.1 allow a remote attacker to gain privileges via the KerawenHelper::setCartOperationInfo, and KerawenHelper::resetCheckoutSessionData components.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-27845
CVE-2023-36993The cryptographically insecure random number generator being used in TravianZ 8.3.4 and 8.3.3 in the password reset function allows an attacker to guess the password reset.parameters and to take over accounts.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-36993
CVE-2023-36994In TravianZ 8.3.4 and 8.3.3, Incorrect Access Control in the installation script allows an attacker to overwrite the server configuration and inject PHP code.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-36994
CVE-2023-37170TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain an unauthenticated remote code execution (RCE) vulnerability via the lang parameter in the setLanguageCfg function.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-37170
CVE-2023-37171TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the admuser parameter in the setPasswordCfg function.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-37171
CVE-2023-37172TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDiagnosisCfg function.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-37172
CVE-2023-37173TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the command parameter in the setTracerouteCfg function.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-37173
CVE-2023-37286SmartSoft SmartBPM.NET has a vulnerability of using hard-coded machine key. An unauthenticated remote attacker can use the machine key to send serialized payload to the server to execute arbitrary code and disrupt service.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-37286
CVE-2023-2046Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yontem Informatics Vehicle Tracking System allows SQL Injection.This issue affects Vehicle Tracking System: before 8.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-2046
CVE-2023-2852Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Softmed SelfPatron allows SQL Injection.This issue affects SelfPatron : before 2.0.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-2852
CVE-2023-37151Sourcecodester Online Pizza Ordering System v1.0 allows the upload of malicious PHP files resulting in Remote Code Execution (RCE).9.8https://nvd.nist.gov/vuln/detail/CVE-2023-37151
CVE-2023-37152Projectworlds Online Art Gallery Project 1.0 allows unauthenticated users to perform arbitrary file uploads via the adminHome.php page.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-37152
CVE-2023-3045Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tise Technology Parking Web Report allows SQL Injection.This issue affects Parking Web Report: before 2.1.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-3045
CVE-2023-3076The MStore API WordPress plugin before 3.9.9 does not prevent visitors from creating user accounts with the role of their choice via their wholesale REST API endpoint. This is only exploitable if the site owner paid to access the plugin's pro features.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-3076
CVE-2023-3077The MStore API WordPress plugin before 3.9.8 does not sanitise and escape a parameter before using it in a SQL statement, leading to a Blind SQL injection exploitable by unauthenticated users. This is only exploitable if the site owner elected to pay to get access to the plugins' pro features, and uses the woocommerce-appointments plugin.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-3077
CVE-2023-37700Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-37700
CVE-2023-37701Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the deviceId parameter in the addWifiMacFilter function.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-37701
CVE-2023-37702Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the deviceId parameter in the formSetDeviceName function.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-37702
CVE-2023-37703Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-37703
CVE-2023-37704Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the deviceId parameter in the formSetClientState function.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-37704
CVE-2023-37705Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the page parameter in the fromAddressNat function.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-37705
CVE-2023-37706Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the entrys parameter in the fromAddressNat function.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-37706
CVE-2023-37707Tenda FH1203 V2.0.1.6 was discovered to contain a stack overflow via the page parameter in the fromVirtualSer function.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-37707
CVE-2023-37710Tenda AC1206 V15.03.06.23 and AC10 V15.03.06.47 were discovered to contain a stack overflow in the wpapsk_crypto parameter in the fromSetWirelessRepeat function.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-37710
CVE-2023-37711Tenda AC1206 V15.03.06.23 and AC10 V15.03.06.47 were discovered to contain a stack overflow in the deviceId parameter in the saveParentControlInfo function.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-37711
CVE-2023-37712Tenda AC1206 V15.03.06.23, F1202 V1.2.0.20(408), and FH1202 V1.2.0.20(408) were discovered to contain a stack overflow in the page parameter in the fromSetIpBind function.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-37712
CVE-2016-15034A vulnerability was found in Dynacase Webdesk and classified as critical. Affected by this issue is the function freedomrss_search of the file freedomrss_search.php. The manipulation leads to sql injection. Upgrading to version 3.2-20180305 is able to address this issue. The patch is identified as 750a9b35af182950c952faf6ddfdcc50a2b25f8b. It is recommended to upgrade the affected component. VDB-233366 is the identifier assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2016-15034
CVE-2023-3599A vulnerability was found in SourceCodester Best Fee Management System 1.0. It has been rated as critical. Affected by this issue is the function save_user of the file admin_class.php of the component Add User Handler. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-233450 is the identifier assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-3599
CVE-2023-34347\n\n\n?Delta Electronics InfraSuite Device Master versions prior to 1.0.7 contains classes that cannot be deserialized, which could allow an attack to remotely execute arbitrary code. \n\n\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-34347
CVE-2023-30765\n?Delta Electronics InfraSuite Device Master versions prior to 1.0.7 contain improper access controls that could allow an attacker to alter privilege management configurations, resulting in privilege escalation.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-30765
CVE-2023-24489\nA vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated attacker to remotely compromise the customer-managed ShareFile storage zones controller.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-24489
CVE-2023-34561A buffer overflow in the level parsing code of RobTop Games AB Geometry Dash v2.113 allows attackers to execute arbitrary code via entering a Geometry Dash level.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-34561
CVE-2023-37656WebsiteGuide v0.2 is vulnerable to Remote Command Execution (RCE) via image upload.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-37656
CVE-2023-37659xalpha v0.11.4 is vulnerable to Remote Command Execution (RCE).9.8https://nvd.nist.gov/vuln/detail/CVE-2023-37659
CVE-2023-3617A vulnerability was found in SourceCodester Best POS Management System 1.0. It has been classified as critical. This affects an unknown part of the file admin_class.php of the component Login Page. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-233565 was assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-3617
CVE-2023-3619A vulnerability was found in SourceCodester AC Repair and Services System 1.0 and classified as critical. This issue affects some unknown processing of the file Master.php?f=save_service of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The identifier VDB-233573 was assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-3619
CVE-2023-26861SQL injection vulnerability found in PrestaShop vivawallet v.1.7.10 and before allows a remote attacker to gain privileges via the vivawallet() module.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-26861
CVE-2023-28001An insufficient session expiration in Fortinet FortiOS 7.0.0 - 7.0.12 and 7.2.0 - 7.2.4 allows an attacker to execute unauthorized code or commands via reusing the session of a deleted user in the REST API.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-28001
CVE-2023-32056Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability9.8https://nvd.nist.gov/vuln/detail/CVE-2023-32056
CVE-2023-32057Microsoft Message Queuing Remote Code Execution Vulnerability9.8https://nvd.nist.gov/vuln/detail/CVE-2023-32057
CVE-2023-33154Windows Partition Management Driver Elevation of Privilege Vulnerability9.8https://nvd.nist.gov/vuln/detail/CVE-2023-33154
CVE-2023-35365Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability9.8https://nvd.nist.gov/vuln/detail/CVE-2023-35365
CVE-2023-35366Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability9.8https://nvd.nist.gov/vuln/detail/CVE-2023-35366
CVE-2023-35367Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability9.8https://nvd.nist.gov/vuln/detail/CVE-2023-35367
CVE-2023-29300Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-29300
CVE-2023-2957Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Lisa Software Florist Site allows SQL Injection.This issue affects Florist Site: before 3.0.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-2957
CVE-2023-35070Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VegaGroup Web Collection allows SQL Injection.This issue affects Web Collection: before 31197.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-35070
CVE-2023-2963Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oliva Expertise Oliva Expertise EKS allows SQL Injection.This issue affects Oliva Expertise EKS: before 1.2.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-2963
CVE-2023-3376Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Digital Strategy Zekiweb allows SQL Injection.This issue affects Zekiweb: before 2.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-3376
CVE-2023-30319Cross Site Scripting (XSS) vulnerability in username field in /src/chatbotapp/LoginServlet.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute arbitrary code.9.6https://nvd.nist.gov/vuln/detail/CVE-2023-30319
CVE-2023-37277XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The REST API allows executing all actions via POST requests and accepts `text/plain`, `multipart/form-data` or `application/www-form-urlencoded` as content types which can be sent via regular HTML forms, thus allowing cross-site request forgery. With the interaction of a user with programming rights, this allows remote code execution through script macros and thus impacts the integrity, availability and confidentiality of the whole XWiki installation. For regular cookie-based authentication, the vulnerability is mitigated by SameSite cookie restrictions but as of March 2023, these are not enabled by default in Firefox and Safari. The vulnerability has been patched in XWiki 14.10.8 and 15.2 by requiring a CSRF token header for certain request types that are susceptible to CSRF attacks.\n\n9.6https://nvd.nist.gov/vuln/detail/CVE-2023-37277
CVE-2023-2746The Rockwell Automation Enhanced HIM software contains \n\nan API that the application uses that is not protected sufficiently and uses incorrect Cross-Origin Resource Sharing (CORS) settings and, as a result, is vulnerable to a Cross Site Request Forgery (CSRF) attack. To exploit this vulnerability, a malicious user would have to convince a user to click on an untrusted link through a social engineering attack or successfully perform a Cross Site Scripting Attack (XSS). Exploitation of a CSRF could potentially lead to sensitive information disclosure and full remote access to the affected products.\n\n\n\n\n9.6https://nvd.nist.gov/vuln/detail/CVE-2023-2746
CVE-2023-33150Microsoft Office Security Feature Bypass Vulnerability9.6https://nvd.nist.gov/vuln/detail/CVE-2023-33150
CVE-2023-33987An unauthenticated attacker in SAP Web Dispatcher - versions WEBDISP 7.49, WEBDISP 7.53, WEBDISP 7.54, WEBDISP 7.77, WEBDISP 7.81, WEBDISP 7.85, WEBDISP 7.88, WEBDISP 7.89, WEBDISP 7.90, KERNEL 7.49, KERNEL 7.53, KERNEL 7.54 KERNEL 7.77, KERNEL 7.81, KERNEL 7.85, KERNEL 7.88, KERNEL 7.89, KERNEL 7.90, KRNL64NUC 7.49, KRNL64UC 7.49, KRNL64UC 7.53, HDB 2.00, XS_ADVANCED_RUNTIME 1.00, SAP_EXTENDED_APP_SERVICES 1, can submit a malicious crafted request over a network to a front-end server which may, over several attempts, result in a back-end server confusing the boundaries of malicious and legitimate messages. This can result in the back-end server executing a malicious payload which can be used to read or modify information on the server or make it temporarily unavailable.\n\n9.4https://nvd.nist.gov/vuln/detail/CVE-2023-33987
CVE-2023-35871The SAP Web Dispatcher - versions WEBDISP 7.53, WEBDISP 7.54, WEBDISP 7.77, WEBDISP 7.85, WEBDISP 7.89, WEBDISP 7.91, WEBDISP 7.92, WEBDISP 7.93, KERNEL 7.53, KERNEL 7.54 KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KRNL64UC 7.53, HDB 2.00, XS_ADVANCED_RUNTIME 1.00, SAP_EXTENDED_APP_SERVICES 1, has a vulnerability that can be exploited by an unauthenticated attacker to cause memory corruption through logical errors in memory management this may leads to information disclosure or system crashes, which can have low impact on confidentiality and high impact on the integrity and availability of the system.\n\n9.4https://nvd.nist.gov/vuln/detail/CVE-2023-35871
CVE-2023-27958The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, macOS Ventura 13.3. A remote user may be able to cause unexpected system termination or corrupt kernel memory9.1https://nvd.nist.gov/vuln/detail/CVE-2023-27958
CVE-2023-3455Key management vulnerability on system. Successful exploitation of this vulnerability may affect service availability and integrity.9.1https://nvd.nist.gov/vuln/detail/CVE-2023-3455
CVE-2023-37240\nVulnerability of missing input length verification in the distributed file system. Successful exploitation of this vulnerability may cause out-of-bounds read.\n\n9.1https://nvd.nist.gov/vuln/detail/CVE-2023-37240
CVE-2023-37245Buffer overflow vulnerability in the modem pinctrl module. Successful exploitation of this vulnerability may affect the integrity and availability of the modem.9.1https://nvd.nist.gov/vuln/detail/CVE-2023-37245
CVE-2021-32495Radare2 has a use-after-free vulnerability in pyc parser's get_none_object function. Attacker can read freed memory afterwards. This will allow attackers to cause denial of service.\n\n9.1https://nvd.nist.gov/vuln/detail/CVE-2021-32495
CVE-2023-37287SmartBPM.NET has a vulnerability of using hard-coded authentication key. An unauthenticated remote attacker can exploit this vulnerability to access system with regular user privilege to read application data, and execute submission and approval processes.9.1https://nvd.nist.gov/vuln/detail/CVE-2023-37287
CVE-2023-3605A vulnerability was found in PHPGurukul Online Shopping Portal 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Registration Page. The manipulation leads to improper restriction of excessive authentication attempts. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-233467.9.1https://nvd.nist.gov/vuln/detail/CVE-2023-3605
CVE-2023-30320Cross Site Scripting (XSS) vulnerability in textMessage field in /src/chatbotapp/chatWindow.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute arbitrary code.9https://nvd.nist.gov/vuln/detail/CVE-2023-30320
CVE-2023-30321Cross Site Scripting (XSS) vulnerability in textMessage field in /src/chatbotapp/LoginServlet.java in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute arbitrary code.9https://nvd.nist.gov/vuln/detail/CVE-2023-30321
CVE-2023-34192Cross Site Scripting vulnerability in Zimbra ZCS v.8.8.15 allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft function.9https://nvd.nist.gov/vuln/detail/CVE-2023-34192
CVE-2023-21974Vulnerability in the Application Express Team Calendar Plugin product of Oracle Application Express (component: User Account). Supported versions that are affected are Application Express Team Calendar Plugin: 18.2-22.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Application Express Team Calendar Plugin. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Application Express Team Calendar Plugin, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Application Express Team Calendar Plugin. CVSS 3.1 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H).9https://nvd.nist.gov/vuln/detail/CVE-2023-21974
CVE-2023-21975Vulnerability in the Application Express Customers Plugin product of Oracle Application Express (component: User Account). Supported versions that are affected are Application Express Customers Plugin: 18.2-22.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Application Express Customers Plugin. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Application Express Customers Plugin, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Application Express Customers Plugin. CVSS 3.1 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H).9https://nvd.nist.gov/vuln/detail/CVE-2023-21975

OTHER VULNERABILITIES
CVE NumberDescriptionBase ScoreReference
CVE-2021-34619The WooCommerce Stock Manager WordPress plugin is vulnerable to Cross-Site Request Forgery leading to Arbitrary File Upload in versions up to, and including, 2.5.7 due to missing nonce and file validation in the /woocommerce-stock-manager/trunk/admin/views/import-export.php file.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-34619
CVE-2021-36908Cross-Site Request Forgery (CSRF) vulnerability in WebFactory Ltd. WP Reset PRO plugin <= 5.98 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-36908
CVE-2022-23623Frourio is a full stack framework, for TypeScript. Frourio users who uses frourio version prior to v0.26.0 and integration with class-validator through `validators/` folder are subject to a input validation vulnerability. Validators do not work properly for request bodies and queries in specific situations and some input is not validated at all. Users are advised to update frourio to v0.26.0 or later and to install `class-transformer` and `reflect-metadata`.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-23623
CVE-2022-23624Frourio-express is a minimal full stack framework, for TypeScript. Frourio-express users who uses frourio-express version prior to v0.26.0 and integration with class-validator through `validators/` folder are subject to a input validation vulnerability. Validators do not work properly for request bodies and queries in specific situations and some input is not validated at all. Users are advised to update frourio to v0.26.0 or later and to install `class-transformer` and `reflect-metadata`.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-23624
CVE-2022-23626m1k1o/blog is a lightweight self-hosted facebook-styled PHP blog. Errors from functions `imagecreatefrom*` and `image*` have not been checked properly. Although PHP issued warnings and the upload function returned `false`, the original file (that could contain a malicious payload) was kept on the disk. Users are advised to upgrade as soon as possible. There are no known workarounds for this issue.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-23626
CVE-2021-40360A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1), SIMATIC WinCC V15 and earlier (All versions < V15 SP1 Update 7), SIMATIC WinCC V16 (All versions < V16 Update 5), SIMATIC WinCC V17 (All versions < V17 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 19), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 6). The password hash of a local user account in the remote server could be granted via public API to a user on the affected system. An authenticated attacker could brute force the password hash and use it to login to the server.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-40360
CVE-2022-24715Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Authenticated users, with access to the configuration, can create SSH resource files in unintended directories, leading to the execution of arbitrary code. This issue has been resolved in versions 2.8.6, 2.9.6 and 2.10 of Icinga Web 2. Users unable to upgrade should limit access to the Icinga Web 2 configuration.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-24715
CVE-2022-2636Improper Control of Generation of Code ('Code Injection') in GitHub repository hestiacp/hestiacp prior to 1.6.6.\n\n8.8https://nvd.nist.gov/vuln/detail/CVE-2022-2636
CVE-2022-39286Jupyter Core is a package for the core common functionality of Jupyter projects. Jupyter Core prior to version 4.11.2 contains an arbitrary code execution vulnerability in `jupyter_core` that stems from `jupyter_core` executing untrusted files in CWD. This vulnerability allows one user to run code as another. Version 4.11.2 contains a patch for this issue. There are no known workarounds.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-39286
CVE-2022-4700The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_activate_required_theme' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to activate the 'royal-elementor-kit' theme. If no such theme is installed doing so can also impact site availability as the site attempts to load a nonexistent theme.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-4700
CVE-2022-23498Grafana is an open-source platform for monitoring and observability. When datasource query caching is enabled, Grafana caches all headers, including `grafana_session`. As a result, any user that queries a datasource where the caching is enabled can acquire another user’s session. To mitigate the vulnerability you can disable datasource query caching for all datasources. This issue has been patched in versions 9.2.10 and 9.3.4.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-23498
CVE-2022-24894Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The Symfony HTTP cache system, acts as a reverse proxy: It caches entire responses (including headers) and returns them to the clients. In a recent change in the `AbstractSessionListener`, the response might contain a `Set-Cookie` header. If the Symfony HTTP cache system is enabled, this response might bill stored and return to the next clients. An attacker can use this vulnerability to retrieve the victim's session. This issue has been patched and is available for branch 4.4.\n8.8https://nvd.nist.gov/vuln/detail/CVE-2022-24894
CVE-2022-24895Symfony is a PHP framework for web and console applications and a set of reusable PHP components. When authenticating users Symfony by default regenerates the session ID upon login, but preserves the rest of session attributes. Because this does not clear CSRF tokens upon login, this might enables same-site attackers to bypass the CSRF protection mechanism by performing an attack similar to a session-fixation. This issue has been fixed in the 4.4 branch. \n\n8.8https://nvd.nist.gov/vuln/detail/CVE-2022-24895
CVE-2023-27253A command injection vulnerability in the function restore_rrddata() of Netgate pfSense v2.7.0 allows authenticated attackers to execute arbitrary commands via manipulating the contents of an XML file supplied to the component config.xml.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-27253
CVE-2023-27934A memory initialization issue was addressed. This issue is fixed in macOS Ventura 13.3. A remote user may be able to cause unexpected app termination or arbitrary code execution8.8https://nvd.nist.gov/vuln/detail/CVE-2023-27934
CVE-2023-27935The issue was addressed with improved bounds checks. This issue is fixed in macOS Big Sur 11.7.5, macOS Monterey 12.6.4, macOS Ventura 13.3. A remote user may be able to cause unexpected app termination or arbitrary code execution8.8https://nvd.nist.gov/vuln/detail/CVE-2023-27935
CVE-2023-3217Use after free in WebXR in Google Chrome prior to 114.0.5735.133 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-3217
CVE-2023-31999All versions of @fastify/oauth2 used a statically generated state parameter at startup time and were used across all requests for all users. The purpose of the Oauth2 state parameter is to prevent Cross-Site-Request-Forgery attacks. As such, it should be unique per user and should be connected to the user's session in some way that will allow the server to validate it.\r\n\r\nv7.2.0 changes the default behavior to store the state in a cookie with the http-only and same-site=lax attributes set. The state is now by default generated for every user. Note that this contains a breaking change in the checkStateFunction function, which now accepts the full Request object.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-31999
CVE-2023-37201An attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-37201
CVE-2023-37202Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-37202
CVE-2023-37211Memory safety bugs present in Firefox 114, Firefox ESR 102.12, and Thunderbird 102.12. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-37211
CVE-2023-34337\nAMI SPx contains a vulnerability in the BMC where a user may cause an inadequate encryption strength by hash-based message authentication code (HMAC). A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability. \n\n\n\n8.8https://nvd.nist.gov/vuln/detail/CVE-2023-34337
CVE-2023-34473\nAMI SPx contains a vulnerability in the BMC where a valid user may cause a use of hard-coded credentials. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability. \n\n8.8https://nvd.nist.gov/vuln/detail/CVE-2023-34473
CVE-2023-36813Kanboard is project management software that focuses on the Kanban methodology. In versions prior to 1.2.31authenticated user is able to perform a SQL Injection, leading to a privilege escalation or loss of confidentiality. It appears that in some insert and update operations, the code improperly uses the PicoDB library to update/insert new information. Version 1.2.31 contains a fix for this issue.\n8.8https://nvd.nist.gov/vuln/detail/CVE-2023-36813
CVE-2023-36821Uptime Kuma, a self-hosted monitoring tool, allows an authenticated attacker to install a maliciously crafted plugin in versions prior to 1.22.1, which may lead to remote code execution. Uptime Kuma allows authenticated users to install plugins from an official list of plugins. This feature is currently disabled in the web interface, but the corresponding API endpoints are still available after login. After downloading a plugin, it's installed by calling `npm install` in the installation directory of the plugin. Because the plugin is not validated against the official list of plugins or installed with `npm install --ignore-scripts`, a maliciously crafted plugin taking advantage of npm scripts can gain remote code execution. Version 1.22.1 contains a patch for this issue.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-36821
CVE-2020-21861File upload vulnerability in DuxCMS 2.1 allows attackers to execute arbitrary php code via duxcms/AdminUpload/upload.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-21861
CVE-2023-35937Metersphere is an open source continuous testing platform. In versions prior to 2.10.2 LTS, some key APIs in Metersphere lack permission checks. This allows ordinary users to execute APIs that can only be executed by space administrators or project administrators. For example, ordinary users can be updated as space administrators. Version 2.10.2 LTS has a patch for this issue.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-35937
CVE-2023-24519Two OS command injection vulnerability exist in the vtysh_ubus toolsh_excute.constprop.1 functionality of Milesight UR32L v32.3.0.5. A specially-crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is in the ping tool utility.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-24519
CVE-2023-24520Two OS command injection vulnerability exist in the vtysh_ubus toolsh_excute.constprop.1 functionality of Milesight UR32L v32.3.0.5. A specially-crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is in the trace tool utility.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-24520
CVE-2023-24582Two OS command injection vulnerabilities exist in the urvpn_client cmd_name_action functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This OS command injection is triggered through a TCP packet.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-24582
CVE-2023-24583Two OS command injection vulnerabilities exist in the urvpn_client cmd_name_action functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to arbitrary command execution. An attacker can send a network request to trigger these vulnerabilities.This OS command injection is triggered through a UDP packet.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-24583
CVE-2023-36969CMS Made Simple v2.2.17 is vulnerable to Remote Command Execution via the File Upload Function.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-36969
CVE-2023-34193File Upload vulnerability in Zimbra ZCS 8.8.15 allows an authenticated privileged user to execute arbitrary code and obtain sensitive information via the ClientUploader function.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-34193
CVE-2023-35120\nPiiGAB M-Bus is vulnerable to cross-site request forgery. An attacker who wants to execute a certain command could send a phishing mail to the owner of the device and hope that the owner clicks on the link. If the owner of the device has a cookie stored that allows the owner to be logged in, then the device could execute the GET or POST link request.\n\n8.8https://nvd.nist.gov/vuln/detail/CVE-2023-35120
CVE-2023-25201Cross Site Request Forgery (CSRF) vulnerability in MultiTech Conduit AP MTCAP2-L4E1 MTCAP2-L4E1-868-042A v.6.0.0 allows a remote attacker to execute arbitrary code via a crafted script upload.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-25201
CVE-2023-33664ai-dev aicombinationsonfly before v0.3.1 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-33664
CVE-2023-37261OpenComputers is a Minecraft mod that adds programmable computers and robots to the game. This issue affects every version of OpenComputers with the Internet Card feature enabled; that is, OpenComputers 1.2.0 until 1.8.3 in their most common, default configurations. If the OpenComputers mod is installed as part of a Minecraft server hosted on a popular cloud hosting provider, such as AWS, GCP and Azure, those metadata services' API endpoints are not forbidden (aka "blacklisted") by default. As such, any player can gain access to sensitive information exposed via those metadata servers, potentially allowing them to pivot or privilege escalate into the hosting provider. In addition, IPv6 addresses are not correctly filtered at all, allowing broader access into the local IPv6 network. This can allow a player on a server using an OpenComputers computer to access parts of the private IPv4 address space, as well as the whole IPv6 address space, in order to retrieve sensitive information.\n\nOpenComputers v1.8.3 for Minecraft 1.7.10 and 1.12.2 contains a patch for this issue. Some workarounds are also available. One may disable the Internet Card feature completely. If using OpenComputers 1.3.0 or above, using the allow list (`opencomputers.internet.whitelist` option) will prohibit connections to any IP addresses and/or domains not listed; or one may add entries to the block list (`opencomputers.internet.blacklist` option). More information about mitigations is available in the GitHub Security Advisory.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-37261
CVE-2023-37262CC: Tweaked is a mod for Minecraft which adds programmable computers, turtles, and more to the game. Prior to versions 1.20.1-1.106.0, 1.19.4-1.106.0, 1.19.2-1.101.3, 1.18.2-1.101.3, and 1.16.5-1.101.3, if the cc-tweaked plugin is running on a Minecraft server hosted on a popular cloud hosting providers, like AWS, GCP, and Azure, those metadata services API endpoints are not forbidden (aka "blacklisted") by default. As such, any player can gain access to sensitive information exposed via those metadata servers, potentially allowing them to pivot or privilege escalate into the hosting provider. Versions 1.20.1-1.106.0, 1.19.4-1.106.0, 1.19.2-1.101.3, 1.18.2-1.101.3, and 1.16.5-1.101.3 contain a fix for this issue.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-37262
CVE-2023-37270Piwigo is open source photo gallery software. Prior to version 13.8.0, there is a SQL Injection vulnerability in the login of the administrator screen. The SQL statement that acquires the HTTP Header `User-Agent` is vulnerable at the endpoint that records user information when logging in to the administrator screen. It is possible to execute arbitrary SQL statements. Someone who wants to exploit the vulnerability must be log in to the administrator screen, even with low privileges. Any SQL statement can be executed. Doing so may leak information from the database. Version 13.8.0 contains a fix for this issue. As another mitigation, those who want to execute a SQL statement verbatim with user-enterable parameters should be sure to escape the parameter contents appropriately.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-37270
CVE-2023-1597The tagDiv Cloud Library WordPress plugin before 2.7 does not have authorisation and CSRF in an AJAX action accessible to both unauthenticated and authenticated users, allowing unauthenticated users to change arbitrary user metadata, which could lead to privilege escalation by setting themselves as an admin of the blog.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-1597
CVE-2023-22673Cross-Site Request Forgery (CSRF) vulnerability in MageNet Website Monetization by MageNet plugin <= 1.0.29.1 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-22673
CVE-2023-22694Cross-Site Request Forgery (CSRF) vulnerability in Arian Khosravi, Norik Davtian BigContact Contact Page plugin <= 1.5.8 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-22694
CVE-2023-22695Cross-Site Request Forgery (CSRF) vulnerability in Hiroaki Miyashita Custom Field Template plugin <= 2.5.8 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-22695
CVE-2023-23787Cross-Site Request Forgery (CSRF) vulnerability in Premmerce Premmerce Redirect Manager plugin <= 1.0.9 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-23787
CVE-2023-23804Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Feed plugin <= 1.2.7 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-23804
CVE-2023-23869Cross-Site Request Forgery (CSRF) vulnerability in Amit Agarwal Google XML Sitemap for Mobile plugin <= 1.6.1 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-23869
CVE-2023-23897Cross-Site Request Forgery (CSRF) vulnerability in Ozette Plugins Simple Mobile URL Redirect plugin <= 1.7.2 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-23897
CVE-2023-23993Cross-Site Request Forgery (CSRF) vulnerability in LionScripts.Com LionScripts: IP Blocker Lite plugin <= 11.1.1 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-23993
CVE-2023-24395Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Contact Form 7 Redirect & Thank You Page plugin <= 1.0.3 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-24395
CVE-2023-24405Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Contact Form 7 – PayPal & Stripe Add-on plugin <= 1.9.3 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-24405
CVE-2023-25478Cross-Site Request Forgery (CSRF) vulnerability in Jason Rouet Weather Station plugin <= 3.8.12 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-25478
CVE-2023-27867IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code via JNDI Injection. By sending a specially crafted request using the property clientRerouteServerListJNDIName, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 249514.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-27867
CVE-2023-27868IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked class instantiation when providing plugin classes. By sending a specially crafted request using the named pluginClassName class, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 249516.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-27868
CVE-2023-27869IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked logger injection. By sending a specially crafted request using the named traceFile property, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 249517.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-27869
CVE-2023-28986Cross-Site Request Forgery (CSRF) vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager plugin <= 2.9.20 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-28986
CVE-2023-28989Cross-Site Request Forgery (CSRF) vulnerability in weDevs Happy Addons for Elementor plugin <= 3.8.2 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-28989
CVE-2023-28995Cross-Site Request Forgery (CSRF) vulnerability in Keith Solomon Configurable Tag Cloud (CTC) plugin <= 5.2 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-28995
CVE-2023-2234Union variant confusion allows any malicious BT controller to execute arbitrary code on the Zephyr host.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-2234
CVE-2023-35912Cross-Site Request Forgery (CSRF) vulnerability in WP Zone Potent Donations for WooCommerce plugin <= 1.1.9 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-35912
CVE-2023-36691Cross-Site Request Forgery (CSRF) vulnerability in Albert Peschar WebwinkelKeur plugin <= 3.24 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-36691
CVE-2023-37392Cross-Site Request Forgery (CSRF) vulnerability in Deepak Anand WP Dummy Content Generator plugin <= 2.3.0 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-37392
CVE-2023-3606A vulnerability was found in TamronOS up to 20230703. It has been classified as critical. This affects an unknown part of the file /api/ping. The manipulation of the argument host leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-233475. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-3606
CVE-2023-3608A vulnerability was found in Ruijie BCR810W 2.5.10. It has been rated as critical. This issue affects some unknown processing of the component Tracert Page. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-233477 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-3608
CVE-2023-36922Due to programming error in function module or report, SAP NetWeaver ABAP (IS-OIL) - versions 600, 602, 603, 604, 605, 606, 617, 618, 800, 802, 803, 804, 805, 806, 807, allows an authenticated attacker to inject an arbitrary operating system command into an unprotected parameter in a common (default) extension.  On successful exploitation, the attacker can read or modify the system data as well as shut down the system.\n\n8.8https://nvd.nist.gov/vuln/detail/CVE-2023-36922
CVE-2023-23792Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Swatchly plugin <= 1.2.0 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-23792
CVE-2023-23791Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Menu plugin <= 1.2.1 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-23791
CVE-2023-23803Cross-Site Request Forgery (CSRF) vulnerability in HasThemes JustTables plugin <= 1.4.9 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-23803
CVE-2022-45823Cross-Site Request Forgery (CSRF) vulnerability in GalleryPlugins Video Contest WordPress plugin <= 3.2 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-45823
CVE-2023-23704Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade Comments Ratings plugin <= 1.1.6 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-23704
CVE-2023-23731Cross-Site Request Forgery (CSRF) vulnerability in HasTheme WishSuite plugin <= 1.3.3 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-23731
CVE-2023-23997Cross-Site Request Forgery (CSRF) vulnerability in Dave Jesch Database Collation Fix plugin <= 1.2.7 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-23997
CVE-2023-24421Cross-Site Request Forgery (CSRF) vulnerability in WP Engine PHP Compatibility Checker plugin <= 1.5.2 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-24421
CVE-2023-25051Cross-Site Request Forgery (CSRF) vulnerability in Denishua Comment Reply Notification plugin <= 1.4 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-25051
CVE-2023-25468Cross-Site Request Forgery (CSRF) vulnerability in Reservation.Studio Reservation.Studio widget plugin <= 1.0.11 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-25468
CVE-2023-25487Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade PixTypes plugin <= 1.4.14 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-25487
CVE-2023-35781Cross-Site Request Forgery (CSRF) vulnerability in LWS Cleaner plugin <= 2.3.0 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-35781
CVE-2023-34015Cross-Site Request Forgery (CSRF) vulnerability in PI Websolution Conditional shipping & Advanced Flat rate shipping rates / Flexible shipping for WooCommerce shipping plugin <= 1.6.4.4 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-34015
CVE-2023-35774Cross-Site Request Forgery (CSRF) vulnerability in LWS LWS Tools plugin <= 2.4.1 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-35774
CVE-2023-35913Cross-Site Request Forgery (CSRF) vulnerability in OOPSpam OOPSpam Anti-Spam plugin <= 1.1.44 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-35913
CVE-2023-36517Cross-Site Request Forgery (CSRF) vulnerability in Kevon Adonis WP Abstracts plugin <= 2.6.2 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-36517
CVE-2022-29561A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The web interface of the affected devices are vulnerable to Cross-Site Request Forgery attacks. By tricking an authenticated victim user to click a malicious link, an attacker could perform arbitrary actions on the device on behalf of the victim user.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-29561
CVE-2023-36693Cross-Site Request Forgery (CSRF) vulnerability in Alain Gonzalez WP RSS Images plugin <= 1.1 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-36693
CVE-2023-35091Cross-Site Request Forgery (CSRF) vulnerability in StoreApps Stock Manager for WooCommerce plugin <= 2.10.0 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-35091
CVE-2023-35773Cross-Site Request Forgery (CSRF) vulnerability in Danny Hearnah - ChubbyNinjaa Template Debugger plugin <= 3.1.2 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-35773
CVE-2023-36522Cross-Site Request Forgery (CSRF) vulnerability in WePupil Quiz Expert plugin <= 1.5.0 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-36522
CVE-2023-36690Cross-Site Request Forgery (CSRF) vulnerability in VibeThemes WPLMS theme <= 4.900 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-36690
CVE-2023-2072The Rockwell Automation PowerMonitor 1000 contains stored cross-site scripting vulnerabilities within the web page of the product.  The vulnerable pages do not require privileges to access and can be injected with code by an attacker which could be used to leverage an attack on an authenticated user resulting in remote code execution and potentially the complete loss of confidentiality, integrity, and availability of the product.\n\n\n8.8https://nvd.nist.gov/vuln/detail/CVE-2023-2072
CVE-2023-34116Improper input validation in the Zoom Desktop Client for Windows before version 5.15.0 may allow an unauthorized user to enable an escalation of privilege via network access.\n8.8https://nvd.nist.gov/vuln/detail/CVE-2023-34116
CVE-2023-3627Cross-Site Request Forgery (CSRF) in GitHub repository salesagility/suitecrm-core prior to 8.3.1.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-3627
CVE-2023-32038Microsoft ODBC Driver Remote Code Execution Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2023-32038
CVE-2023-32049Windows SmartScreen Security Feature Bypass Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2023-32049
CVE-2023-33134Microsoft SharePoint Server Remote Code Execution Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2023-33134
CVE-2023-33153Microsoft Outlook Remote Code Execution Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2023-33153
CVE-2023-33157Microsoft SharePoint Remote Code Execution Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2023-33157
CVE-2023-33159Microsoft SharePoint Server Spoofing Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2023-33159
CVE-2023-33160Microsoft SharePoint Server Remote Code Execution Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2023-33160
CVE-2023-35300Remote Procedure Call Runtime Remote Code Execution Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2023-35300
CVE-2023-35302Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2023-35302
CVE-2023-35303USB Audio Class System Driver Remote Code Execution Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2023-35303
CVE-2023-35311Microsoft Outlook Security Feature Bypass Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2023-35311
CVE-2023-35315Windows Layer-2 Bridge Network Driver Remote Code Execution Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2023-35315
CVE-2023-35322Windows Deployment Services Remote Code Execution Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2023-35322
CVE-2023-35364Windows Kernel Elevation of Privilege Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2023-35364
CVE-2023-36884Microsoft is investigating reports of a series of remote code execution vulnerabilities impacting Windows and Office products. Microsoft is aware of targeted attacks that attempt to exploit these vulnerabilities by using specially-crafted Microsoft Office documents.\n\nAn attacker could create a specially crafted Microsoft Office document that enables them to perform remote code execution in the context of the victim. However, an attacker would have to convince the victim to open the malicious file.\n\nUpon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This might include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.\n\nPlease see the Microsoft Threat Intelligence Blog https://aka.ms/Storm-0978  Entry for important information about steps you can take to protect your system from this vulnerability.\n\nThis CVE will be updated with new information and links to security updates when they become available.\n\n8.8https://nvd.nist.gov/vuln/detail/CVE-2023-36884
CVE-2023-3105The LearnDash LMS plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.6.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for attackers with with existing account access at any level, to change user passwords and potentially take over administrator accounts.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-3105
CVE-2023-3343The User Registration plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 3.0.1 via deserialization of untrusted input from the 'profile-pic-url' parameter. This allows authenticated attackers, with subscriber-level permissions and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-3343
CVE-2023-2759A hidden API exists in TapHome's core platform before version 2023.2 that allows an authenticated, low privileged user to change passwords of other users without any prior knowledge. The attacker may gain full access to the device by using this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-2759
CVE-2023-2958Authorization Bypass Through User-Controlled Key vulnerability in Origin Software ATS Pro allows Authentication Abuse, Authentication Bypass.This issue affects ATS Pro: before 20230714.\n\n8.8https://nvd.nist.gov/vuln/detail/CVE-2023-2958
CVE-2023-28767The configuration parser fails to sanitize user-controlled input in the Zyxel ATP series firmware versions 5.10 through 5.36, USG FLEX series firmware versions 5.00 through 5.36,  USG FLEX 50(W) series firmware versions 5.10 through 5.36, \n\nUSG20(W)-VPN series firmware versions 5.10 through 5.36, and VPN series firmware versions 5.00 through 5.36. An unauthenticated, LAN-based attacker could leverage the vulnerability to inject some operating system (OS) commands into the device configuration data on an affected device when the cloud management mode is enabled.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-28767
CVE-2023-33011A format string vulnerability in the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.10 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.10 through 5.36 Patch 2, and VPN series firmware versions 5.00 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands by using a crafted PPPoE configuration on an affected device when the cloud management mode is enabled.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-33011
CVE-2023-33012A command injection vulnerability in the configuration parser of the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.10 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.10 through 5.36 Patch 2, and VPN series firmware versions 5.00 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands by using a crafted GRE configuration when the cloud management mode is enabled.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-33012
CVE-2023-34139A command injection vulnerability in the Free Time WiFi hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.36 Patch 2 and VPN series firmware versions 4.20 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-34139
CVE-2023-3713The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'profile_magic_check_smtp_connection' function in versions up to, and including, 5.5.1. This makes it possible for authenticated attackers, with subscriber-level permissions or above to update the site options arbitrarily. This can be used by attackers to achieve privilege escalation.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-3713
CVE-2023-35069Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Bullwark allows Path Traversal.This issue affects Bullwark: before BLW-2016E-960H.\n\n8.6https://nvd.nist.gov/vuln/detail/CVE-2023-35069
CVE-2023-22062Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).8.5https://nvd.nist.gov/vuln/detail/CVE-2023-22062
CVE-2023-22014Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 8.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).8.4https://nvd.nist.gov/vuln/detail/CVE-2023-22014
CVE-2022-2732Improper Privilege Management in GitHub repository openemr/openemr prior to 7.0.0.1.8.3https://nvd.nist.gov/vuln/detail/CVE-2022-2732
CVE-2023-34451CometBFT is a Byzantine Fault Tolerant (BFT) middleware that takes a state transition machine and replicates it on many machines. The mempool maintains two data structures to keep track of outstanding transactions: a list and a map.\nThese two data structures are supposed to be in sync all the time in the sense that the map tracks the index (if any) of the transaction in the list. In `v0.37.0`, and `v0.37.1`, as well as in `v0.34.28`, and all previous releases of the CometBFT repo2, it is possible to have them out of sync. When this happens, the list may contain several copies of the same transaction. Because the map tracks a single index, it is then no longer possible to remove all the copies of the transaction from the list. This happens even if the duplicated transaction is later committed in a block. The only way to remove the transaction is by restarting the node.\n\nThe above problem can be repeated on and on until a sizable number of transactions are stuck in the mempool, in order to try to bring down the target node. The problem is fixed in releases `v0.34.29` and `v0.37.2`. Some workarounds are available. Increasing the value of `cache_size` in `config.toml` makes it very difficult to effectively attack a full node. Not exposing the transaction submission RPC's would mitigate the probability of a successful attack, as the attacker would then have to create a modified (byzantine) full node to be able to perform the attack via p2p.8.2https://nvd.nist.gov/vuln/detail/CVE-2023-34451
CVE-2023-35934yt-dlp is a command-line program to download videos from video sites. During file downloads, yt-dlp or the external downloaders that yt-dlp employs may leak cookies on HTTP redirects to a different host, or leak them when the host for download fragments differs from their parent manifest's host. This vulnerable behavior is present in yt-dlp prior to 2023.07.06 and nightly 2023.07.06.185519. All native and external downloaders are affected, except for `curl` and `httpie` (version 3.1.0 or later).\n\nAt the file download stage, all cookies are passed by yt-dlp to the file downloader as a `Cookie` header, thereby losing their scope. This also occurs in yt-dlp's info JSON output, which may be used by external tools. As a result, the downloader or external tool may indiscriminately send cookies with requests to domains or paths for which the cookies are not scoped.\n\nyt-dlp version 2023.07.06 and nightly 2023.07.06.185519 fix this issue by removing the `Cookie` header upon HTTP redirects; having native downloaders calculate the `Cookie` header from the cookiejar, utilizing external downloaders' built-in support for cookies instead of passing them as header arguments, disabling HTTP redirectiong if the external downloader does not have proper cookie support, processing cookies passed as HTTP headers to limit their scope, and having a separate field for cookies in the info dict storing more information about scoping\n\nSome workarounds are available for those who are unable to upgrade. Avoid using cookies and user authentication methods. While extractors may set custom cookies, these usually do not contain sensitive information. Alternatively, avoid using `--load-info-json`. Or, if authentication is a must: verify the integrity of download links from unknown sources in browser (including redirects) before passing them to yt-dlp; use `curl` as external downloader, since it is not impacted; and/or avoid fragmented formats such as HLS/m3u8, DASH/mpd and ISM.8.2https://nvd.nist.gov/vuln/detail/CVE-2023-35934
CVE-2023-35335Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability8.2https://nvd.nist.gov/vuln/detail/CVE-2023-35335
CVE-2023-2959Authentication Bypass by Primary Weakness vulnerability in Oliva Expertise Oliva Expertise EKS allows Collect Data as Provided by Users.This issue affects Oliva Expertise EKS: before 1.2.\n\n8.2https://nvd.nist.gov/vuln/detail/CVE-2023-2959
CVE-2022-23602Nimforum is a lightweight alternative to Discourse written in Nim. In versions prior to 2.2.0 any forum user can create a new thread/post with an include referencing a file local to the host operating system. Nimforum will render the file if able. This can also be done silently by using NimForum's post "preview" endpoint. Even if NimForum is running as a non-critical user, the forum.json secrets can be stolen. Version 2.2.0 of NimForum includes patches for this vulnerability. Users are advised to upgrade as soon as is possible. There are no known workarounds for this issue.8.1https://nvd.nist.gov/vuln/detail/CVE-2022-23602
CVE-2022-27511Corruption of the system by a remote, unauthenticated user. The impact of this can include the reset of the administrator password at the next device reboot, allowing an attacker with ssh access to connect with the default administrator credentials after the device has rebooted.8.1https://nvd.nist.gov/vuln/detail/CVE-2022-27511
CVE-2022-41981A stack-based buffer overflow vulnerability exists in the TGA file format parser of OpenImageIO v2.3.19.0. A specially-crafted targa file can lead to out of bounds read and write on the process stack, which can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.8.1https://nvd.nist.gov/vuln/detail/CVE-2022-41981
CVE-2023-36932In Progress MOVEit Transfer before 2020.1.11 (12.1.11), 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), multiple SQL injection vulnerabilities have been identified in the MOVEit Transfer web application that could allow an authenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to a MOVEit Transfer application endpoint that could result in modification and disclosure of MOVEit database content.8.1https://nvd.nist.gov/vuln/detail/CVE-2023-36932
CVE-2023-34471\n AMI SPx contains a vulnerability in the BMC where a user may cause a missing cryptographic step by generating a hash-based message authentication code (HMAC). A successful exploit of this vulnerability may lead to the loss confidentiality, integrity, and authentication.8.1https://nvd.nist.gov/vuln/detail/CVE-2023-34471
CVE-2023-36822Uptime Kuma, a self-hosted monitoring tool, has a path traversal vulnerability in versions prior to 1.22.1. Uptime Kuma allows authenticated users to install plugins from an official list of plugins. This feature is currently disabled in the web interface, but the corresponding API endpoints are still available after login. Before a plugin is downloaded, the plugin installation directory is checked for existence. If it exists, it's removed before the plugin installation. Because the plugin is not validated against the official list of plugins or sanitized, the check for existence and the removal of the plugin installation directory are prone to path traversal. This vulnerability allows an authenticated attacker to delete files from the server Uptime Kuma is running on. Depending on which files are deleted, Uptime Kuma or the whole system may become unavailable due to data loss.\n8.1https://nvd.nist.gov/vuln/detail/CVE-2023-36822
CVE-2020-21862Directory traversal vulnerability in DuxCMS 2.1 allows attackers to delete arbitrary files via /admin/AdminBackup/del.8.1https://nvd.nist.gov/vuln/detail/CVE-2020-21862
CVE-2023-22371An os command injection vulnerability exists in the liburvpn.so create_private_key functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to command execution. An attacker can send a malicious packet to trigger this vulnerability.8.1https://nvd.nist.gov/vuln/detail/CVE-2023-22371
CVE-2023-23546A misconfiguration vulnerability exists in the urvpn_client functionality of Milesight UR32L v32.3.0.5. A specially-crafted man-in-the-middle attack can lead to increased privileges. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.8.1https://nvd.nist.gov/vuln/detail/CVE-2023-23546
CVE-2023-24019A stack-based buffer overflow vulnerability exists in the urvpn_client http_connection_readcb functionality of Milesight UR32L v32.3.0.5. A specially crafted network packet can lead to a buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.8.1https://nvd.nist.gov/vuln/detail/CVE-2023-24019
CVE-2023-32250A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_SESSION_SETUP commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel.8.1https://nvd.nist.gov/vuln/detail/CVE-2023-32250
CVE-2023-32254A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_TREE_DISCONNECT commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel.8.1https://nvd.nist.gov/vuln/detail/CVE-2023-32254
CVE-2023-37596Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via a crafted script to the deleteuser function.8.1https://nvd.nist.gov/vuln/detail/CVE-2023-37596
CVE-2023-37597Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via the delete user grouplist function.8.1https://nvd.nist.gov/vuln/detail/CVE-2023-37597
CVE-2023-33127.NET and Visual Studio Elevation of Privilege Vulnerability8.1https://nvd.nist.gov/vuln/detail/CVE-2023-33127
CVE-2023-33170ASP.NET and Visual Studio Security Feature Bypass Vulnerability8.1https://nvd.nist.gov/vuln/detail/CVE-2023-33170
CVE-2023-22018Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.46 and Prior to 7.0.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via RDP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).8.1https://nvd.nist.gov/vuln/detail/CVE-2023-22018
CVE-2023-1901The bluetooth HCI host layer logic not clearing a global reference to a semaphore after synchronously sending HCI commands may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash (DoS) or potential RCE on the Host layer.\n\n\n8https://nvd.nist.gov/vuln/detail/CVE-2023-1901
CVE-2023-1902The bluetooth HCI host layer logic not clearing a global reference to a state pointer after handling connection events may allow a malicious HCI Controller to cause the use of a dangling reference in the host layer, leading to a crash (DoS) or potential RCE on the Host layer.8https://nvd.nist.gov/vuln/detail/CVE-2023-1902
CVE-2023-3607A vulnerability was found in kodbox 1.26. It has been declared as critical. This vulnerability affects the function Execute of the file webconsole.php.txt of the component WebConsole Plug-In. The manipulation leads to os command injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-233476. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.8https://nvd.nist.gov/vuln/detail/CVE-2023-3607
CVE-2023-34138A command injection vulnerability in the hotspot management feature of the Zyxel ATP series firmware versions 4.60 through 5.36 Patch 2, USG FLEX series firmware versions 4.60 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 4.60 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 4.60 through 5.36 Patch 2, and VPN series firmware versions 4.60 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device if the attacker could trick an authorized administrator to add their IP address to the list of trusted RADIUS clients in advance.8https://nvd.nist.gov/vuln/detail/CVE-2023-34138
CVE-2023-34141A command injection vulnerability in the access point (AP) management feature of the Zyxel ATP series firmware versions 5.00 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.00 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.00 through 5.36 Patch 2, VPN series firmware versions 5.00 through 5.36 Patch 2, NXC2500 firmware versions 6.10(AAIG.0) through 6.10(AAIG.3), and NXC5500 firmware versions 6.10(AAOS.0) through 6.10(AAOS.4), could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device if the attacker could trick an authorized administrator to add their IP address to the managed AP list in advance.8https://nvd.nist.gov/vuln/detail/CVE-2023-34141
CVE-2019-14816There is heap-based buffer overflow in kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.7.8https://nvd.nist.gov/vuln/detail/CVE-2019-14816
CVE-2019-14815A vulnerability was found in Linux Kernel, where a Heap Overflow was found in mwifiex_set_wmm_params() function of Marvell Wifi Driver.7.8https://nvd.nist.gov/vuln/detail/CVE-2019-14815
CVE-2021-41133Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.4 and 1.12.0, Flatpak apps with direct access to AF_UNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can trick portals and other host-OS services into treating the Flatpak app as though it was an ordinary, non-sandboxed host-OS process. They can do this by manipulating the VFS using recent mount-related syscalls that are not blocked by Flatpak's denylist seccomp filter, in order to substitute a crafted `/.flatpak-info` or make that file disappear entirely. Flatpak apps that act as clients for AF_UNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can escalate the privileges that the corresponding services will believe the Flatpak app has. Note that protocols that operate entirely over the D-Bus session bus (user bus), system bus or accessibility bus are not affected by this. This is due to the use of a proxy process `xdg-dbus-proxy`, whose VFS cannot be manipulated by the Flatpak app, when interacting with these buses. Patches exist for versions 1.10.4 and 1.12.0, and as of time of publication, a patch for version 1.8.2 is being planned. There are no workarounds aside from upgrading to a patched version.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-41133
CVE-2022-39245Mist is the command-line interface for the makedeb Package Repository. Prior to version 0.9.5, a user-provided `sudo` binary via the `PATH` variable can allow a local user to run arbitrary commands on the user's system with root permissions. Versions 0.9.5 and later contain a patch. No known workarounds exist.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-39245
CVE-2022-39883Improper authorization vulnerability in StorageManagerService prior to SMR Nov-2022 Release 1 allows local attacker to call privileged API.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-39883
CVE-2022-23465SwiftTerm is a Xterm/VT100 Terminal emulator. Prior to commit a94e6b24d24ce9680ad79884992e1dff8e150a31, an attacker could modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands. Version a94e6b24d24ce9680ad79884992e1dff8e150a31 contains a patch for this issue. There are no known workarounds available.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-23465
CVE-2023-0760Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to V2.1.0-DEV.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-0760
CVE-2023-27590Rizin is a UNIX-like reverse engineering framework and command-line toolset. In version 0.5.1 and prior, converting a GDB registers profile file into a Rizin register profile can result in a stack-based buffer overflow when the `name`, `type`, or `groups` fields have longer values than expected. Users opening untrusted GDB registers files (e.g. with the `drpg` or `arpg` commands) are affected by this flaw. Commit d6196703d89c84467b600ba2692534579dc25ed4 contains a patch for this issue. As a workaround, review the GDB register profiles before loading them with `drpg`/`arpg` commands.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-27590
CVE-2023-3012NULL Pointer Dereference in GitHub repository gpac/gpac prior to 2.2.2.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-3012
CVE-2023-35788An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-35788
CVE-2023-23539A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.2. Mounting a maliciously crafted Samba network share may lead to arbitrary code execution7.8https://nvd.nist.gov/vuln/detail/CVE-2023-23539
CVE-2023-36664Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).7.8https://nvd.nist.gov/vuln/detail/CVE-2023-36664
CVE-2023-20178A vulnerability in the client update process of Cisco AnyConnect Secure Mobility Client Software for Windows and Cisco Secure Client Software for Windows could allow a low-privileged, authenticated, local attacker to elevate privileges to those of SYSTEM. The client update process is executed after a successful VPN connection is established.\r\n\r This vulnerability exists because improper permissions are assigned to a temporary directory that is created during the update process. An attacker could exploit this vulnerability by abusing a specific function of the Windows installer process. A successful exploit could allow the attacker to execute code with SYSTEM privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-20178
CVE-2023-3438\nAn unquoted Windows search path vulnerability existed in the install the MOVE 4.10.x and earlier Windows install service (mvagtsce.exe). \nThe misconfiguration allowed an unauthorized local user to insert arbitrary code into the unquoted service path to obtain privilege escalation and stop antimalware services.\n\n7.8https://nvd.nist.gov/vuln/detail/CVE-2023-3438
CVE-2023-37208When opening Diagcab files, Firefox did not warn the user that these files may contain malicious code. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-37208
CVE-2023-31248Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace7.8https://nvd.nist.gov/vuln/detail/CVE-2023-31248
CVE-2023-35001Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace7.8https://nvd.nist.gov/vuln/detail/CVE-2023-35001
CVE-2023-36623The root password of the Loxone Miniserver Go Gen.2 before 14.2 is calculated using hard-coded secrets and the MAC address. This allows a local user to calculate the root password and escalate privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-36623
CVE-2023-36624Loxone Miniserver Go Gen.2 through 14.0.3.28 allows an authenticated operating system user to escalate privileges via the Sudo configuration. This allows the elevated execution of binaries without a password requirement.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-36624
CVE-2023-24256An issue in the com.nextev.datastatistic component of NIO EC6 Aspen before v3.3.0 allows attackers to escalate privileges via path traversal.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-24256
CVE-2023-30644Stack out of bound write vulnerability in CdmaSmsParser of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-30644
CVE-2023-30645Heap out of bound write vulnerability in IpcRxIncomingCBMsg of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-30645
CVE-2023-30646Heap out of bound write vulnerability in BroadcastSmsConfig of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-30646
CVE-2023-30647Heap out of bound write vulnerability in IpcRxUsimPhoneBookCapa of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-30647
CVE-2023-30649Heap out of bound write vulnerability in RmtUimNeedApdu of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-30649
CVE-2023-30650Out of bounds read and write in callrunTspCmd of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-30650
CVE-2023-30651Out of bounds read and write in callgetTspsysfs of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-30651
CVE-2023-30652Out of bounds read and write in callrunTspCmdNoRead of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-30652
CVE-2023-30653Out of bounds read and write in enableTspDevice of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-30653
CVE-2023-30655Improper input validation vulnerability in SCEPProfile prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-30655
CVE-2023-30656Improper input validation vulnerability in LSOItemData prior to SMR Jul-2023 Release 1 allows attackers to launch certain activities.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-30656
CVE-2023-30657Improper input validation vulnerability in EnhancedAttestationResult prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-30657
CVE-2023-30658Improper input validation vulnerability in DataProfile prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-30658
CVE-2023-30659Improper input validation vulnerability in Transaction prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-30659
CVE-2023-30663Improper input validation vulnerability in OemPersonalizationSetLock in libsec-ril prior to SMR Jul-2023 Release 1 allows local attackers to cause an Out-Of-Bounds write.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-30663
CVE-2023-30664Improper input validation vulnerability in RegisteredMSISDN prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-30664
CVE-2023-30666Improper input validation vulnerability in DoOemImeiSetPreconfig in libsec-ril prior to SMR Jul-2023 Release 1 allows local attackers to cause an Out-Of-Bounds write.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-30666
CVE-2023-30668Out-of-bounds Write in BuildOemSecureSimLockResponse of libsec-ril prior to SMR Jul-2023 Release 1 allows local attacker to execute arbitrary code.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-30668
CVE-2023-30669Out-of-bounds Write in DoOemFactorySendFactoryTestResult of libsec-ril prior to SMR Jul-2023 Release 1 allows local attacker to execute arbitrary code.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-30669
CVE-2023-30670Out-of-bounds Write in BuildIpcFactoryDeviceTestEvent of libsec-ril prior to SMR Jul-2023 Release 1 allows local attacker to execute arbitrary code.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-30670
CVE-2023-36830SQLFluff is a SQL linter. Prior to version 2.1.2, in environments where untrusted users have access to the config files, there is a potential security vulnerability where those users could use the `library_path` config value to allow arbitrary python code to be executed via macros. For many users who use SQLFluff in the context of an environment where all users already have fairly escalated privileges, this may not be an issue - however in larger user bases, or where SQLFluff is bundled into another tool where developers still wish to give users access to supply their on rule configuration, this may be an issue.\n\nThe 2.1.2 release offers the ability for the `library_path` argument to be overwritten on the command line by using the `--library-path` option. This overrides any values provided in the config files and effectively prevents this route of attack for users which have access to the config file, but not to the scripts which call the SQLFluff CLI directly. A similar option is provided for the Python API, where users also have a greater ability to further customise or override configuration as necessary. Unless `library_path` is explicitly required, SQLFluff maintainers recommend using the option `--library-path none` when invoking SQLFluff which will disable the `library-path` option entirely regardless of the options set in the configuration file or via inline config directives. As a workaround, limiting access to - or otherwise validating configuration files before they are ingested by SQLFluff will provides a similar effect and does not require upgrade.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-36830
CVE-2023-32183Incorrect Default Permissions vulnerability in the openSUSE Tumbleweed hawk2 package allows users with access to the hacluster to escalate to root\nThis issue affects openSUSE Tumbleweed.\n\n7.8https://nvd.nist.gov/vuln/detail/CVE-2023-32183
CVE-2021-42082Local users are able to execute scripts under root privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-42082
CVE-2023-27558IBM Db2 on Windows 10.5, 11.1, and 11.5 may be vulnerable to a privilege escalation caused by at least one installed service using an unquoted service path. A local attacker could exploit this vulnerability to gain elevated privileges by inserting an executable file in the path of the affected service. IBM X-Force ID: 249194.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-27558
CVE-2023-28958IBM Watson Knowledge Catalog on Cloud Pak for Data 4.0 is potentially vulnerable to CSV Injection. A remote attacker could execute arbitrary commands on the system, caused by improper validation of csv file contents. IBM X-Force ID: 251782.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-28958
CVE-2023-30431IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 db2set is vulnerable to a buffer overflow, caused by improper bounds checking. An attacker could overflow the buffer and execute arbitrary code. IBM X-Force ID: 252184.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-30431
CVE-2023-34432A heap buffer overflow vulnerability was found in sox, in the lsx_readbuf function at sox/src/formats_i.c:98:16. This flaw can lead to a denial of service, code execution, or information disclosure.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-34432
CVE-2023-37246A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PRT files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21109)7.8https://nvd.nist.gov/vuln/detail/CVE-2023-37246
CVE-2023-37247A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21138)7.8https://nvd.nist.gov/vuln/detail/CVE-2023-37247
CVE-2023-37248A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted PAR file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21155)7.8https://nvd.nist.gov/vuln/detail/CVE-2023-37248
CVE-2023-37374A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to stack-based buffer overflow while parsing specially crafted STP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21054)7.8https://nvd.nist.gov/vuln/detail/CVE-2023-37374
CVE-2023-37375A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to stack-based buffer overflow while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21060)7.8https://nvd.nist.gov/vuln/detail/CVE-2023-37375
CVE-2023-37376A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains a type confusion vulnerability while parsing STP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21051)7.8https://nvd.nist.gov/vuln/detail/CVE-2023-37376
CVE-2023-21756Windows Win32k Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-21756
CVE-2023-32046Windows MSHTML Platform Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-32046
CVE-2023-32047Paint 3D Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-32047
CVE-2023-32051Raw Image Extension Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-32051
CVE-2023-32053Windows Installer Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-32053
CVE-2023-33148Microsoft Office Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-33148
CVE-2023-33149Microsoft Office Graphics Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-33149
CVE-2023-33152Microsoft ActiveX Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-33152
CVE-2023-33155Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-33155
CVE-2023-33158Microsoft Excel Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-33158
CVE-2023-33161Microsoft Excel Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-33161
CVE-2023-35299Windows Common Log File System Driver Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-35299
CVE-2023-35304Windows Kernel Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-35304
CVE-2023-35305Windows Kernel Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-35305
CVE-2023-35312Microsoft VOLSNAP.SYS Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-35312
CVE-2023-35313Windows Online Certificate Status Protocol (OCSP) SnapIn Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-35313
CVE-2023-35317Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-35317
CVE-2023-35320Connected User Experiences and Telemetry Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-35320
CVE-2023-35323Windows OLE Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-35323
CVE-2023-35328Windows Transaction Manager Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-35328
CVE-2023-35337Win32k Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-35337
CVE-2023-35340Windows CNG Key Isolation Service Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-35340
CVE-2023-35342Windows Image Acquisition Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-35342
CVE-2023-35343Windows Geolocation Service Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-35343
CVE-2023-35353Connected User Experiences and Telemetry Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-35353
CVE-2023-35356Windows Kernel Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-35356
CVE-2023-35357Windows Kernel Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-35357
CVE-2023-35358Windows Kernel Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-35358
CVE-2023-35362Windows Clip Service Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-35362
CVE-2023-35363Windows Kernel Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-35363
CVE-2023-35374Paint 3D Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-35374
CVE-2023-36867Visual Studio Code GitHub Pull Requests and Issues Extension Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-36867
CVE-2023-36874Windows Error Reporting Service Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-36874
CVE-2021-43757Adobe Media Encoder versions 22.0, 15.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious 3GP ?file7.8https://nvd.nist.gov/vuln/detail/CVE-2021-43757
CVE-2023-29308Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-29308
CVE-2023-36887Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-36887
CVE-2023-22023Vulnerability in the Oracle Solaris product of Oracle Systems (component: Device Driver Interface). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. Note: CVE-2023-22023 is equivalent to CVE-2023-31284. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).7.8https://nvd.nist.gov/vuln/detail/CVE-2023-22023
CVE-2023-22835A security defect was identified that enabled a user of Foundry Issues to perform a Denial of Service attack by submitting malformed data in an Issue that caused loss of frontend functionality to all issue participants.\n\nThis defect was resolved with the release of Foundry Issues 2.510.0 and Foundry Frontend 6.228.0.7.7https://nvd.nist.gov/vuln/detail/CVE-2023-22835
CVE-2022-23540In versions `<=8.5.1` of `jsonwebtoken` library, lack of algorithm definition in the `jwt.verify()` function can lead to signature validation bypass due to defaulting to the `none` algorithm for signature verification. Users are affected if you do not specify algorithms in the `jwt.verify()` function. This issue has been fixed, please update to version 9.0.0 which removes the default support for the none algorithm in the `jwt.verify()` method. There will be no impact, if you update to version 9.0.0 and you don’t need to allow for the `none` algorithm. If you need 'none' algorithm, you have to explicitly specify that in `jwt.verify()` options.7.6https://nvd.nist.gov/vuln/detail/CVE-2022-23540
CVE-2022-23538github.com/sylabs/scs-library-client is the Go client for the Singularity Container Services (SCS) Container Library Service. When the scs-library-client is used to pull a container image, with authentication, the HTTP Authorization header sent by the client to the library service may be incorrectly leaked to an S3 backing storage provider. This occurs in a specific flow, where the library service redirects the client to a backing S3 storage server, to perform a multi-part concurrent download. Depending on site configuration, the S3 service may be provided by a third party. An attacker with access to the S3 service may be able to extract user credentials, allowing them to impersonate the user. The vulnerable multi-part concurrent download flow, with redirect to S3, is only used when communicating with a Singularity Enterprise 1.x installation, or third party server implementing this flow. Interaction with Singularity Enterprise 2.x, and Singularity Container Services (cloud.sylabs.io), does not trigger the vulnerable flow. We encourage all users to update. Users who interact with a Singularity Enterprise 1.x installation, using a 3rd party S3 storage service, are advised to revoke and recreate their authentication tokens within Singularity Enterprise. There is no workaround available at this time.7.6https://nvd.nist.gov/vuln/detail/CVE-2022-23538
CVE-2023-2760An SQL injection vulnerability exists in TapHome core HandleMessageUpdateDevicePropertiesRequest function before version 2023.2, allowing low privileged users to inject arbitrary SQL directives into an SQL query and execute arbitrary SQL commands and get full reading access. This may also lead to limited write access and temporary Denial-of-Service.7.6https://nvd.nist.gov/vuln/detail/CVE-2023-2760
CVE-2023-22060Vulnerability in the Oracle Hyperion Workspace product of Oracle Hyperion (component: UI and Visualization). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Workspace. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hyperion Workspace accessible data as well as unauthorized access to critical data or complete access to all Oracle Hyperion Workspace accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Workspace. CVSS 3.1 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L).7.6https://nvd.nist.gov/vuln/detail/CVE-2023-22060
CVE-2021-39182EnroCrypt is a Python module for encryption and hashing. Prior to version 1.1.4, EnroCrypt used the MD5 hashing algorithm in the hashing file. Beginners who are unfamiliar with hashes can face problems as MD5 is considered an insecure hashing algorithm. The vulnerability is patched in v1.1.4 of the product. As a workaround, users can remove the `MD5` hashing function from the file `hashing.py`.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-39182
CVE-2021-41277Metabase is an open source data analytics platform. In affected versions a security issue has been discovered with the custom GeoJSON map (`admin->settings->maps->custom maps->add a map`) support and potential local file inclusion (including environment variables). URLs were not validated prior to being loaded. This issue is fixed in a new maintenance release (0.40.5 and 1.40.5), and any subsequent release after that. If you’re unable to upgrade immediately, you can mitigate this by including rules in your reverse proxy or load balancer or WAF to provide a validation filter before the application.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-41277
CVE-2022-23223The HTTP response will disclose the user password. This issue affected Apache ShenYu 2.4.0 and 2.4.1.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-23223
CVE-2022-23635Istio is an open platform to connect, manage, and secure microservices. In affected versions the Istio control plane, `istiod`, is vulnerable to a request processing error, allowing a malicious attacker that sends a specially crafted message which results in the control plane crashing. This endpoint is served over TLS port 15012, but does not require any authentication from the attacker. For simple installations, Istiod is typically only reachable from within the cluster, limiting the blast radius. However, for some deployments, especially [multicluster](https://istio.io/latest/docs/setup/install/multicluster/primary-remote/) topologies, this port is exposed over the public internet. There are no effective workarounds, beyond upgrading. Limiting network access to Istiod to the minimal set of clients can help lessen the scope of the vulnerability to some extent.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-23635
CVE-2022-25598Apache DolphinScheduler user registration is vulnerable to Regular express Denial of Service (ReDoS) attacks, Apache DolphinScheduler users should upgrade to version 2.0.5 or higher.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-25598
CVE-2022-24795yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of `yajl` contain an integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs. The reallocation logic at `yajl_buf.c#L64` may result in the `need` 32bit integer wrapping to 0 when `need` approaches a value of 0x80000000 (i.e. ~2GB of data), which results in a reallocation of buf->alloc into a small heap chunk. These integers are declared as `size_t` in the 2.x branch of `yajl`, which practically prevents the issue from triggering on 64bit platforms, however this does not preclude this issue triggering on 32bit builds on which `size_t` is a 32bit integer. Subsequent population of this under-allocated heap chunk is based on the original buffer size, leading to heap memory corruption. This vulnerability mostly impacts process availability. Maintainers believe exploitation for arbitrary code execution is unlikely. A patch is available and anticipated to be part of yajl-ruby version 1.4.2. As a workaround, avoid passing large inputs to YAJL.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-24795
CVE-2022-27480A vulnerability has been identified in SICAM A8000 CP-8031 (All versions < V4.80), SICAM A8000 CP-8050 (All versions < V4.80). Affected devices do not require an user to be authenticated to access certain files. This could allow unauthenticated attackers to download these files.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-27480
CVE-2022-26650In Apache ShenYui, ShenYu-Bootstrap, RegexPredicateJudge.java uses Pattern.matches(conditionData.getParamValue(), realData) to make judgments, where both parameters are controllable by the user. This can cause an attacker pass in malicious regular expressions and characters causing a resource exhaustion. This issue affects Apache ShenYu (incubating) 2.4.0, 2.4.1 and 2.4.2 and is fixed in 2.4.3.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-26650
CVE-2021-43306An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the jquery-validation npm package, when an attacker is able to supply arbitrary input to the url2 method7.5https://nvd.nist.gov/vuln/detail/CVE-2021-43306
CVE-2021-43307An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the semver-regex npm package, when an attacker is able to supply arbitrary input to the test() method7.5https://nvd.nist.gov/vuln/detail/CVE-2021-43307
CVE-2021-43308An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the markdown-link-extractor npm package, when an attacker is able to supply arbitrary input to the module's exported function7.5https://nvd.nist.gov/vuln/detail/CVE-2021-43308
CVE-2022-25763Improper Input Validation vulnerability in HTTP/2 request validation of Apache Traffic Server allows an attacker to create smuggle or cache poison attacks. This issue affects Apache Traffic Server 8.0.0 to 9.1.2.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-25763
CVE-2022-23460Jsonxx or Json++ is a JSON parser, writer and reader written in C++. In affected versions of jsonxx json parsing may lead to stack exhaustion in an address sanitized (ASAN) build. This issue may lead to Denial of Service if the program using the jsonxx library crashes. This issue exists on the current commit of the jsonxx project and the project itself has been archived. Updates are not expected. Users are advised to find a replacement.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-23460
CVE-2021-43309An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the uri-template-lite npm package, when an attacker is able to supply arbitrary input to the "URI.expand" method7.5https://nvd.nist.gov/vuln/detail/CVE-2021-43309
CVE-2021-42522There is a Information Disclosure vulnerability in anjuta/plugins/document-manager/anjuta-bookmarks.c. This issue was caused by the incorrect use of libxml2 API. The vendor forgot to call 'g_free()' to release the return value of 'xmlGetProp()'.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-42522
CVE-2021-42523There are two Information Disclosure vulnerabilities in colord, and they lie in colord/src/cd-device-db.c and colord/src/cd-profile-db.c separately. They exist because the 'err_msg' of 'sqlite3_exec' is not releasing after use, while libxml2 emphasizes that the caller needs to release it.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-42523
CVE-2022-40150Those using Jettison to parse untrusted XML or JSON data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by Out of memory. This effect may support a denial of service attack.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-40150
CVE-2022-39289ZoneMinder is a free, open source Closed-circuit television software application. In affected versions the ZoneMinder API Exposes Database Log contents to user without privileges, allows insertion, modification, deletion of logs without System Privileges. Users are advised yo upgrade as soon as possible. Users unable to upgrade should disable database logging.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-39289
CVE-2022-39271Traefik (pronounced traffic) is a modern HTTP reverse proxy and load balancer that assists in deploying microservices. There is a potential vulnerability in Traefik managing HTTP/2 connections. A closing HTTP/2 server connection could hang forever because of a subsequent fatal error. This failure mode could be exploited to cause a denial of service. There has been a patch released in versions 2.8.8 and 2.9.0-rc5. There are currently no known workarounds.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-39271
CVE-2022-39313Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Versions prior to 4.10.17, and prior to 5.2.8 on the 5.x branch, crash when a file download request is received with an invalid byte range, resulting in a Denial of Service. This issue has been patched in versions 4.10.17, and 5.2.8. There are no known workarounds.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-39313
CVE-2022-23486libp2p-rust is the official rust language Implementation of the libp2p networking stack. In versions prior to 0.45.1 an attacker node can cause a victim node to allocate a large number of small memory chunks, which can ultimately lead to the victim’s process running out of memory and thus getting killed by its operating system. When executed continuously, this can lead to a denial of service attack, especially relevant on a larger scale when run against more than one node of a libp2p based network. Users are advised to upgrade to `libp2p` `v0.45.1` or above. Users unable to upgrade should reference the DoS Mitigation page for more information on how to incorporate mitigation strategies, monitor their application, and respond to attacks: https://docs.libp2p.io/reference/dos-mitigation/.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-23486
CVE-2022-23487js-libp2p is the official javascript Implementation of libp2p networking stack. Versions older than `v0.38.0` of js-libp2p are vulnerable to targeted resource exhaustion attacks. These attacks target libp2p’s connection, stream, peer, and memory management. An attacker can cause the allocation of large amounts of memory, ultimately leading to the process getting killed by the host’s operating system. While a connection manager tasked with keeping the number of connections within manageable limits has been part of js-libp2p, this component was designed to handle the regular churn of peers, not a targeted resource exhaustion attack. Users are advised to update their js-libp2p dependency to `v0.38.0` or greater. There are no known workarounds for this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-23487
CVE-2022-23492go-libp2p is the offical libp2p implementation in the Go programming language. Version `0.18.0` and older of go-libp2p are vulnerable to targeted resource exhaustion attacks. These attacks target libp2p’s connection, stream, peer, and memory management. An attacker can cause the allocation of large amounts of memory, ultimately leading to the process getting killed by the host’s operating system. While a connection manager tasked with keeping the number of connections within manageable limits has been part of go-libp2p, this component was designed to handle the regular churn of peers, not a targeted resource exhaustion attack. Users are advised to upgrade their version of go-libp2p to version `0.18.1` or newer. Users unable to upgrade may consult the denial of service (dos) mitigation page for more information on how to incorporate mitigation strategies, monitor your application, and respond to attacks.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-23492
CVE-2022-23505Passport-wsfed-saml2 is a ws-federation protocol and SAML2 tokens authentication provider for Passport. In versions prior to 4.6.3, a remote attacker may be able to bypass WSFed authentication on a website using passport-wsfed-saml2. A successful attack requires that the attacker is in possession of an arbitrary IDP signed assertion. Depending on the IDP used, fully unauthenticated attacks (e.g without access to a valid user) might also be feasible if generation of a signed message can be triggered. This issue is patched in version 4.6.3. Use of SAML2 authentication instead of WSFed is a workaround.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-23505
CVE-2022-33324Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versions "32" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "65" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R08/16/32/120SFCPU Firmware versions "29" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R12CCPU-V all versions, Mitsubishi Electric Corporation MELSEC iQ-L Series L04/08/16/32HCPU all versions and Mitsubishi Electric Corporation MELIPC Series MI5122-VW all versions allows a remote unauthenticated attacker to cause a Denial of Service condition in Ethernet communication on the module by sending specially crafted packets. A system reset of the module is required for recovery.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-33324
CVE-2021-37501Buffer Overflow vulnerability in HDFGroup hdf5-h5dump 1.12.0 through 1.13.0 allows attackers to cause a denial of service via h5tools_str_sprint in /hdf5/tools/lib/h5tools_str.c.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-37501
CVE-2023-0045The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set  function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is only issued on the next schedule, when the TIF bits are checked. This leaves the victim vulnerable to values already injected on the BTB, prior to the prctl syscall.  The patch that added the support for the conditional mitigation via prctl (ib_prctl_set) dates back to the kernel 4.9.176.\n\nWe recommend upgrading past commit a664ec9158eeddd75121d39c9a0758016097fa96\n\n7.5https://nvd.nist.gov/vuln/detail/CVE-2023-0045
CVE-2023-2156A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of proper handling of user-supplied data, which can lead to an assertion failure. This may allow an unauthenticated remote attacker to create a denial of service condition on the system.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-2156
CVE-2022-25883Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.\r\r\r7.5https://nvd.nist.gov/vuln/detail/CVE-2022-25883
CVE-2023-34981A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SEND_HEADERS messare woudl be sent for the response which in turn meant that at least one AJP proxy (mod_proxy_ajp) would use the response headers from the previous request leading to an information leak.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-34981
CVE-2023-0026An Improper Input Validation vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). When a BGP update message is received over an established BGP session, and that message contains a specific, optional transitive attribute, this session will be torn down with an update message error. This issue cannot propagate beyond an affected system as the processing error occurs as soon as the update is received. This issue is exploitable remotely as the respective attribute can propagate through unaffected systems and intermediate AS (if any). Continuous receipt of a BGP update containing this attribute will create a sustained Denial of Service (DoS) condition. Some customers have experienced these BGP session flaps which prompted Juniper SIRT to release this advisory out of cycle before fixed releases are widely available as there is an effective workaround.\n\nThis issue affects:\nJuniper Networks Junos OS\n15.1R1 and later versions prior to 20.4R3-S8;\n21.1 version 21.1R1 and later versions prior to 21.2R3-S6;\n21.3 versions prior to 21.3R3-S5;\n21.4 versions prior to 21.4R3-S4;\n22.1 versions prior to 22.1R3-S4;\n22.2 versions prior to 22.2R3-S2;\n22.3 versions prior to 22.3R2-S2, 22.3R3-S1;\n22.4 versions prior to 22.4R2-S1, 22.4R3;\n23.1 versions prior to 23.1R1-S1, 23.1R2.\n\nJuniper Networks Junos OS Evolved\nAll versions prior to 20.4R3-S8-EVO;\n21.1 version 21.1R1-EVO and later versions prior to 21.2R3-S6-EVO;\n21.3 versions prior to 21.3R3-S5-EVO;\n21.4 versions prior to 21.4R3-S4-EVO;\n22.1 versions prior to 22.1R3-S4-EVO;\n22.2 versions prior to 22.2R3-S2-EVO;\n22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO;\n22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO;\n23.1 versions prior to 23.1R1-S1-EVO, 23.1R2-EVO.\n7.5https://nvd.nist.gov/vuln/detail/CVE-2023-0026
CVE-2023-20896The VMware vCenter Server contains an out-of-bounds read vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds read by sending a specially crafted packet leading to denial-of-service of certain services (vmcad, vmdird, and vmafdd).7.5https://nvd.nist.gov/vuln/detail/CVE-2023-20896
CVE-2023-34188The HTTP server in Mongoose before 7.10 accepts requests containing negative Content-Length headers.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-34188
CVE-2023-36301Talend Data Catalog before 8.0-20230221 contain a directory traversal vulnerability in HeaderImageServlet.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-36301
CVE-2023-20006A vulnerability in the hardware-based SSL/TLS cryptography functionality of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Appliances could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition.\r\n\r This vulnerability is due to an implementation error within the cryptographic functions for SSL/TLS traffic processing when they are offloaded to the hardware. An attacker could exploit this vulnerability by sending a crafted stream of SSL/TLS traffic to an affected device. A successful exploit could allow the attacker to cause an unexpected error in the hardware-based cryptography engine, which could cause the device to reload.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-20006
CVE-2023-20108A vulnerability in the XCP Authentication Service of the Cisco Unified Communications Manager IM &amp; Presence Service (Unified CM IM&amp;P) could allow an unauthenticated, remote attacker to cause a temporary service outage for all Cisco Unified CM IM&amp;P users who are attempting to authenticate to the service, resulting in a denial of service (DoS) condition.\r\n\r This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted login message to the affected device. A successful exploit could allow the attacker to cause an unexpected restart of the authentication service, preventing new users from successfully authenticating. Exploitation of this vulnerability does not impact Cisco Unified CM IM&amp;P users who were authenticated prior to an attack.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-20108
CVE-2023-36814Products.CMFCore are the key framework services for the Zope Content Management Framework (CMF). The use of Python's marshal module to handle unchecked input in a public method on `PortalFolder` objects can lead to an unauthenticated denial of service and crash situation. The code in question is exposed by all portal software built on top of `Products.CMFCore`, such as Plone. All deployments are vulnerable. The code has been fixed in `Products.CMFCore` version 3.2.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-36814
CVE-2023-2880Frauscher Sensortechnik GmbH FDS001 for FAdC/FAdCi v1.3.3 and all previous versions are vulnerable to a path traversal vulnerability of the web interface by a crafted URL without authentication. This enables an remote attacker to read all files on the filesystem of the FDS001 device.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-2880
CVE-2021-46893Vulnerability of unstrict data verification and parameter check. Successful exploitation of this vulnerability may affect integrity.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-46893
CVE-2023-3089A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-validated.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-3089
CVE-2023-36933In Progress MOVEit Transfer before 2021.0.9 (13.0.9), 2021.1.7 (13.1.7), 2022.0.7 (14.0.7), 2022.1.8 (14.1.8), and 2023.0.4 (15.0.4), it is possible for an attacker to invoke a method that results in an unhandled exception. Triggering this workflow can cause the MOVEit Transfer application to terminate unexpectedly.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-36933
CVE-2023-34457MechanicalSoup is a Python library for automating interaction with websites. Starting in version 0.2.0 and prior to version 1.3.0, a malicious web server can read arbitrary files on the client using a `<input type="file" ...>` inside HTML form. All users of MechanicalSoup's form submission are affected, unless they took very specific (and manual) steps to reset HTML form field values. Version 1.3.0 contains a patch for this issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-34457
CVE-2023-36827Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. A path traversal (directory traversal) vulnerability affects fides versions lower than version `2.15.1`, allowing remote attackers to access arbitrary files on the fides webserver container's filesystem. The vulnerability is patched in fides `2.15.1`.\n\nIf the Fides webserver API is not directly accessible to attackers and is instead deployed behind a reverse proxy as recommended in Ethyca's security best practice documentation, and the reverse proxy is an AWS application load balancer, the vulnerability can't be exploited by these attackers. An AWS application load balancer will reject this attack with a 400 error. Additionally, any secrets supplied to the container using environment variables rather than a `fides.toml` configuration file are not affected by this vulnerability.\n7.5https://nvd.nist.gov/vuln/detail/CVE-2023-36827
CVE-2021-46892Encryption bypass vulnerability in Maintenance mode. Successful exploitation of this vulnerability may affect service confidentiality.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-46892
CVE-2022-48507Vulnerability of identity verification being bypassed in the storage module. Successful exploitation of this vulnerability may affect service confidentiality.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-48507
CVE-2022-48508Inappropriate authorization vulnerability in the system apps. Successful exploitation of this vulnerability may affect service integrity.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-48508
CVE-2022-48514The Sepolicy module has inappropriate permission control on the use of Netlink.Successful exploitation of this vulnerability may affect confidentiality.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-48514
CVE-2022-48515Vulnerability of inappropriate permission control in Nearby. Successful exploitation of this vulnerability may affect service confidentiality.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-48515
CVE-2022-48516Vulnerability that a unique value can be obtained by a third-party app in the DSoftBus module. Successful exploitation of this vulnerability will affect confidentiality.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-48516
CVE-2022-48517Unauthorized service access vulnerability in the DSoftBus module. Successful exploitation of this vulnerability will affect availability.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-48517
CVE-2022-48519Unauthorized access vulnerability in the SystemUI module. Successful exploitation of this vulnerability may affect confidentiality.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-48519
CVE-2022-48520Unauthorized access vulnerability in the SystemUI module. Successful exploitation of this vulnerability may affect confidentiality.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-48520
CVE-2023-1691Vulnerability of failures to capture exceptions in the communication framework. Successful exploitation of this vulnerability may cause features to perform abnormally.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-1691
CVE-2023-1695Vulnerability of failures to capture exceptions in the communication framework. Successful exploitation of this vulnerability may cause features to perform abnormally.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-1695
CVE-2023-34164Vulnerability of incomplete input parameter verification in the communication framework module. Successful exploitation of this vulnerability may affect availability.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-34164
CVE-2023-37239Format string vulnerability in the distributed file system. Attackers who bypass the selinux permission can exploit this vulnerability to crash the program.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-37239
CVE-2023-37241Input verification vulnerability in the WMS API. Successful exploitation of this vulnerability may cause the device to restart.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-37241
CVE-2021-46896Buffer Overflow vulnerability in PX4-Autopilot allows attackers to cause a denial of service via handler function handling msgid 332.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-46896
CVE-2023-36189SQL injection vulnerability in langchain v.0.0.64 allows a remote attacker to obtain sensitive information via the SQLDatabaseChain component.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-36189
CVE-2023-23571An access violation vulnerability exists in the eventcore functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to denial of service. An attacker can send a network request to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-23571
CVE-2023-23907A directory traversal vulnerability exists in the server.js start functionality of Milesight VPN v2.0.2. A specially-crafted network request can lead to arbitrary file read. An attacker can send a network request to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-23907
CVE-2023-25081Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the src and dmz variables.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-25081
CVE-2023-25082Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the old_ip and old_mac variables.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-25082
CVE-2023-25083Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the ip and mac variables.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-25083
CVE-2023-25084Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the ip, mac and description variables.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-25084
CVE-2023-25085Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the index and to_dst variables.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-25085
CVE-2023-25086Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the index and dport variables.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-25086
CVE-2023-25087Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the index and to_dport variables.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-25087
CVE-2023-25088Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the index and description variables.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-25088
CVE-2023-25089Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the handle_interface_acl function with the interface variable when in_acl is -1.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-25089
CVE-2023-25090Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the handle_interface_acl function with the interface and in_acl variables.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-25090
CVE-2023-25091Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the handle_interface_acl function with the interface variable when out_acl is -1.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-25091
CVE-2023-25092Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the handle_interface_acl function with the interface and out_acl variables.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-25092
CVE-2023-25093Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the class_name variable..7.5https://nvd.nist.gov/vuln/detail/CVE-2023-25093
CVE-2023-25094Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the into_class_node function with either the class_name or old_class_name variable.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-25094
CVE-2023-25095Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the rule_name variable with two possible format strings that represent negated commands.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-25095
CVE-2023-25096Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the rule_name variable with two possible format strings.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-25096
CVE-2023-25097Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the attach_class variable.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-25097
CVE-2023-25098Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the source variable.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-25098
CVE-2023-25099Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the dest variable.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-25099
CVE-2023-25100Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the default_class variable.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-25100
CVE-2023-25101Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_dmvpn function with the gre_key variable.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-25101
CVE-2023-25102Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_dmvpn function with the hub_ip and the hub_gre_ip variables.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-25102
CVE-2023-25103Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_dmvpn function with the gre_ip and the gre_mask variables.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-25103
CVE-2023-25104Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_ike_profile function with the username and the password variables.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-25104
CVE-2023-25105Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_ike_profile function with the secrets_remote variable.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-25105
CVE-2023-25106Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the local_virtual_ip and the local_virtual_mask variables.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-25106
CVE-2023-25107Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the remote_subnet and the remote_mask variables.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-25107
CVE-2023-25108Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the remote_ip variable.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-25108
CVE-2023-25109Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the local_ip variable.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-25109
CVE-2023-25110Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the remote_virtual_ip variable.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-25110
CVE-2023-25111Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the key variable.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-25111
CVE-2023-25112Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_l2tp function with the remote_subnet and the remote_mask variables.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-25112
CVE-2023-25113Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_l2tp function with the key variable.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-25113
CVE-2023-25114Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the expert_options variable.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-25114
CVE-2023-25115Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the remote_ip and the port variables.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-25115
CVE-2023-25116Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the local_virtual_ip and the remote_virtual_ip variables.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-25116
CVE-2023-25117Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the local_virtual_ip and the local_virtual_mask variables.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-25117
CVE-2023-25118Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the username and the password variables.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-25118
CVE-2023-25119Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_pptp function with the remote_subnet and the remote_mask variables.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-25119
CVE-2023-25120Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_dmvpn function with the cisco_secret variable.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-25120
CVE-2023-25121Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_ike_profile function with the secrets_local variable.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-25121
CVE-2023-25122Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the old_remote_subnet and the old_remote_mask variables.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-25122
CVE-2023-25123Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the remote_subnet and the remote_mask variables when action is 2.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-25123
CVE-2023-25124Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the remote_subnet and the remote_mask variables.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-25124
CVE-2023-30323SQL Injection vulnerability in username field in /src/chatbotapp/chatWindow.java in Payatu ChatEngine v.1.0, allows attackers to gain sensitive information.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-30323
CVE-2023-30325SQL Injection vulnerability in textMessage parameter in /src/chatbotapp/chatWindow.java in wliang6 ChatEngine v.1.0, allows attackers to gain sensitive information.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-30325
CVE-2023-37260league/oauth2-server is an implementation of an OAuth 2.0 authorization server written in PHP. Starting in version 8.3.2 and prior to version 8.5.3, servers that passed their keys to the CryptKey constructor as as string instead of a file path will have had that key included in a LogicException message if they did not provide a valid pass phrase for the key where required. This issue has been patched so that the provided key is no longer exposed in the exception message in the scenario outlined above. Users should upgrade to version 8.5.3 to receive the patch. As a workaround, pass the key as a file instead of a string.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-37260
CVE-2023-36461Mastodon is a free, open-source social network server based on ActivityPub. When performing outgoing HTTP queries, Mastodon sets a timeout on individual read operations. Prior to versions 3.5.9, 4.0.5, and 4.1.3, a malicious server can indefinitely extend the duration of the response through slowloris-type attacks. This vulnerability can be used to keep all Mastodon workers busy for an extended duration of time, leading to the server becoming unresponsive. Versions 3.5.9, 4.0.5, and 4.1.3 contain a patch for this issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-36461
CVE-2023-3529A vulnerability classified as problematic has been found in Rotem Dynamics Rotem CRM up to 20230729. This affects an unknown part of the file /LandingPages/api/otp/send?id=[ID][ampersand]method=sms of the component OTP URI Interface. The manipulation leads to information exposure through discrepancy. It is possible to initiate the attack remotely. The identifier VDB-233253 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-3529
CVE-2023-30195In the module "Detailed Order" (lgdetailedorder) in version up to 1.1.20 from Linea Grafica for PrestaShop, a guest can download personal informations without restriction formatted in json.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-30195
CVE-2023-20899VMware SD-WAN (Edge) contains a bypass authentication vulnerability. An unauthenticated attacker can download the Diagnostic bundle of the application under VMware SD-WAN Management.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-20899
CVE-2023-31277\n\n\n\n\nPiiGAB M-Bus transmits credentials in plaintext format.\n\n\n\n\n\n7.5https://nvd.nist.gov/vuln/detail/CVE-2023-31277
CVE-2023-37192Memory management and protection issues in Bitcoin Core v22 allows attackers to modify the stored sending address within the app's memory, potentially allowing them to redirect Bitcoin transactions to wallets of their own choosing.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-37192
CVE-2023-3534A vulnerability was found in SourceCodester Shopping Website 1.0. It has been classified as critical. Affected is an unknown function of the file check_availability.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-233286 is the identifier assigned to this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-3534
CVE-2023-36201An issue in JerryscriptProject jerryscript v.3.0.0 allows an attacker to obtain sensitive information via a crafted script to the arrays.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-36201
CVE-2021-33796In MuJS before version 1.1.2, a use-after-free flaw in the regexp source property access may cause denial of service.\n\n7.5https://nvd.nist.gov/vuln/detail/CVE-2021-33796
CVE-2021-32494Radare2 has a division by zero vulnerability in Mach-O parser's rebase_buffer function. This allow attackers to create malicious inputs that can cause denial of service.\n\n\n7.5https://nvd.nist.gov/vuln/detail/CVE-2021-32494
CVE-2023-3553Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository nilsteampassnet/teampass prior to 3.0.10.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-3553
CVE-2023-37288SmartBPM.NET component has a vulnerability of path traversal within its file download function. An unauthenticated remote attacker can exploit this vulnerability to access arbitrary system files.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-37288
CVE-2023-0359A missing nullptr-check in handle_ra_input can cause a nullptr-deref.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-0359
CVE-2023-27540IBM Watson CP4D Data Stores 4.6.0 does not properly allocate resources without limits or throttling which could allow a remote attacker with information specific to the system to cause a denial of service. IBM X-Force ID: 248924.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-27540
CVE-2023-30442IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 federated server is vulnerable to a denial of service as the server may crash when using a specially crafted wrapper using certain options. IBM X-Force ID: 253202.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-30442
CVE-2023-30445\nIBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253357.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-30445
CVE-2023-30446IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: \n\n253361\n\n.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-30446
CVE-2023-30447IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253436.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-30447
CVE-2023-30448\nIBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253437.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-30448
CVE-2023-30449\nIBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 253439.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-30449
CVE-2023-35696\nUnauthenticated endpoints in the SICK ICR890-4 could allow an unauthenticated\nremote attacker to retrieve sensitive information about the device via HTTP requests.\n\n7.5https://nvd.nist.gov/vuln/detail/CVE-2023-35696
CVE-2023-35697\nImproper Restriction of Excessive Authentication Attempts in the SICK ICR890-4\ncould allow a remote attacker to brute-force user credentials.\n\n7.5https://nvd.nist.gov/vuln/detail/CVE-2023-35697
CVE-2023-3270Exposure of Sensitive Information to an Unauthorized Actor in the SICK ICR890-4 could allow an unauthenticated remote attacker to retrieve sensitive information about the system.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-3270
CVE-2023-34316?An attacker could bypass the latest Delta Electronics InfraSuite Device Master (versions prior to 1.0.7) patch, which could allow an attacker to retrieve file contents.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-34316
CVE-2023-24487Arbitrary file read in Citrix ADC and Citrix Gateway?7.5https://nvd.nist.gov/vuln/detail/CVE-2023-24487
CVE-2023-36917SAP BusinessObjects Business Intelligence Platform - version 420, 430, allows an unauthorized attacker who had hijacked a user session, to be able to bypass the victim’s old password via brute force, due to unrestricted rate limit for password change functionality. Although the attack has no impact on integrity loss or system availability, this could lead to an attacker to completely takeover a victim’s account.\n\n7.5https://nvd.nist.gov/vuln/detail/CVE-2023-36917
CVE-2023-31818An issue found in Marukyu Line v.13.4.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp function.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-31818
CVE-2023-36293SQL injection vulnerability in wmanager v.1.0.7 and before allows a remote attacker to obtain sensitive information via a crafted script to the company.php component.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-36293
CVE-2023-32034Remote Procedure Call Runtime Denial of Service Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2023-32034
CVE-2023-32035Remote Procedure Call Runtime Denial of Service Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2023-32035
CVE-2023-32042OLE Automation Information Disclosure Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2023-32042
CVE-2023-32044Microsoft Message Queuing Denial of Service Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2023-32044
CVE-2023-32045Microsoft Message Queuing Denial of Service Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2023-32045
CVE-2023-32084HTTP.sys Denial of Service Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2023-32084
CVE-2023-33163Windows Network Load Balancing Remote Code Execution Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2023-33163
CVE-2023-33165Microsoft SharePoint Server Security Feature Bypass Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2023-33165
CVE-2023-33166Remote Procedure Call Runtime Denial of Service Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2023-33166
CVE-2023-33172Remote Procedure Call Runtime Denial of Service Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2023-33172
CVE-2023-35297Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2023-35297
CVE-2023-35298HTTP.sys Denial of Service Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2023-35298
CVE-2023-35309Microsoft Message Queuing Remote Code Execution Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2023-35309
CVE-2023-35325Windows Print Spooler Information Disclosure Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2023-35325
CVE-2023-35330Windows Extended Negotiation Denial of Service Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2023-35330
CVE-2023-35333MediaWiki PandocUpload Extension Remote Code Execution Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2023-35333
CVE-2023-35338Windows Peer Name Resolution Protocol Denial of Service Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2023-35338
CVE-2023-35339Windows CryptoAPI Denial of Service Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2023-35339
CVE-2023-35352Windows Remote Desktop Security Feature Bypass Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2023-35352
CVE-2023-3525The Getnet Argentina para Woocommerce plugin for WordPress is vulnerable to authorization bypass due to missing validation on the 'webhook' function in versions up to, and including, 0.0.4. This makes it possible for unauthenticated attackers to set their payment status to 'APPROVED' without payment.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-3525
CVE-2023-29298Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-29298
CVE-2023-29301Adobe ColdFusion versions 2018u16 (and earlier), 2021u6 (and earlier) and 2023.0.0.330468 (and earlier) are affected by an Improper Restriction of Excessive Authentication Attempts vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the confidentiality of the user. Exploitation of this issue does not require user interaction.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-29301
CVE-2023-36831An Improper Check or Handling of Exceptional Conditions vulnerability in the UTM (Unified Threat Management) Web-Filtering feature of Juniper Networks Junos OS on SRX Series causes a jbuf memory leak to occur when accessing certain websites, eventually leading to a Denial of Service (DoS) condition. Service restoration is only possible by rebooting the system.\n\nThe jbuf memory leak only occurs in SSL Proxy and UTM Web-Filtering configurations. Other products, platforms, and configurations are not affected by this vulnerability.\n\nThis issue affects Juniper Networks Junos OS on SRX Series:\n22.2 versions prior to 22.2R3;\n22.3 versions prior to 22.3R2-S1, 22.3R3;\n22.4 versions prior to 22.4R1-S2, 22.4R2.\n\nThis issue does not affect Juniper Networks Junos OS versions prior to 22.2R2.\n7.5https://nvd.nist.gov/vuln/detail/CVE-2023-36831
CVE-2023-36832An Improper Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS on MX Series allows an unauthenticated network-based attacker to send specific packets to an Aggregated Multiservices (AMS) interface on the device, causing the packet forwarding engine (PFE) to crash, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.\n\nThis issue is only triggered by packets destined to a local-interface via a service-interface (AMS). AMS is only supported on the MS-MPC, MS-MIC, and MX-SPC3 cards. This issue is not experienced on other types of interfaces or configurations. Additionally, transit traffic does not trigger this issue.\n\nThis issue affects Juniper Networks Junos OS on MX Series:\nAll versions prior to 19.1R3-S10;\n19.2 versions prior to 19.2R3-S7;\n19.3 versions prior to 19.3R3-S8;\n19.4 versions prior to 19.4R3-S12;\n20.2 versions prior to 20.2R3-S8;\n20.4 versions prior to 20.4R3-S7;\n21.1 versions prior to 21.1R3-S5;\n21.2 versions prior to 21.2R3-S5;\n21.3 versions prior to 21.3R3-S4;\n21.4 versions prior to 21.4R3-S3;\n22.1 versions prior to 22.1R3-S2;\n22.2 versions prior to 22.2R3;\n22.3 versions prior to 22.3R2-S1, 22.3R3;\n22.4 versions prior to 22.4R1-S2, 22.4R2.\n7.5https://nvd.nist.gov/vuln/detail/CVE-2023-36832
CVE-2023-28985An Improper Validation of Syntactic Correctness of Input vulnerability in Intrusion Detection and Prevention (IDP) of Juniper Networks SRX Series and MX Series allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). Continued receipt of this specific packet will cause a sustained Denial of Service condition.\n\nOn all SRX Series and MX Series platforms, where IDP is enabled and a specific malformed SSL packet is received, the SSL detector crashes leading to an FPC core.\n\nThis issue affects Juniper Networks SRX Series and MX Series prior to SigPack 3598.\n\nIn order to identify the current SigPack version, following command can be used:\n\nuser@junos# show security idp security-package-version7.5https://nvd.nist.gov/vuln/detail/CVE-2023-28985
CVE-2023-36835An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on QFX10000 Series allows a network based attacker to cause a Denial of Service (DoS).\n\nIf a specific valid IP packet is received and that packet needs to be routed over a VXLAN tunnel, this will result in a PFE wedge condition due to which traffic gets impacted. As this is not a crash and restart scenario, this condition will persist until the system is rebooted to recover.\n\nThis issue affects Juniper Networks Junos OS on QFX10000:\n20.3 version 20.3R1 and later versions;\n20.4 versions prior to 20.4R3-S5;\n21.1 versions prior to 21.1R3-S5;\n21.2 versions prior to 21.2R3-S5;\n21.3 versions prior to 21.3R3-S4;\n21.4 versions prior to 21.4R3-S1;\n22.1 versions prior to 22.1R3;\n22.2 versions prior to 22.2R2;\n22.3 versions prior to 22.3R1-S2, 22.3R2.\n7.5https://nvd.nist.gov/vuln/detail/CVE-2023-36835
CVE-2023-3714The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'edit_group' handler in versions up to, and including, 5.5.2. This makes it possible for authenticated attackers, with group ownership, to update group options, including the 'associate_role' parameter, which defines the member's role. This issue was partially patched in version 5.5.2 preventing privilege escalation, however, it was fully patched in 5.5.3.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-3714
CVE-2023-22047Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).7.5https://nvd.nist.gov/vuln/detail/CVE-2023-22047
CVE-2023-36749A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The webserver of the affected devices support insecure TLS 1.0 protocol. An attacker could achieve a man-in-the-middle attack and compromise confidentiality and integrity of data.7.4https://nvd.nist.gov/vuln/detail/CVE-2023-36749
CVE-2023-21526Windows Netlogon Information Disclosure Vulnerability7.4https://nvd.nist.gov/vuln/detail/CVE-2023-21526
CVE-2023-20185A vulnerability in the Cisco ACI Multi-Site CloudSec encryption feature of Cisco Nexus 9000 Series Fabric Switches in ACI mode could allow an unauthenticated, remote attacker to read or modify intersite encrypted traffic.\r\n\r This vulnerability is due to an issue with the implementation of the ciphers that are used by the CloudSec encryption feature on affected switches. An attacker with an on-path position between the ACI sites could exploit this vulnerability by intercepting intersite encrypted traffic and using cryptanalytic techniques to break the encryption. A successful exploit could allow the attacker to read or modify the traffic that is transmitted between the sites.\r\n\r Cisco has not released and will not release software updates that address this vulnerability.7.4https://nvd.nist.gov/vuln/detail/CVE-2023-20185
CVE-2023-36456authentik is an open-source Identity Provider. Prior to versions 2023.4.3 and 2023.5.5, authentik does not verify the source of the X-Forwarded-For and X-Real-IP headers, both in the Python code and the go code. Only authentik setups that are directly accessible by users without a reverse proxy are susceptible to this. Possible spoofing of IP addresses in logs, downstream applications proxied by (built in) outpost, IP bypassing in custom flows if used.\n\nThis poses a possible security risk when someone has flows or policies that check the user's IP address, e.g. when they want to ignore the user's 2 factor authentication when the user is connected to the company network. A second security risk is that the IP addresses in the logfiles and user sessions are not reliable anymore. Anybody can spoof this address and one cannot verify that the user has logged in from the IP address that is in their account's log. A third risk is that this header is passed on to the proxied application behind an outpost. The application may do any kind of verification, logging, blocking or rate limiting based on the IP address, and this IP address can be overridden by anybody that want to.\n\nVersions 2023.4.3 and 2023.5.5 contain a patch for this issue.\n7.3https://nvd.nist.gov/vuln/detail/CVE-2023-36456
CVE-2023-32054Volume Shadow Copy Elevation of Privilege Vulnerability7.3https://nvd.nist.gov/vuln/detail/CVE-2023-32054
CVE-2022-46333The admin user interface in Proofpoint Enterprise Protection (PPS/PoD) contains a command injection vulnerability that enables an admin to execute commands beyond their allowed scope. This affects all versions 8.19.0 and below.\n\n7.2https://nvd.nist.gov/vuln/detail/CVE-2022-46333
CVE-2022-4722Authentication Bypass by Primary Weakness in GitHub repository ikus060/rdiffweb prior to 2.5.5.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-4722
CVE-2021-41143OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, Magento admin users with access to the customer media could execute code on the server. Versions 19.4.22 and 20.0.19 contain a patch for this issue.7.2https://nvd.nist.gov/vuln/detail/CVE-2021-41143
CVE-2023-22365An OS command injection vulnerability exists in the ys_thirdparty check_system_user functionality of Milesight UR32L v32.3.0.5. A specially crafted set of network packets can lead to command execution. An attacker can send a network request to trigger this vulnerability.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-22365
CVE-2023-22659An os command injection vulnerability exists in the libzebra.so change_hostname functionality of Milesight UR32L v32.3.0.5. A specially-crafted network packets can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-22659
CVE-2023-23550An OS command injection vulnerability exists in the ys_thirdparty user_delete functionality of Milesight UR32L v32.3.0.5. A specially crafted network packet can lead to command execution. An attacker can send a sequence of requests to trigger this vulnerability.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-23550
CVE-2023-25582Two OS command injection vulnerabilities exist in the zebra vlan_name functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is in the code branch that manages an already existing vlan configuration.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-25582
CVE-2023-25583Two OS command injection vulnerabilities exist in the zebra vlan_name functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to command execution. An attacker can send a network request to trigger these vulnerabilities.This command injection is in the code branch that manages a new vlan configuration.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-25583
CVE-2023-36992PHP injection in TravianZ 8.3.4 and 8.3.3 in the config editor in the admin page allows remote attackers to execute PHP code.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-36992
CVE-2023-3551Code Injection in GitHub repository nilsteampassnet/teampass prior to 3.0.10.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-3551
CVE-2021-42081An authenticated administrator is allowed to remotely execute arbitrary shell commands via the API.7.2https://nvd.nist.gov/vuln/detail/CVE-2021-42081
CVE-2021-4406An administrator is able to execute commands as root via the alerts management dialog7.2https://nvd.nist.gov/vuln/detail/CVE-2021-4406
CVE-2023-1208This HTTP Headers WordPress plugin before 1.18.11 allows arbitrary data to be written to arbitrary files, leading to a Remote Code Execution vulnerability.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-1208
CVE-2023-29095Auth. (admin+) SQL Injection (SQLi) vulnerability in David F. Carr RSVPMaker plugin < 10.5.5 versions.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-29095
CVE-2023-2493The All In One Redirection WordPress plugin before 2.2.0 does not properly sanitise and escape multiple parameters before using them in an SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-2493
CVE-2023-36921SAP Solution Manager (Diagnostics agent) - version 7.20, allows an attacker to tamper with headers in a client request. This misleads SAP Diagnostics Agent to serve poisoned content to the server. On successful exploitation, the attacker can cause a limited impact on confidentiality and availability of the application.\n\n7.2https://nvd.nist.gov/vuln/detail/CVE-2023-36921
CVE-2023-36925SAP Solution Manager (Diagnostics agent) - version 7.20, allows an unauthenticated attacker to blindly execute HTTP requests. On successful exploitation, the attacker can cause a limited impact on confidentiality and availability of the application and other applications the Diagnostics Agent can reach.\n\n7.2https://nvd.nist.gov/vuln/detail/CVE-2023-36925
CVE-2023-23777An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in FortiWeb version 7.0.1 and below, 6.4 all versions, version 6.3.18 and below may allow a privileged attacker to execute arbitrary bash commands via crafted cli backup parameters.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-23777
CVE-2023-36750A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The software-upgrade Url parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-36750
CVE-2023-36751A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The install-app URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-36751
CVE-2023-36752A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The upgrade-app URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-36752
CVE-2023-36753A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The uninstall-app App-name parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-36753
CVE-2023-36754A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The SCEP server configuration URL parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-36754
CVE-2023-36755A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The SCEP CA Certificate Name parameter in the web interface of affected devices is vulnerable to command injection due to missing server side input sanitation. This could allow an authenticated privileged remote attacker to execute arbitrary code with root privileges.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-36755
CVE-2023-32033Microsoft Failover Cluster Remote Code Execution Vulnerability7.2https://nvd.nist.gov/vuln/detail/CVE-2023-32033
CVE-2023-35350Windows Active Directory Certificate Services (AD CS) Remote Code Execution Vulnerability7.2https://nvd.nist.gov/vuln/detail/CVE-2023-35350
CVE-2023-3023The WP EasyCart plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in versions up to, and including, 5.4.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level or above permissions, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-3023
CVE-2023-3135The Mailtree Log Mail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-3135
CVE-2023-3158The Mail Control plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, 0.2.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-3158
CVE-2023-3166The Lana Email Logger plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, Lana Email Logger due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-3166
CVE-2023-3167The Mail Queue plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-3167
CVE-2023-3168The WP Reroute Email plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-3168
CVE-2023-3459The Export and Import Users and Customers plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'hf_update_customer' function called via an AJAX action in versions up to, and including, 2.4.1. This makes it possible for authenticated attackers, with shop manager-level permissions to change user passwords and potentially take over administrator accounts.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-3459
CVE-2021-4204An out-of-bounds (OOB) memory access flaw was found in the Linux kernel's eBPF due to an Improper Input Validation. This flaw allows a local attacker with a special privilege to crash the system or leak internal information.7.1https://nvd.nist.gov/vuln/detail/CVE-2021-4204
CVE-2023-34241OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. Starting in version 2.0.0 and prior to version 2.4.6, CUPS logs data of free memory to the logging service AFTER the connection has been closed, when it should have logged the data right before. This is a use-after-free bug that impacts the entire cupsd process.\n\nThe exact cause of this issue is the function `httpClose(con->http)` being called in `scheduler/client.c`. The problem is that httpClose always, provided its argument is not null, frees the pointer at the end of the call, only for cupsdLogClient to pass the pointer to httpGetHostname. This issue happens in function `cupsdAcceptClient` if LogLevel is warn or higher and in two scenarios: there is a double-lookup for the IP Address (HostNameLookups Double is set in `cupsd.conf`) which fails to resolve, or if CUPS is compiled with TCP wrappers and the connection is refused by rules from `/etc/hosts.allow` and `/etc/hosts.deny`.\n\nVersion 2.4.6 has a patch for this issue.7.1https://nvd.nist.gov/vuln/detail/CVE-2023-34241
CVE-2023-29241Improper Information in Cybersecurity Guidebook in Bosch Building Integration System (BIS) 5.0 may lead to wrong configuration which allows local users to access data via network7.1https://nvd.nist.gov/vuln/detail/CVE-2023-29241
CVE-2023-25517\nNVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where a guest OS may be able to control resources for which it is not authorized, which may lead to information disclosure and data tampering.\n\n7.1https://nvd.nist.gov/vuln/detail/CVE-2023-25517
CVE-2023-30643Missing authentication vulnerability in Galaxy Themes Service prior to SMR Jul-2023 Release 1 allows local attackers to delete arbitrary non-preloaded applications.7.1https://nvd.nist.gov/vuln/detail/CVE-2023-30643
CVE-2023-3523Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.2.2.7.1https://nvd.nist.gov/vuln/detail/CVE-2023-3523
CVE-2023-35347Microsoft Install Service Elevation of Privilege Vulnerability7.1https://nvd.nist.gov/vuln/detail/CVE-2023-35347
CVE-2023-32050Windows Installer Elevation of Privilege Vulnerability7https://nvd.nist.gov/vuln/detail/CVE-2023-32050
CVE-2023-33156Microsoft Defender Elevation of Privilege Vulnerability7https://nvd.nist.gov/vuln/detail/CVE-2023-33156
CVE-2023-35360Windows Kernel Elevation of Privilege Vulnerability7https://nvd.nist.gov/vuln/detail/CVE-2023-35360
CVE-2023-35361Windows Kernel Elevation of Privilege Vulnerability7https://nvd.nist.gov/vuln/detail/CVE-2023-35361
CVE-2023-27198PAX A930 device with PayDroid_7.1.1_Virgo_V04.5.02_20220722 can allow the execution of arbitrary commands by using the exec service and including a specific word in the command to be executed. The attacker must have physical USB access to the device in order to exploit this vulnerability.6.8https://nvd.nist.gov/vuln/detail/CVE-2023-27198
CVE-2023-36748A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The affected devices are configured to offer weak ciphers by default. This could allow an unauthorized attacker in a man-in-the-middle position to read and modify any data\r\npassed over to and from the affected device.6.8https://nvd.nist.gov/vuln/detail/CVE-2023-36748
CVE-2023-29347Windows Admin Center Spoofing Vulnerability6.8https://nvd.nist.gov/vuln/detail/CVE-2023-29347
CVE-2023-32043Windows Remote Desktop Security Feature Bypass Vulnerability6.8https://nvd.nist.gov/vuln/detail/CVE-2023-32043
CVE-2023-35332Windows Remote Desktop Protocol Security Feature Bypass6.8https://nvd.nist.gov/vuln/detail/CVE-2023-35332
CVE-2023-27199PAX Technology A930 PayDroid_7.1.1_Virgo_V04.5.02_20220722 allows attackers to compile a malicious shared library and use LD_PRELOAD to bypass authorization checks.6.7https://nvd.nist.gov/vuln/detail/CVE-2023-27199
CVE-2023-32055Active Template Library Elevation of Privilege Vulnerability6.7https://nvd.nist.gov/vuln/detail/CVE-2023-32055
CVE-2023-35310Windows DNS Server Remote Code Execution Vulnerability6.6https://nvd.nist.gov/vuln/detail/CVE-2023-35310
CVE-2023-35344Windows DNS Server Remote Code Execution Vulnerability6.6https://nvd.nist.gov/vuln/detail/CVE-2023-35344
CVE-2023-35345Windows DNS Server Remote Code Execution Vulnerability6.6https://nvd.nist.gov/vuln/detail/CVE-2023-35345
CVE-2023-35346Windows DNS Server Remote Code Execution Vulnerability6.6https://nvd.nist.gov/vuln/detail/CVE-2023-35346
CVE-2023-35351Windows Active Directory Certificate Services (AD CS) Remote Code Execution Vulnerability6.6https://nvd.nist.gov/vuln/detail/CVE-2023-35351
CVE-2021-41115Zulip is an open source team chat server. In affected versions Zulip allows organization administrators on a server to configure "linkifiers" that automatically create links from messages that users send, detected via arbitrary regular expressions. Malicious organization administrators could subject the server to a denial-of-service via regular expression complexity attacks; most simply, by configuring a quadratic-time regular expression in a linkifier, and sending messages that exploited it. A regular expression attempted to parse the user-provided regexes to verify that they were safe from ReDoS -- this was both insufficient, as well as _itself_ subject to ReDoS if the organization administrator entered a sufficiently complex invalid regex. Affected users should [upgrade to the just-released Zulip 4.7](https://zulip.readthedocs.io/en/latest/production/upgrade-or-modify.html#upgrading-to-a-release), or [`main`](https://zulip.readthedocs.io/en/latest/production/upgrade-or-modify.html#upgrading-from-a-git-repository).6.5https://nvd.nist.gov/vuln/detail/CVE-2021-41115
CVE-2021-41564Tad Honor viewing book list function is vulnerable to authorization bypass, thus remote attackers can use special parameters to delete articles arbitrarily without logging in.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-41564
CVE-2021-41168Snudown is a reddit-specific fork of the Sundown Markdown parser used by GitHub, with Python integration added. In affected versions snudown was found to be vulnerable to denial of service attacks to its reference table implementation. References written in markdown ` [reference_name]: https://www.example.com` are inserted into a hash table which was found to have a weak hash function, meaning that an attacker can reliably generate a large number of collisions for it. This makes the hash table vulnerable to a hash-collision DoS attack, a type of algorithmic complexity attack. Further the hash table allowed for duplicate entries resulting in long retrieval times. Proofs of concept and further discussion of the hash collision issue are discussed on the snudown GHSA(https://github.com/reddit/snudown/security/advisories/GHSA-6gvv-9q92-w5f6). Users are advised to update to version 1.7.0.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-41168
CVE-2021-41571In Apache Pulsar it is possible to access data from BookKeeper that does not belong to the topics accessible by the authenticated user. The Admin API get-message-by-id requires the user to input a topic and a ledger id. The ledger id is a pointer to the data, and it is supposed to be a valid it for the topic. Authorisation controls are performed against the topic name and there is not proper validation the that ledger id is valid in the context of such ledger. So it may happen that the user is able to read from a ledger that contains data owned by another tenant. This issue affects Apache Pulsar Apache Pulsar version 2.8.0 and prior versions; Apache Pulsar version 2.7.3 and prior versions; Apache Pulsar version 2.6.4 and prior versions.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-41571
CVE-2022-23572Tensorflow is an Open Source Machine Learning Framework. Under certain scenarios, TensorFlow can fail to specialize a type during shape inference. This case is covered by the `DCHECK` function however, `DCHECK` is a no-op in production builds and an assertion failure in debug builds. In the first case execution proceeds to the `ValueOrDie` line. This results in an assertion failure as `ret` contains an error `Status`, not a value. In the second case we also get a crash due to the assertion failure. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, and TensorFlow 2.6.3, as these are also affected and still in supported range.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-23572
CVE-2022-23580Tensorflow is an Open Source Machine Learning Framework. During shape inference, TensorFlow can allocate a large vector based on a value from a tensor controlled by the user. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-23580
CVE-2022-23583Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that any binary op would trigger `CHECK` failures. This occurs when the protobuf part corresponding to the tensor arguments is modified such that the `dtype` no longer matches the `dtype` expected by the op. In that case, calling the templated binary operator for the binary op would receive corrupted data, due to the type confusion involved. If `Tin` and `Tout` don't match the type of data in `out` and `input_*` tensors then `flat<*>` would interpret it wrongly. In most cases, this would be a silent failure, but we have noticed scenarios where this results in a `CHECK` crash, hence a denial of service. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-23583
CVE-2022-28135Jenkins instant-messaging Plugin 1.41 and earlier stores passwords for group chats unencrypted in the global configuration file of plugins based on Jenkins instant-messaging Plugin on the Jenkins controller where they can be viewed by users with access to the Jenkins controller file system.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-28135
CVE-2022-39254matrix-nio is a Python Matrix client library, designed according to sans I/O principles. Prior to version 0.20, when a users requests a room key from their devices, the software correctly remember the request. Once they receive a forwarded room key, they accept it without checking who the room key came from. This allows homeservers to try to insert room keys of questionable validity, potentially mounting an impersonation attack. Version 0.20 fixes the issue.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-39254
CVE-2021-4287A vulnerability, which was classified as problematic, was found in ReFirm Labs binwalk up to 2.3.2. Affected is an unknown function of the file src/binwalk/modules/extractor.py of the component Archive Extraction Handler. The manipulation leads to symlink following. It is possible to launch the attack remotely. Upgrading to version 2.3.3 is able to address this issue. The name of the patch is fa0c0bd59b8588814756942fe4cb5452e76c1dcd. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-216876.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-4287
CVE-2023-28180A denial-of-service issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. A user in a privileged network position may be able to cause a denial-of-service6.5https://nvd.nist.gov/vuln/detail/CVE-2023-28180
CVE-2023-33460There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. which will cause out-of-memory in server and cause crash.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-33460
CVE-2023-34246Doorkeeper is an OAuth 2 provider for Ruby on Rails / Grape. Prior to version 5.6.6, Doorkeeper automatically processes authorization requests without user consent for public clients that have been previous approved. Public clients are inherently vulnerable to impersonation, their identity cannot be assured. This issue is fixed in version 5.6.6.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-34246
CVE-2023-20105A vulnerability in the change password functionality of Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an authenticated, remote attacker with Read-only credentials to elevate privileges to Administrator on an affected system.\r\n\r This vulnerability is due to incorrect handling of password change requests. An attacker could exploit this vulnerability by authenticating to the application as a Read-only user and sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to alter the passwords of any user on the system, including an administrative user, and then impersonate that user.\r\n\r Note: Cisco Expressway Series refers to the Expressway Control (Expressway-C) device and the Expressway Edge (Expressway-E) device.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-20105
CVE-2023-20136A vulnerability in the OpenAPI of Cisco Secure Workload could allow an authenticated, remote attacker with the privileges of a read-only user to execute operations that should require Administrator privileges. The attacker would need valid user credentials.\r\n\r This vulnerability is due to improper role-based access control (RBAC) of certain OpenAPI operations. An attacker could exploit this vulnerability by issuing a crafted OpenAPI function call with valid credentials. A successful exploit could allow the attacker to execute OpenAPI operations that are reserved for the Administrator user, including the creation and deletion of user labels.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-20136
CVE-2023-36810pypdf is a pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. This issue has been addressed in PR 808 and versions from 1.27.9 include this fix. Users are advised to upgrade. There are no known workarounds for this vulnerability.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-36810
CVE-2023-2727Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers.\n\n6.5https://nvd.nist.gov/vuln/detail/CVE-2023-2727
CVE-2023-2728Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the `kubernetes.io/enforce-mountable-secrets` annotation are used together with ephemeral containers.\n\n6.5https://nvd.nist.gov/vuln/detail/CVE-2023-2728
CVE-2023-37207A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 115, Firefox ESR < 102.13, and Thunderbird < 102.13.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-37207
CVE-2023-34472AMI SPx contains a vulnerability in the BMC where an Attacker may cause an improper neutralization of CRLF sequences in HTTP Headers. A successful exploit of this vulnerability may lead to a loss of integrity.\n\n\n\n6.5https://nvd.nist.gov/vuln/detail/CVE-2023-34472
CVE-2023-30674Improper configuration in Samsung Internet prior to version 21.0.0.41 allows attacker to bypass SameSite Cookie.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-30674
CVE-2023-23547A directory traversal vulnerability exists in the luci2-io file-export mib functionality of Milesight UR32L v32.3.0.5. A specially crafted network request can lead to arbitrary file read. An attacker can send a network request to trigger this vulnerability.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-23547
CVE-2023-35765\n\n\n\n\n\n\n\n\nPiiGAB M-Bus stores credentials in a plaintext file, which could allow a low-level user to gain admin credentials.\n\n\n\n\n\n\n\n\n\n6.5https://nvd.nist.gov/vuln/detail/CVE-2023-35765
CVE-2021-33798A null pointer dereference was found in libpano13, version libpano13-2.9.20. The flow allows attackers to cause a denial of service and potential code execute via a crafted file.\n\n\n6.5https://nvd.nist.gov/vuln/detail/CVE-2021-33798
CVE-2023-36256The Online Examination System Project 1.0 version is vulnerable to Cross-Site Request Forgery (CSRF) attacks. An attacker can craft a malicious link that, when clicked by an admin user, will delete a user account from the database without the admin's consent. The email of the user to be deleted is passed as a parameter in the URL, which can be manipulated by the attacker. This could result in a loss of data.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-36256
CVE-2023-28955IBM Watson Knowledge Catalog on Cloud Pak for Data 4.0 could allow an authenticated user send a specially crafted request that could cause a denial of service. IBM X-Force ID: 251704.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-28955
CVE-2023-29256IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to an information disclosure due to improper privilege management when certain federation features are used. IBM X-Force ID: 252046.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-29256
CVE-2023-37391Cross-Site Request Forgery (CSRF) vulnerability in WPMobilePack.Com WordPress Mobile Pack – Mobile Plugin for Progressive Web Apps & Hybrid Mobile Apps plugin <= 3.4.1 versions.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-37391
CVE-2023-36687Cross-Site Request Forgery (CSRF) vulnerability in Andrea Tarantini Menubar plugin <= 5.8.2 versions.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-36687
CVE-2023-23671Cross-Site Request Forgery (CSRF) vulnerability in Muneeb Layer Slider plugin <= 1.1.9.7 versions.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-23671
CVE-2023-34185Cross-Site Request Forgery (CSRF) vulnerability in John Brien WordPress NextGen GalleryView plugin <= 0.5.5 versions.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-34185
CVE-2023-35047Cross-Site Request Forgery (CSRF) vulnerability in AREOI All Bootstrap Blocks plugin <= 1.3.6 versions.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-35047
CVE-2023-35778Cross-Site Request Forgery (CSRF) vulnerability in Neha Goel Recent Posts Slider plugin <= 1.1 versions.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-35778
CVE-2023-35780Cross-Site Request Forgery (CSRF) vulnerability in Andy Whalen Galleria plugin <= 1.0.3 versions.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-35780
CVE-2023-24417Cross-Site Request Forgery (CSRF) vulnerability in tiggersWelt.Net Worthy plugin <= 1.6.5-6497609 versions.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-24417
CVE-2023-25443Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Button Generator – easily Button Builder plugin <= 2.3.5 versions.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-25443
CVE-2023-25706Cross-Site Request Forgery (CSRF) vulnerability in Pagup WordPress Robots.Txt optimization plugin <= 1.4.5 versions.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-25706
CVE-2023-32104Cross-Site Request Forgery (CSRF) vulnerability in Mark Tilly MyCurator Content Curation plugin <= 3.74 versions.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-32104
CVE-2023-34029Cross-Site Request Forgery (CSRF) vulnerability in Prem Tiwari Disable WordPress Update Notifications and auto-update Email Notifications plugin <= 2.3.3 versions.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-34029
CVE-2023-24881Microsoft Teams Information Disclosure Vulnerability6.5https://nvd.nist.gov/vuln/detail/CVE-2023-24881
CVE-2023-32037Windows Layer-2 Bridge Network Driver Information Disclosure Vulnerability6.5https://nvd.nist.gov/vuln/detail/CVE-2023-32037
CVE-2023-33151Microsoft Outlook Spoofing Vulnerability6.5https://nvd.nist.gov/vuln/detail/CVE-2023-33151
CVE-2023-33164Remote Procedure Call Runtime Denial of Service Vulnerability6.5https://nvd.nist.gov/vuln/detail/CVE-2023-33164
CVE-2023-33167Remote Procedure Call Runtime Denial of Service Vulnerability6.5https://nvd.nist.gov/vuln/detail/CVE-2023-33167
CVE-2023-33168Remote Procedure Call Runtime Denial of Service Vulnerability6.5https://nvd.nist.gov/vuln/detail/CVE-2023-33168
CVE-2023-33169Remote Procedure Call Runtime Denial of Service Vulnerability6.5https://nvd.nist.gov/vuln/detail/CVE-2023-33169
CVE-2023-33173Remote Procedure Call Runtime Denial of Service Vulnerability6.5https://nvd.nist.gov/vuln/detail/CVE-2023-33173
CVE-2023-35296Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability6.5https://nvd.nist.gov/vuln/detail/CVE-2023-35296
CVE-2023-35308Windows MSHTML Platform Security Feature Bypass Vulnerability6.5https://nvd.nist.gov/vuln/detail/CVE-2023-35308
CVE-2023-35314Remote Procedure Call Runtime Denial of Service Vulnerability6.5https://nvd.nist.gov/vuln/detail/CVE-2023-35314
CVE-2023-35316Remote Procedure Call Runtime Information Disclosure Vulnerability6.5https://nvd.nist.gov/vuln/detail/CVE-2023-35316
CVE-2023-35318Remote Procedure Call Runtime Denial of Service Vulnerability6.5https://nvd.nist.gov/vuln/detail/CVE-2023-35318
CVE-2023-35319Remote Procedure Call Runtime Denial of Service Vulnerability6.5https://nvd.nist.gov/vuln/detail/CVE-2023-35319
CVE-2023-35321Windows Deployment Services Denial of Service Vulnerability6.5https://nvd.nist.gov/vuln/detail/CVE-2023-35321
CVE-2023-35329Windows Authentication Denial of Service Vulnerability6.5https://nvd.nist.gov/vuln/detail/CVE-2023-35329
CVE-2023-35331Windows Local Security Authority (LSA) Denial of Service Vulnerability6.5https://nvd.nist.gov/vuln/detail/CVE-2023-35331
CVE-2023-35348Active Directory Federation Service Security Feature Bypass Vulnerability6.5https://nvd.nist.gov/vuln/detail/CVE-2023-35348
CVE-2023-36868Azure Service Fabric on Windows Information Disclosure Vulnerability6.5https://nvd.nist.gov/vuln/detail/CVE-2023-36868
CVE-2023-36871Azure Active Directory Security Feature Bypass Vulnerability6.5https://nvd.nist.gov/vuln/detail/CVE-2023-36871
CVE-2023-3011The ARMember plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.0.5. This is due to missing or incorrect nonce validation on the arm_check_user_cap function. This makes it possible for unauthenticated attackers to perform multiple unauthorized actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-3011
CVE-2023-36833A Use After Free vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS Evolved on PTX10001-36MR, and PTX10004, PTX10008, PTX10016 with LC1201/1202 allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS).\n\nThe process 'aftman-bt' will crash after multiple flaps on a multicast-only fast reroute (MoFRR) enabled interface. This will cause the respective FPC to stop forwarding traffic and it needs to be rebooted to restore the service.\n\nAn indication that the system experienced this issue is the following log message:\n\n  <date> <hostname> evo-aftmand-bt[<pid>]: [Error] jexpr_fdb: sanity check failed, ... , app_name L3 Mcast Routes\n\n\n\n\nThis issue affects Juniper Networks Junos OS Evolved on PTX10001-36MR, PTX10004, PTX10008, PTX10016 with LC1201/1202:\n21.2 version 21.2R1-EVO and later versions;\n21.3 version 21.3R1-EVO and later versions;\n21.4 versions prior to 21.4R3-S3-EVO;\n22.1 version 22.1R1-EVO and later versions;\n22.2 versions prior to 22.2R3-S2-EVO;\n22.3 versions prior to 22.3R3-EVO;\n22.4 versions prior to 22.4R1-S2-EVO, 22.4R2-EVO.\n\n\n\n6.5https://nvd.nist.gov/vuln/detail/CVE-2023-36833
CVE-2023-36834An Incomplete Internal State Distinction vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX 4600 and SRX 5000 Series allows an adjacent attacker to cause a Denial of Service (DoS).\n\nIf an SRX is configured in L2 transparent mode the receipt of a specific genuine packet can cause a single Packet Processing Engines (PPE) component of the PFE to run into a loop, which in turn will render the PPE unavailable. Each packet will cause one PPE to get into a loop, leading to a gradual performance degradation until all PPEs are unavailable and all traffic processing stops. To recover the affected FPC need to be restarted.\n\nThis issue affects Juniper Networks Junos OS on SRX 4600 and SRX 5000 Series:\n20.1 version 20.1R1 and later versions;\n20.2 versions prior to 20.2R3-S7;\n20.3 version 20.3R1 and later versions;\n20.4 versions prior to 20.4R3-S7;\n21.1 versions prior to 21.1R3-S5;\n21.2 versions prior to 21.2R3-S3;\n21.3 versions prior to 21.3R3-S3;\n21.4 versions prior to 21.4R3-S1;\n22.1 versions prior to 22.1R3;\n22.2 versions prior to 22.2R2;\n22.3 versions prior to 22.3R1-S1, 22.3R2.\n6.5https://nvd.nist.gov/vuln/detail/CVE-2023-36834
CVE-2023-36848An Improper Handling of Undefined Values vulnerability in the periodic packet management daemon (PPMD) of Juniper Networks Junos OS on MX Series(except MPC10, MPC11 and LC9600) allows an unauthenticated adjacent attacker to cause a Denial of Service (DoS).\n\nWhen a malformed CFM packet is received, it leads to an FPC crash. Continued receipt of these packets causes a sustained denial of service. This vulnerability occurs only when CFM has been configured on the interface.\n\nThis issue affects Juniper Networks Junos OS:\nversions prior to 19.1R3-S10 on MX Series;\n19.2 versions prior to 19.2R3-S7 on MX Series;\n19.3 versions prior to 19.3R3-S8 on MX Series;\n19.4 versions prior to 19.4R3-S12 on MX Series;\n20.1 version 20.1R1 and later versions on MX Series;\n20.2 versions prior to 20.2R3-S8 on MX Series;\n20.3 version 20.3R1 and later versions on MX Series;\n20.4 versions prior to 20.4R3-S7 on MX Series;\n21.1 versions prior to 21.1R3-S5 on MX Series;\n21.2 versions prior to 21.2R3-S5 on MX Series;\n21.3 versions prior to 21.3R3-S4 on MX Series;\n21.4 versions prior to 21.4R3-S4 on MX Series;\n22.1 versions prior to 22.1R3-S3 on MX Series;\n22.2 versions prior to 22.2R3-S1 on MX Series;\n22.3 versions prior to 22.3R3 on MX Series;\n22.4 versions prior to 22.4R1-S2, 22.4R2 on MX Series.\n6.5https://nvd.nist.gov/vuln/detail/CVE-2023-36848
CVE-2023-36849An Improper Check or Handling of Exceptional Conditions vulnerability in the Layer-2 control protocols daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause a Denial of Service (DoS).\n\nWhen a malformed LLDP packet is received, l2cpd will crash and restart. The impact of the l2cpd crash is reinitialization of STP protocols (RSTP, MSTP or VSTP), and MVRP and ERP. Also, if any services depend on LLDP state (like PoE or VoIP device recognition), then these will also be affected. Continued receipt of such packets will lead to a sustained Denial of Service.\n\nThis issue affects:\nJuniper Networks Junos OS\n21.4 versions prior to 21.4R3-S3;\n22.1 versions prior to 22.1R3-S3;\n22.2 versions prior to 22.2R2-S1, 22.2R3;\n22.3 versions prior to 22.3R2.\n\nJuniper Networks Junos OS Evolved\n21.4-EVO versions prior to 21.4R3-S2-EVO;\n22.1-EVO versions prior to 22.1R3-S3-EVO;\n22.2-EVO versions prior to 22.2R2-S1-EVO, 22.2R3-EVO;\n22.3-EVO versions prior to 22.3R2-EVO.\n6.5https://nvd.nist.gov/vuln/detail/CVE-2023-36849
CVE-2023-36850An Improper Validation of Specified Index, Position, or Offset in Input vulnerability in the Connectivity Fault Management(CFM) module of Juniper Networks Junos OS on MX Series(except MPC10, MPC11 and LC9600) allows an adjacent attacker on the local broadcast domain to cause a Denial of Service(DoS).\n\nUpon receiving a malformed CFM packet, the MPC crashes. Continued receipt of these packets causes a sustained denial of service. This issue can only be triggered when CFM hasn't been configured.\n\nThis issue affects:\nJuniper Networks Junos OS\nAll versions prior to 19.1R3-S10 on MX Series;\n19.2 versions prior to 19.2R3-S7 on MX Series;\n19.3 versions prior to 19.3R3-S8 on MX Series;\n19.4 versions prior to 19.4R3-S12 on MX Series;\n20.1 version 20.1R1 and later versions on MX Series;\n20.2 versions prior to 20.2R3-S7 on MX Series;\n20.3 version 20.3R1 and later versions on MX Series;\n20.4 versions prior to 20.4R3-S7 on MX Series;\n21.1 versions prior to 21.1R3-S5 on MX Series;\n21.2 versions prior to 21.2R3-S4 on MX Series;\n21.3 versions prior to 21.3R3-S4 on MX Series;\n21.4 versions prior to 21.4R3-S3 on MX Series;\n22.1 versions prior to 22.1R3-S2 on MX Series;\n22.2 versions prior to 22.2R3 on MX Series;\n22.3 versions prior to 22.3R2, 22.3R3 on MX Series;\n22.4 versions prior to 22.4R2 on MX Series.\n6.5https://nvd.nist.gov/vuln/detail/CVE-2023-36850
CVE-2023-34140A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.36 Patch 2, USG FLEX series firmware versions 4.50 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 4.16 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 4.16 through 5.36 Patch 2, VPN series firmware versions 4.30 through 5.36 Patch 2, NXC2500 firmware versions 6.10(AAIG.0) through 6.10(AAIG.3), and NXC5500 firmware versions 6.10(AAOS.0) through 6.10(AAOS.4), could allow an unauthenticated, LAN-based attacker to cause denial of service (DoS) conditions by sending a crafted request to the CAPWAP daemon.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-34140
CVE-2023-21994Vulnerability in the Oracle Mobile Security Suite product of Oracle Fusion Middleware (component: Android Mobile Authenticator App). Supported versions that are affected are Prior to 11.1.2.3.1. Easily exploitable vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the hardware where the Oracle Mobile Security Suite executes to compromise Oracle Mobile Security Suite. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Mobile Security Suite accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).6.5https://nvd.nist.gov/vuln/detail/CVE-2023-21994
CVE-2023-22022Vulnerability in the Oracle Health Sciences Sciences Data Management Workbench product of Oracle Health Sciences Applications (component: Blinding Functionality). Supported versions that are affected are 3.1.0.2, 3.1.1.3 and 3.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Health Sciences Sciences Data Management Workbench. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Health Sciences Sciences Data Management Workbench accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).6.5https://nvd.nist.gov/vuln/detail/CVE-2023-22022
CVE-2023-22037Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: MS Excel Specific). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Web Applications Desktop Integrator, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Web Applications Desktop Integrator accessible data as well as unauthorized read access to a subset of Oracle Web Applications Desktop Integrator accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L).6.5https://nvd.nist.gov/vuln/detail/CVE-2023-22037
CVE-2023-22040Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H).6.5https://nvd.nist.gov/vuln/detail/CVE-2023-22040
CVE-2023-2082The "Buy Me a Coffee – Button and Widget Plugin" plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 3.6 due to insufficient sanitization and escaping on the 'text value set via the bmc_post_reception action. This makes it possible for authenticated attackers, with subscriber-level permissions, and above to inject arbitrary web scripts into pages that execute whenever a victim accesses a page with the injected scripts.6.4https://nvd.nist.gov/vuln/detail/CVE-2023-2082
CVE-2023-2433The YARPP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'className' parameter in versions up to, and including, 5.30.3 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.6.4https://nvd.nist.gov/vuln/detail/CVE-2023-2433
CVE-2022-23563Tensorflow is an Open Source Machine Learning Framework. In multiple places, TensorFlow uses `tempfile.mktemp` to create temporary files. While this is acceptable in testing, in utilities and libraries it is dangerous as a different process can create the file between the check for the filename in `mktemp` and the actual creation of the file by a subsequent operation (a TOC/TOU type of weakness). In several instances, TensorFlow was supposed to actually create a temporary directory instead of a file. This logic bug is hidden away by the `mktemp` function usage. We have patched the issue in several commits, replacing `mktemp` with the safer `mkstemp`/`mkdtemp` functions, according to the usage pattern. Users are advised to upgrade as soon as possible.6.3https://nvd.nist.gov/vuln/detail/CVE-2022-23563
CVE-2023-36888Microsoft Edge for Android (Chromium-based) Tampering Vulnerability6.3https://nvd.nist.gov/vuln/detail/CVE-2023-36888
CVE-2022-40743Improper Input Validation vulnerability for the xdebug plugin in Apache Software Foundation Apache Traffic Server can lead to cross site scripting and cache poisoning attacks.This issue affects Apache Traffic Server: 9.0.0 to 9.1.3. Users should upgrade to 9.1.4 or later versions.\n\n6.1https://nvd.nist.gov/vuln/detail/CVE-2022-40743
CVE-2023-1996A reflected Cross-site Scripting (XSS) vulnerability in Release 3DEXPERIENCE R2018x through Release 3DEXPERIENCE R2023x allows an attacker to execute arbitrary script code.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-1996
CVE-2023-20119A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, formerly known as Content Security Management Appliance (SMA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.\r\n\r This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-20119
CVE-2023-3139The Protect WP Admin WordPress plugin before 4.0 discloses the URL of the admin panel via a redirection of a crafted URL, bypassing the protection offered.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3139
CVE-2023-29656An improper authorization vulnerability in Darktrace mobile app (Android) prior to version 6.0.15 allows disabled and low-privilege users to control "antigena" actions(block/unblock traffic) from the mobile application. This vulnerability could create a "shutdown", blocking all ingress or egress traffic in the entire infrastructure where darktrace agents are deployed.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-29656
CVE-2023-26137All versions of the package drogonframework/drogon are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values in the addHeader and addCookie functions. An attacker can add the \\r\\n (carriage return line feeds) characters to end the HTTP response headers and inject malicious content.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-26137
CVE-2023-36995TravianZ through 8.3.4 allows XSS via the Alliance tag/name, the statistics page, the link preferences, the Admin Logs, or the COOKUSR cookie.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-36995
CVE-2023-30326Cross Site Scripting (XSS) vulnerability in username field in /WebContent/WEB-INF/lib/chatbox.jsp in wliang6 ChatEngine commit fded8e710ad59f816867ad47d7fc4862f6502f3e, allows attackers to execute arbitrary code.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-30326
CVE-2023-35948Novu provides an API for sending notifications through multiple channels. Versions prior to 0.16.0 contain an open redirect vulnerability in the "Sign In with GitHub" functionality of Novu's open-source repository. It could have allowed an attacker to force a victim into opening a malicious URL and thus, potentially log into the repository under the victim's account gaining full control of the account. This vulnerability only affected the Novu Cloud and Open-Source deployments if the user manually enabled the GitHub OAuth on their self-hosted instance of Novu. Users should upgrade to version 0.16.0 to receive a patch.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-35948
CVE-2023-36823Sanitize is an allowlist-based HTML and CSS sanitizer. Using carefully crafted input, an attacker may be able to sneak arbitrary HTML and CSS through Sanitize starting with version 3.0.0 and prior to version 6.0.2 when Sanitize is configured to use the built-in "relaxed" config or when using a custom config that allows `style` elements and one or more CSS at-rules. This could result in cross-site scripting or other undesired behavior when the malicious HTML and CSS are rendered in a browser. Sanitize 6.0.2 performs additional escaping of CSS in `style` element content, which fixes this issue. Users who are unable to upgrade can prevent this issue by using a Sanitize config that doesn't allow `style` elements, using a Sanitize config that doesn't allow CSS at-rules, or by manually escaping the character sequence `</` as `<\\/` in `style` element content.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-36823
CVE-2023-1298ServiceNow has released upgrades and patches that address a Reflected Cross-Site scripting (XSS) vulnerability that was identified in the ServiceNow Polaris Layout. This vulnerability would enable an authenticated user to inject arbitrary scripts.\n6.1https://nvd.nist.gov/vuln/detail/CVE-2023-1298
CVE-2023-36459Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 1.3 and prior to versions 3.5.9, 4.0.5, and 4.1.3, an attacker using carefully crafted oEmbed data can bypass the HTML sanitization performed by Mastodon and include arbitrary HTML in oEmbed preview cards. This introduces a vector for cross-site scripting (XSS) payloads that can be rendered in the user's browser when a preview card for a malicious link is clicked through. Versions 3.5.9, 4.0.5, and 4.1.3 contain a patch for this issue.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-36459
CVE-2023-32652\n\n\n\n\n\n\n\n\nPiiGAB M-Bus does not validate identification strings before processing, which could make it vulnerable to cross-site scripting attacks.\n\n\n\n\n\n\n\n\n\n\n\n6.1https://nvd.nist.gov/vuln/detail/CVE-2023-32652
CVE-2023-3535A vulnerability was found in SimplePHPscripts FAQ Script PHP 2.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-233287.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3535
CVE-2023-3536A vulnerability was found in SimplePHPscripts Funeral Script PHP 3.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-233288.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3536
CVE-2023-3537A vulnerability classified as problematic has been found in SimplePHPscripts News Script PHP Pro 2.4. This affects an unknown part of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-233289 was assigned to this vulnerability.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3537
CVE-2023-3539A vulnerability, which was classified as problematic, has been found in SimplePHPscripts Simple Forum PHP 2.7. This issue affects some unknown processing of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-233291.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3539
CVE-2023-3540A vulnerability, which was classified as problematic, was found in SimplePHPscripts NewsLetter Script PHP 2.4. Affected is an unknown function of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-233292.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3540
CVE-2023-3541A vulnerability has been found in ThinuTech ThinuCMS 1.5 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /author_posts.php. The manipulation of the argument author with the input g6g12--redacted--o8sdm leads to cross site scripting. The attack can be launched remotely. The identifier VDB-233293 was assigned to this vulnerability6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3541
CVE-2023-3542A vulnerability was found in ThinuTech ThinuCMS 1.5 and classified as problematic. Affected by this issue is some unknown functionality of the file /contact.php. The manipulation of the argument name/body leads to cross site scripting. The attack may be launched remotely. VDB-233294 is the identifier assigned to this vulnerability.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3542
CVE-2023-3543A vulnerability was found in GZ Scripts Availability Booking Calendar PHP 1.8. It has been classified as problematic. This affects an unknown part of the file load.php of the component HTTP POST Request Handler. The manipulation of the argument cid/first_name/second_name/address_1/country leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-233295. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3543
CVE-2023-3544A vulnerability was found in GZ Scripts Time Slot Booking Calendar PHP 1.8. It has been declared as problematic. This vulnerability affects unknown code of the file /load.php. The manipulation of the argument first_name/second_name/phone/address_1/country leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-233296. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3544
CVE-2022-4361Keycloak, an open-source identity and access management solution, has a cross-site scripting (XSS) vulnerability in the SAML or OIDC providers. The vulnerability can allow an attacker to execute malicious scripts by setting the AssertionConsumerServiceURL value or the redirect_uri.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-4361
CVE-2015-10119A vulnerability, which was classified as problematic, has been found in View All Posts Page Plugin up to 0.9.0 on WordPress. This issue affects the function action_admin_notices_activation of the file view-all-posts-pages.php. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 0.9.1 is able to address this issue. The patch is named bf914f3a59063fa4df8fd4925ae18a5d852396d7. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-233363.6.1https://nvd.nist.gov/vuln/detail/CVE-2015-10119
CVE-2015-10120A vulnerability, which was classified as problematic, was found in WDS Multisite Aggregate Plugin up to 1.0.0 on WordPress. Affected is the function update_options of the file includes/WDS_Multisite_Aggregate_Options.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.0.1 is able to address this issue. The name of the patch is 49e0bbcb6ff70e561365d9e0d26426598f63ca12. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-233364.6.1https://nvd.nist.gov/vuln/detail/CVE-2015-10120
CVE-2015-10121A vulnerability has been found in Beeliked Microsite Plugin up to 1.0.1 on WordPress and classified as problematic. Affected by this vulnerability is the function embed_handler of the file beelikedmicrosite.php. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.0.2 is able to address this issue. The identifier of the patch is d23bafb5d05fb2636a2b78331f9d3fca152903dc. It is recommended to upgrade the affected component. The identifier VDB-233365 was assigned to this vulnerability.6.1https://nvd.nist.gov/vuln/detail/CVE-2015-10121
CVE-2021-42080An attacker is able to launch a Reflected XSS attack using a crafted URL.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-42080
CVE-2023-1119The WP-Optimize WordPress plugin before 3.2.13, SrbTransLatin WordPress plugin through 2.4 use a third-party library that removes the escaping on some HTML characters, leading to a Cross-Site Scripting vulnerability.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-1119
CVE-2023-1780The Companion Sitemap Generator WordPress plugin before 4.5.3 does not sanitise and escape some parameters before outputting them back in pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-1780
CVE-2023-2853Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Softmed SelfPatron allows Reflected XSS.This issue affects SelfPatron : before 2.0.\n\n6.1https://nvd.nist.gov/vuln/detail/CVE-2023-2853
CVE-2023-37150Sourcecodester Online Pizza Ordering System v1.0 has a Cross-site scripting (XSS) vulnerability in "/admin/index.php?page=categories" Category item.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-37150
CVE-2023-37153KodExplorer 4.51 contains a Cross-Site Scripting (XSS) vulnerability in the Description box of the Light App creation feature. An attacker can exploit this vulnerability by injecting XSS syntax into the Description field.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-37153
CVE-2023-3118The Export All URLs WordPress plugin before 4.6 does not sanitise and escape a parameter before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3118
CVE-2023-3554A vulnerability was found in GZ Scripts GZ Forum Script 1.8 and classified as problematic. Affected by this issue is some unknown functionality of the file /preview.php. The manipulation of the argument catid/topicid/topic/topic_message/free_name leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-233348. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3554
CVE-2023-3555A vulnerability was found in GZ Scripts PHP Vacation Rental Script 1.8. It has been classified as problematic. This affects an unknown part of the file /preview.php. The manipulation of the argument page/layout/sort_by/property_id leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-233349 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3555
CVE-2023-3556A vulnerability was found in GZ Scripts Car Listing Script PHP 1.8. It has been declared as problematic. This vulnerability affects unknown code of the file /preview.php. The manipulation of the argument page/sort_by leads to cross site scripting. The attack can be initiated remotely. VDB-233350 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3556
CVE-2023-3557A vulnerability was found in GZ Scripts Property Listing Script 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /preview.php. The manipulation of the argument page/layout/sort_by leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-233351. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3557
CVE-2023-3559A vulnerability classified as problematic was found in GZ Scripts PHP GZ Appointment Scheduling Script 1.8. Affected by this vulnerability is an unknown functionality of the file /load.php. The manipulation of the argument first_name/second_name/phone/address_1/country leads to cross site scripting. The attack can be launched remotely. The identifier VDB-233353 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3559
CVE-2023-3560A vulnerability, which was classified as problematic, has been found in GZ Scripts Ticket Booking Script 1.8. Affected by this issue is some unknown functionality of the file /load.php. The manipulation of the argument first_name/second_name/phone/address_1/country leads to cross site scripting. The attack may be launched remotely. VDB-233354 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3560
CVE-2023-3561A vulnerability, which was classified as problematic, was found in GZ Scripts PHP GZ Hotel Booking Script 1.8. This affects an unknown part of the file /load.php. The manipulation of the argument first_name/second_name/phone/address_1/country leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-233355. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3561
CVE-2023-3562A vulnerability has been found in GZ Scripts PHP CRM Platform 1.8 and classified as problematic. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument action leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-233356. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3562
CVE-2023-3563A vulnerability was found in GZ Scripts GZ E Learning Platform 1.8 and classified as problematic. This issue affects some unknown processing of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-233357 was assigned to this vulnerability.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3563
CVE-2023-3564A vulnerability was found in GZ Scripts GZ Multi Hotel Booking System 1.8. It has been classified as problematic. Affected is an unknown function of the file /index.php. The manipulation of the argument adults/children/cal_id leads to cross site scripting. It is possible to launch the attack remotely. VDB-233358 is the identifier assigned to this vulnerability.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3564
CVE-2023-36936Cross-Site Scripting (XSS) vulnerability in PHPGurukul Online Security Guards Hiring System using PHP and MySQL 1.0 allows attackers to execute arbitrary code via a crafted payload to the search booking box.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-36936
CVE-2023-36939Cross-Site Scripting (XSS) vulnerability in Hostel Management System v2.1 allows an attacker to execute arbitrary code via a crafted payload to the search booking field.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-36939
CVE-2023-33988In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the Content-Security-Policy and X-XSS-Protection response headers are not implemented, allowing an unauthenticated attacker to attempt reflected cross-site scripting, which could result in disclosure or modification of information.\n\n6.1https://nvd.nist.gov/vuln/detail/CVE-2023-33988
CVE-2023-36918In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the X-Content-Type-Options response header is not implemented, allowing an unauthenticated attacker to trigger MIME type sniffing, which leads to Cross-Site Scripting, which could result in disclosure or modification of information.\n\n6.1https://nvd.nist.gov/vuln/detail/CVE-2023-36918
CVE-2023-36386A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The value is reflected in the response without sanitization while throwing an\r\n“invalid params element name” error on the get_elements parameters.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-36386
CVE-2023-36389A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The malformed value is reflected\r\ndirectly in the response without sanitization while throwing an “invalid path” error.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-36389
CVE-2023-36390A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected application that could allow an attacker to execute malicious javascript code by tricking users into accessing a malicious link. The value is reflected in the response\r\nwithout sanitization while throwing an “invalid params element name” error on the action parameters.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-36390
CVE-2023-33171Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability6.1https://nvd.nist.gov/vuln/detail/CVE-2023-33171
CVE-2023-3080The WP Mail Catcher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3080
CVE-2023-3081The WP Mail Logging plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 1.11.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note: An incomplete fix was released in 1.11.1.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3081
CVE-2023-3082The Post SMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 2.5.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3082
CVE-2023-3087The FluentSMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, 2.2.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3087
CVE-2023-3088The WP Mail Log plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3088
CVE-2023-3092The SMTP Mail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via an email subject in versions up to, and including, 1.2.16 due to insufficient input sanitization and output escaping when the 'Save Data SendMail' feature is enabled. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3092
CVE-2023-3093The YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 2.4.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3093
CVE-2023-3122The GD Mail Queue plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email contents in versions up to, and including, 3.9.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3122
CVE-2023-3319Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iDisplay PlatPlay DS allows Stored XSS.This issue affects PlatPlay DS: before 3.14.\n\n6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3319
CVE-2023-2960Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Oliva Expertise Oliva Expertise EKS allows Cross-Site Scripting (XSS).This issue affects Oliva Expertise EKS: before 1.2.\n\n6.1https://nvd.nist.gov/vuln/detail/CVE-2023-2960
CVE-2023-3708Several themes for WordPress by DeoThemes are vulnerable to Reflected Cross-Site Scripting via breadcrumbs in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3708
CVE-2023-22035Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: iSurvey Module). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Scripting. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Scripting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Scripting accessible data as well as unauthorized read access to a subset of Oracle Scripting accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).6.1https://nvd.nist.gov/vuln/detail/CVE-2023-22035
CVE-2023-22042Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Diagnostics). Supported versions that are affected are 12.2.3-12.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data as well as unauthorized read access to a subset of Oracle Applications Framework accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).6.1https://nvd.nist.gov/vuln/detail/CVE-2023-22042
CVE-2023-22055Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are Prior to 9.2.7.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).6.1https://nvd.nist.gov/vuln/detail/CVE-2023-22055
CVE-2023-21961Vulnerability in the Oracle Hyperion Essbase Administration Services product of Oracle Essbase (component: EAS Administration and EAS Console). The supported version that is affected is 21.4.3.0.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Hyperion Essbase Administration Services executes to compromise Oracle Hyperion Essbase Administration Services. While the vulnerability is in Oracle Hyperion Essbase Administration Services, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Essbase Administration Services accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).6https://nvd.nist.gov/vuln/detail/CVE-2023-21961
CVE-2019-5101An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by performing a man-in-the-middle attack, providing any certificate, leading to the theft of all the data sent by the client during the first request.An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by performing a man-in-the-middle attack, providing any certificate, leading to the theft of all the data sent by the client during the first request. After an SSL connection is initialized via _ustream_ssl_init, and after any data (e.g. the client's HTTP request) is written to the stream using ustream_printf, the code eventually enters the function _ustream_ssl_poll, which is used to dispatch the read/write events5.9https://nvd.nist.gov/vuln/detail/CVE-2019-5101
CVE-2019-5102An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by performing a man-in-the-middle attack, providing any certificate, leading to the theft of all the data sent by the client during the first request.An exploitable information leak vulnerability exists in the ustream-ssl library of OpenWrt, versions 18.06.4 and 15.05.1. When connecting to a remote server, the server's SSL certificate is checked but no action is taken when the certificate is invalid. An attacker could exploit this behavior by performing a man-in-the-middle attack, providing any certificate, leading to the theft of all the data sent by the client during the first request.5.9https://nvd.nist.gov/vuln/detail/CVE-2019-5102
CVE-2022-23634Puma is a Ruby/Rack web server built for parallelism. Prior to `puma` version `5.6.2`, `puma` may not always call `close` on the response body. Rails, prior to version `7.0.2.2`, depended on the response body being closed in order for its `CurrentAttributes` implementation to work correctly. The combination of these two behaviors (Puma not closing the body + Rails' Executor implementation) causes information leakage. This problem is fixed in Puma versions 5.6.2 and 4.3.11. This problem is fixed in Rails versions 7.02.2, 6.1.4.6, 6.0.4.6, and 5.2.6.2. Upgrading to a patched Rails _or_ Puma version fixes the vulnerability.5.9https://nvd.nist.gov/vuln/detail/CVE-2022-23634
CVE-2022-27221A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). An attacker in machine-in-the-middle could obtain plaintext secret values by observing length differences during a series of guesses in which a string in an HTTP request URL potentially matches an unknown string in an HTTP response body, aka a "BREACH" attack.5.9https://nvd.nist.gov/vuln/detail/CVE-2022-27221
CVE-2022-39308GoCD is a continuous delivery server. GoCD helps you automate and streamline the build-test-release cycle for continuous delivery of your product. GoCD versions from 19.2.0 to 19.10.0 (inclusive) are subject to a timing attack in validation of access tokens due to use of regular string comparison for validation of the token rather than a constant time algorithm. This could allow a brute force attack on GoCD server API calls to observe timing differences in validations in order to guess an access token generated by a user for API access. This issue is fixed in GoCD version 19.11.0. As a workaround, users can apply rate limiting or insert random delays to API calls made to GoCD Server via a reverse proxy or other fronting web server. Another workaround, users may disallow use of access tokens by users by having an administrator revoke all access tokens through the "Access Token Management" admin function.5.9https://nvd.nist.gov/vuln/detail/CVE-2022-39308
CVE-2022-48509Race condition vulnerability due to multi-thread access to mutually exclusive resources in Huawei Share. Successful exploitation of this vulnerability may cause the program to exit abnormally.5.9https://nvd.nist.gov/vuln/detail/CVE-2022-48509
CVE-2023-22043Vulnerability in Oracle Java SE (component: JavaFX). The supported version that is affected is Oracle Java SE: 8u371. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).5.9https://nvd.nist.gov/vuln/detail/CVE-2023-22043
CVE-2023-22053Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 5.7.42 and prior and 8.0.33 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server and unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H).5.9https://nvd.nist.gov/vuln/detail/CVE-2023-22053
CVE-2023-20116A vulnerability in the Administrative XML Web Service (AXL) API of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r This vulnerability is due to insufficient validation of user-supplied input to the web UI of the Self Care Portal. An attacker could exploit this vulnerability by sending crafted HTTP input to an affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device.5.7https://nvd.nist.gov/vuln/detail/CVE-2023-20116
CVE-2023-21983Vulnerability in the Application Express Administration product of Oracle Application Express (component: None). Supported versions that are affected are Application Express Administration: 18.2-22.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Application Express Administration. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Application Express Administration accessible data as well as unauthorized read access to a subset of Application Express Administration accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Application Express Administration. CVSS 3.1 Base Score 5.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L).5.6https://nvd.nist.gov/vuln/detail/CVE-2023-21983
CVE-2022-23725PingID Windows Login prior to 2.8 does not properly set permissions on the Windows Registry entries used to store sensitive API keys under some circumstances.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-23725
CVE-2022-27549HCL Launch may store certain data for recurring activities in a plain text format.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-27549
CVE-2022-38533In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-38533
CVE-2022-39878Improper access control vulnerability in Samsung Checkout prior to version 5.0.55.3 allows attackers to access sensitive information via implicit intent broadcast.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-39878
CVE-2022-45935Usage of temporary files with insecure permissions by the Apache James server allows an attacker with local access to access private user data in transit. \n\nVulnerable components includes the SMTP stack and IMAP APPEND command.\n\nThis issue affects Apache James server version 3.7.2 and prior versions.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-45935
CVE-2023-20910In add of WifiNetworkSuggestionsManager.java, there is a possible way to trigger permanent DoS due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n5.5https://nvd.nist.gov/vuln/detail/CVE-2023-20910
CVE-2023-30207A divide by zero issue discovered in Kodi Home Theater Software 19.5 and earlier allows attackers to cause a denial of service via use of crafted mp3 file.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-30207
CVE-2023-30642Improper privilege management vulnerability in Galaxy Themes Service prior to SMR Jul-2023 Release 1 allows local attackers to call privilege function.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-30642
CVE-2023-30648Stack out-of-bounds write vulnerability in IpcRxImeiUpdateImeiNoti of RILD priro to SMR Jul-2023 Release 1 cause a denial of service on the system.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-30648
CVE-2023-30660Exposure of Sensitive Information vulnerability in getDefaultChipId in UwbAospAdapterService prior to SMR Jul-2023 Release 1 allows local attackers to access the UWB chipset Identifier.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-30660
CVE-2023-30661Exposure of Sensitive Information vulnerability in getChipInfos in UwbAospAdapterService prior to SMR Jul-2023 Release 1 allows local attackers to access the UWB chipset Identifier.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-30661
CVE-2023-30662Exposure of Sensitive Information vulnerability in getChipIds in UwbAospAdapterService prior to SMR Jul-2023 Release 1 allows local attackers to access the UWB chipset Identifier.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-30662
CVE-2023-30671Logic error in package installation via adb command prior to SMR Jul-2023 Release 1 allows local attackers to downgrade installed application.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-30671
CVE-2023-30672Improper privilege management vulnerability in Samsung Smart Switch for Windows Installer prior to version 4.3.23043_3 allows attackers to cause permanent DoS via directory junction.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-30672
CVE-2023-30673Improper validation of integrity check vulnerability in Smart Switch PC prior to version 4.3.23052_1 allows local attackers to delete arbitrary directory using directory junction.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-30673
CVE-2023-30675Improper authentication in Samsung Pass prior to version 4.2.03.1 allows local attacker to access stored account information when Samsung Wallet is not installed.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-30675
CVE-2023-30678Potential zip path traversal vulnerability in Calendar application prior to version 12.4.07.15 in Android 13 allows attackers to write arbitrary file.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-30678
CVE-2022-48518Vulnerability of signature verification in the iaware system being initialized later than the time when the system broadcasts are sent. Successful exploitation of this vulnerability may cause malicious apps to start upon power-on by spoofing the package names of apps in the startup trustlist, which affects system performance.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-48518
CVE-2023-37454An issue was discovered in the Linux kernel through 6.4.2. A crafted UDF filesystem image causes a use-after-free write operation in the udf_put_super and udf_close_lvid functions in fs/udf/super.c.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-37454
CVE-2023-35890IBM WebSphere Application Server 8.5 and 9.0 could provide weaker than expected security, caused by the improper encoding in a local configuration file. IBM X-Force ID: 258637.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-35890
CVE-2023-1183A flaw was found in the Libreoffice package. An attacker can craft an odb containing a "database/script" file with a SCRIPT command where the contents of the file could be written to a new file whose location was determined by the attacker.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-1183
CVE-2023-24486A vulnerability has been identified in Citrix Workspace app for Linux that, if exploited, may result in a malicious local user being able to gain access to the Citrix Virtual Apps and Desktops session of another user who is using the same computer from which the ICA session is launched.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-24486
CVE-2020-20118Buffer Overflow vulnerability in Avast AntiVirus before v.19.7 allows a local attacker to cause a denial of service via a crafted request to the aswSnx.sys driver.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-20118
CVE-2023-32039Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability5.5https://nvd.nist.gov/vuln/detail/CVE-2023-32039
CVE-2023-32040Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability5.5https://nvd.nist.gov/vuln/detail/CVE-2023-32040
CVE-2023-32041Windows Update Orchestrator Service Information Disclosure Vulnerability5.5https://nvd.nist.gov/vuln/detail/CVE-2023-32041
CVE-2023-32085Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability5.5https://nvd.nist.gov/vuln/detail/CVE-2023-32085
CVE-2023-33162Microsoft Excel Information Disclosure Vulnerability5.5https://nvd.nist.gov/vuln/detail/CVE-2023-33162
CVE-2023-33174Windows Cryptographic Information Disclosure Vulnerability5.5https://nvd.nist.gov/vuln/detail/CVE-2023-33174
CVE-2023-35306Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability5.5https://nvd.nist.gov/vuln/detail/CVE-2023-35306
CVE-2023-35324Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability5.5https://nvd.nist.gov/vuln/detail/CVE-2023-35324
CVE-2023-35326Windows CDP User Components Information Disclosure Vulnerability5.5https://nvd.nist.gov/vuln/detail/CVE-2023-35326
CVE-2023-35341Microsoft DirectMusic Information Disclosure Vulnerability5.5https://nvd.nist.gov/vuln/detail/CVE-2023-35341
CVE-2023-36872VP9 Video Extensions Information Disclosure Vulnerability5.5https://nvd.nist.gov/vuln/detail/CVE-2023-36872
CVE-2023-30226An issue was discovered in function get_gnu_verneed in rizinorg Rizin prior to 0.5.0 verneed_entry allows attackers to cause a denial of service via crafted elf file.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-30226
CVE-2023-30919In messaging service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-30919
CVE-2023-30920In messaging service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-30920
CVE-2023-30921In messaging service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-30921
CVE-2023-33889In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-33889
CVE-2023-33890In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-33890
CVE-2023-33891In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-33891
CVE-2023-33892In fastDial service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-33892
CVE-2023-33893In fastDial service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-33893
CVE-2023-33894In fastDial service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-33894
CVE-2023-33895In fastDial service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-33895
CVE-2023-33898In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-33898
CVE-2023-33899In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-33899
CVE-2023-33900In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-33900
CVE-2023-33901In bluetooth service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-33901
CVE-2023-33902In bluetooth service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-33902
CVE-2023-29309Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-29309
CVE-2023-29310Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-29310
CVE-2023-29311Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-29311
CVE-2023-29312Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-29312
CVE-2023-29313Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-29313
CVE-2023-29314Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-29314
CVE-2023-29315Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-29315
CVE-2023-29316Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-29316
CVE-2023-29317Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-29317
CVE-2023-29318Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-29318
CVE-2023-29319Adobe InDesign versions ID18.3 (and earlier) and ID17.4.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-29319
CVE-2023-36838An Out-of-bounds Read vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX Series allows a local, authenticated attacker with low privileges, to cause a Denial of Service (DoS).\n\nIf a low privileged user executes a specific CLI command, flowd which is responsible for traffic forwarding in SRX crashes and generates a core dump. This will cause temporary traffic interruption until the flowd process is restarted automatically. Continued execution of this command will lead to a sustained DoS.\n\nThis issue affects Juniper Networks Junos OS on SRX Series:\nAll versions prior to 20.2R3-S7;\n20.3 version 20.3R1 and later versions;\n20.4 versions prior to 20.4R3-S6;\n21.1 versions prior to 21.1R3-S5;\n21.2 versions prior to 21.2R3-S4;\n21.3 versions prior to 21.3R3-S4;\n21.4 versions prior to 21.4R3-S3;\n22.1 versions prior to 22.1R3-S1;\n22.2 versions prior to 22.2R3;\n22.3 versions prior to 22.3R2;\n22.4 versions prior to 22.4R1-S1, 22.4R2.\n5.5https://nvd.nist.gov/vuln/detail/CVE-2023-36838
CVE-2023-36840A Reachable Assertion vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a locally-based, low-privileged attacker to cause a Denial of Service (DoS).\n\nOn all Junos OS and Junos OS Evolved, when a specific L2VPN command is run, RPD will crash and restart. Continued execution of this specific command will create a sustained Denial of Service (DoS) condition.\n\nThis issue affects:\nJuniper Networks Junos OS\nAll versions prior to 19.3R3-S10;\n20.1 versions prior to 20.1R3-S4;\n20.2 versions prior to 20.2R3-S6;\n20.3 versions prior to 20.3R3-S6;\n20.4 versions prior to 20.4R3-S5;\n21.1 versions prior to 21.1R3-S4;\n21.2 versions prior to 21.2R3-S3;\n21.3 versions prior to 21.3R3-S2;\n21.4 versions prior to 21.4R3;\n22.1 versions prior to 22.1R3;\n22.2 versions prior to 22.2R2;\n22.3 versions prior to 22.3R2;\n\nJuniper Networks Junos OS Evolved\nAll versions prior to 20.4R3-S7-EVO;\n21.1 versions prior to 21.1R3-S3-EVO;\n21.2 versions prior to 21.2R3-S5-EVO;\n21.3 versions prior to 21.3R3-S4-EVO;\n21.4 versions prior to 21.4R3-EVO;\n22.1 versions prior to 22.1R3-EVO;\n22.2 versions prior to 22.2R2-EVO;\n22.3 versions prior to 22.3R2-EVO;\n5.5https://nvd.nist.gov/vuln/detail/CVE-2023-36840
CVE-2023-22017Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.46 and Prior to 7.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. Note: This vulnerability applies to Windows VMs only. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).5.5https://nvd.nist.gov/vuln/detail/CVE-2023-22017
CVE-2022-39207Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. During CI/CD builds, it is possible to save build artifacts for later retrieval. They can be accessed through OneDev's web UI after the successful run of a build. These artifact files are served by the webserver in the same context as the UI without any further restrictions. This leads to Cross-Site Scripting (XSS) when a user creates a build artifact that contains HTML. When accessing the artifact, the content is rendered by the browser, including any JavaScript that it contains. Since all cookies (except for the rememberMe one) do not set the HttpOnly flag, an attacker could steal the session of a victim and use it to impersonate them. To exploit this issue, attackers need to be able to modify the content of artifacts, which usually means they need to be able to modify a project's build spec. The exploitation requires the victim to click on an attacker's link. It can be used to elevate privileges by targeting admins of a OneDev instance. In the worst case, this can lead to arbitrary code execution on the server, because admins can create Server Shell Executors and use them to run any command on the server. This issue has been patched in version 7.3.0. Users are advised to upgrade. There are no known workarounds for this issue.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-39207
CVE-2022-39233Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions 12.9.99.228 and above, prior to 14.0.99.24, authorizations are not properly verified when updating the branch prefix used by the GitLab repository integration. Authenticated users can change the branch prefix of any of the GitLab repository integration they can see vie the REST endpoint `PATCH /gitlab_repositories/{id}`. This action should be restricted to Git administrators. This issue is patched in Tuleap Community Edition 14.0.99.24 and Tuleap Enterprise Edition 14.0-3. There are no known workarounds.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-39233
CVE-2022-4811Authorization Bypass Through User-Controlled Key vulnerability in usememos usememos/memos.This issue affects usememos/memos before 0.9.1.\n\n5.4https://nvd.nist.gov/vuln/detail/CVE-2022-4811
CVE-2023-36809Kiwi TCMS, an open source test management system allows users to upload attachments to test plans, test cases, etc. Versions of Kiwi TCMS prior to 12.5 had introduced changes which were meant to serve all uploaded files as plain text in order to prevent browsers from executing potentially dangerous files when such files are accessed directly. The previous Nginx configuration was incorrect allowing certain browsers like Firefox to ignore the `Content-Type: text/plain` header on some occasions thus allowing potentially dangerous scripts to be executed. Additionally, file upload validators and parts of the HTML rendering code had been found to require additional sanitation and improvements. Version 12.5 fixes this vulnerability with updated Nginx content type configuration, improved file upload validation code to prevent more potentially dangerous uploads, and Sanitization of test plan names used in the `tree_view_html()` function.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-36809
CVE-2023-36828Statamic is a flat-first, Laravel and Git powered content management system. Prior to version 4.10.0, the SVG tag does not sanitize malicious SVG. Therefore, an attacker can exploit this vulnerability to perform cross-site scripting attacks using SVG, even when using the `sanitize` function. Version 4.10.0 contains a patch for this issue.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-36828
CVE-2023-27225A cross-site scripting (XSS) vulnerability in User Registration & Login and User Management System with Admin Panel v3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the first and last name field.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-27225
CVE-2023-30322Cross Site Scripting (XSS) vulnerability in username field in /src/chatbotapp/chatWindow.java in Payatu ChatEngine v.1.0, allows attackers to execute arbitrary code.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-30322
CVE-2023-36462Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 2.6.0 and prior to versions 3.5.9, 4.0.5, and 4.1.3, an attacker can craft a verified profile link using specific formatting to conceal arbitrary parts of the link, enabling it to appear to link to a different URL altogether. The link is visually misleading, but clicking on it will reveal the actual link. This can still be used for phishing, though, similar to IDN homograph attacks. Versions 3.5.9, 4.0.5, and 4.1.3 contain a patch for this issue.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-36462
CVE-2023-36829Sentry is an error tracking and performance monitoring platform. Starting in version 23.6.0 and prior to version 23.6.2, the Sentry API incorrectly returns the `access-control-allow-credentials: true` HTTP header if the `Origin` request header ends with the `system.base-hostname` option of Sentry installation. This only affects installations that have `system.base-hostname` option explicitly set, as it is empty by default. Impact is limited since recent versions of major browsers have cross-site cookie blocking enabled by default. However, this flaw could allow other multi-step attacks. The patch has been released in Sentry 23.6.2.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-36829
CVE-2023-34197Zoho ManageEngine ServiceDesk Plus before 14202, ServiceDesk Plus MSP before 14300, and SupportCenter Plus before 14300 have a privilege escalation vulnerability in the Release module that allows unprivileged users to access the Reminders of a release ticket and make modifications.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-34197
CVE-2023-37308Zoho ManageEngine ADAudit Plus before 7100 allows XSS via the username field.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-37308
CVE-2023-3538A vulnerability classified as problematic was found in SimplePHPscripts Photo Gallery PHP 2.0. This vulnerability affects unknown code of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. VDB-233290 is the identifier assigned to this vulnerability.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-3538
CVE-2023-29998A Cross-site scripting (XSS) vulnerability in the content editor in Gis3W g3w-suite 3.5 allows remote authenticated users to inject arbitrary web script or HTML and gain privileges via the description parameter.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-29998
CVE-2021-39014IBM Cloud Object System 3.15.8.97 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 213650.5.4https://nvd.nist.gov/vuln/detail/CVE-2021-39014
CVE-2023-20133A vulnerability in the web interface of Cisco Webex Meetings could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface.\r\n\r This vulnerability exists because of insufficient validation of user-supplied input in Webex Events (classic) programs, email templates, and survey questions. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-20133
CVE-2023-3552Improper Encoding or Escaping of Output in GitHub repository nilsteampassnet/teampass prior to 3.0.10.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-3552
CVE-2021-42083An authenticated attacker is able to create alerts that trigger a stored XSS attack. 5.4https://nvd.nist.gov/vuln/detail/CVE-2021-42083
CVE-2023-2529The Enable SVG Uploads WordPress plugin through 2.1.5 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-2529
CVE-2023-2964The Simple Iframe WordPress plugin before 1.2.0 does not properly validate one of its WordPress block attribute's content, which may allow users whose role is at least that of a contributor to conduct Stored Cross-Site Scripting attacks.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-2964
CVE-2023-3558A vulnerability classified as problematic has been found in GZ Scripts Event Booking Calendar 1.8. Affected is an unknown function of the file /load.php. The manipulation of the argument first_name/second_name/phone/address_1/country leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-233352. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-3558
CVE-2023-36375Cross Site Scripting vulnerability in Hostel Management System v2.1 allows an attacker to execute arbitrary code via a crafted payload to the Guardian name, Guardian relation, complimentary address, city, permanent address, and city parameters in the Book Hostel & Room Details page.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-36375
CVE-2023-30963A security defect was discovered in Foundry Frontend which enabled users to perform Stored XSS attacks in Slate if Foundry's CSP were to be bypassed. This defect was resolved with the release of Foundry Frontend 6.229.0. The service was rolled out to all affected Foundry instances. No further intervention is required.\n\n5.4https://nvd.nist.gov/vuln/detail/CVE-2023-30963
CVE-2023-37657TwoNav v2.0.28-20230624 is vulnerable to Cross Site Scripting (XSS).5.4https://nvd.nist.gov/vuln/detail/CVE-2023-37657
CVE-2023-37658fast-poster v2.15.0 is vulnerable to Cross Site Scripting (XSS). File upload check binary of img, but without strictly check file suffix at /server/fast.py -> ApiUploadHandler.post causes stored XSS5.4https://nvd.nist.gov/vuln/detail/CVE-2023-37658
CVE-2023-3620Cross-site Scripting (XSS) - Stored in GitHub repository amauric/tarteaucitron.js prior to v1.13.1.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-3620
CVE-2023-32052Microsoft Power Apps (online) Spoofing Vulnerability5.4https://nvd.nist.gov/vuln/detail/CVE-2023-32052
CVE-2023-35336Windows MSHTML Platform Security Feature Bypass Vulnerability5.4https://nvd.nist.gov/vuln/detail/CVE-2023-35336
CVE-2023-24896Dynamics 365 Finance Spoofing Vulnerability5.4https://nvd.nist.gov/vuln/detail/CVE-2023-24896
CVE-2023-3403The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pm_upload_csv' function in versions up to, and including, 5.5.1. This makes it possible for authenticated attackers, with subscriber-level permissions or above to import new users and update existing users.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-3403
CVE-2023-22011Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 5.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L).5.4https://nvd.nist.gov/vuln/detail/CVE-2023-22011
CVE-2023-22020Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).5.4https://nvd.nist.gov/vuln/detail/CVE-2023-22020
CVE-2023-22039Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: WebClient). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Agile PLM, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Agile PLM accessible data as well as unauthorized read access to a subset of Oracle Agile PLM accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).5.4https://nvd.nist.gov/vuln/detail/CVE-2023-22039
CVE-2023-22050Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security). Supported versions that are affected are Prior to 9.2.7.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Orchestrator accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Orchestrator accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).5.4https://nvd.nist.gov/vuln/detail/CVE-2023-22050
CVE-2023-22061Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Visual Analyzer). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).5.4https://nvd.nist.gov/vuln/detail/CVE-2023-22061
CVE-2021-21424Symfony is a PHP framework for web and console applications and a set of reusable PHP components. The ability to enumerate users was possible without relevant permissions due to different handling depending on whether the user existed or not when attempting to use the switch users functionality. We now ensure that 403s are returned whether the user exists or not if a user cannot switch to a user or if the user does not exist. The patch for this issue is available for branch 3.4.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-21424
CVE-2021-39193Frontier is Substrate's Ethereum compatibility layer. Prior to commit number 0b962f218f0cdd796dadfe26c3f09e68f7861b26, a bug in `pallet-ethereum` can cause invalid transactions to be included in the Ethereum block state in `pallet-ethereum` due to not validating the input data size. Any invalid transactions included this way have no possibility to alter the internal Ethereum or Substrate state. The transaction will appear to have be included, but is of no effect as it is rejected by the EVM engine. The impact is further limited by Substrate extrinsic size constraints. A patch is available in commit number 0b962f218f0cdd796dadfe26c3f09e68f7861b26. There are no workarounds aside from applying the patch.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-39193
CVE-2022-27779libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl's "cookie engine" can bebuilt with or without [Public Suffix List](https://publicsuffix.org/)awareness. If PSL support not provided, a more rudimentary check exists to atleast prevent cookies from being set on TLDs. This check was broken if thehost name in the URL uses a trailing dot.This can allow arbitrary sites to set cookies that then would get sent to adifferent and unrelated site or domain.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-27779
CVE-2022-2400External Control of File Name or Path in GitHub repository dompdf/dompdf prior to 2.0.0.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-2400
CVE-2021-39190The SCCM plugin for GLPI is a plugin to synchronize computers from SCCM (version 1802) to GLPI. In versions prior to 2.3.0, the Configuration page is publicly accessible in read-only mode. This issue is patched in version 2.3.0. No known workarounds exist.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-39190
CVE-2022-2350The Disable User Login WordPress plugin through 1.0.1 does not have authorisation and CSRF checks when updating its settings, allowing unauthenticated attackers to block (or unblock) users at will.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-2350
CVE-2022-39315Kirby is a Content Management System. Prior to versions 3.5.8.2, 3.6.6.2, 3.7.5.1, and 3.8.1, a user enumeration vulnerability affects all Kirby sites with user accounts unless Kirby's API and Panel are disabled in the config. It can only be exploited for targeted attacks because the attack does not scale to brute force. The problem has been patched in Kirby 3.5.8.2, Kirby 3.6.6.2, Kirby 3.7.5.1, and Kirby 3.8.1. In all of the mentioned releases, the maintainers have rewritten the affected code so that the delay is also inserted after the brute force limit is reached.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-39315
CVE-2022-39329Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server and Nextcloud Enterprise Server prior to versions 23.0.9 and 24.0.5 are vulnerable to exposure of information that cannot be controlled by administrators without direct database access. Versions 23.0.9 and 24.0.5 contains patches for this issue. No known workarounds are available.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-39329
CVE-2022-39307Grafana is an open-source platform for monitoring and observability. When using the forget password on the login page, a POST request is made to the `/api/user/password/sent-reset-email` URL. When the username or email does not exist, a JSON response contains a “user not found” message. This leaks information to unauthenticated users and introduces a security risk. This issue has been patched in 9.2.4 and backported to 8.5.15. There are no known workarounds.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-39307
CVE-2021-4240A vulnerability, which was classified as problematic, was found in phpservermon. This affects the function generatePasswordResetToken of the file src/psm/Service/User.php. The manipulation leads to use of predictable algorithm in random number generator. The exploit has been disclosed to the public and may be used. The name of the patch is 3daa804d5f56c55b3ae13bfac368bb84ec632193. It is recommended to apply a patch to fix this issue. The identifier VDB-213717 was assigned to this vulnerability.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-4240
CVE-2021-4241A vulnerability, which was classified as problematic, was found in phpservermon. Affected is the function setUserLoggedIn of the file src/psm/Service/User.php. The manipulation leads to use of predictable algorithm in random number generator. The exploit has been disclosed to the public and may be used. The name of the patch is bb10a5f3c68527c58073258cb12446782d223bc3. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213744.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-4241
CVE-2022-36354A heap out-of-bounds read vulnerability exists in the RLA format parser of OpenImageIO master-branch-9aeece7a and v2.3.19.0. More specifically, in the way run-length encoded byte spans are handled. A malformed RLA file can lead to an out-of-bounds read of heap metadata which can result in sensitive information leak. An attacker can provide a malicious file to trigger this vulnerability.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-36354
CVE-2022-4057The Autoptimize WordPress plugin before 3.1.0 uses an easily guessable path to store plugin's exported settings and logs.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-4057
CVE-2023-21830Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf; Oracle GraalVM Enterprise Edition: 20.3.8 and 21.3.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).5.3https://nvd.nist.gov/vuln/detail/CVE-2023-21830
CVE-2022-27891Palantir Gotham included an unauthenticated endpoint that listed all active usernames on the stack with an active session. The affected services have been patched and automatically deployed to all Apollo-managed Gotham instances. It is highly recommended that customers upgrade all affected services to the latest version. This issue affects: Palantir Gotham versions prior to 103.30221005.0.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-27891
CVE-2023-21971Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.32 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors as well as unauthorized update, insert or delete access to some of MySQL Connectors accessible data and unauthorized read access to a subset of MySQL Connectors accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H).5.3https://nvd.nist.gov/vuln/detail/CVE-2023-21971
CVE-2023-34450CometBFT is a Byzantine Fault Tolerant (BFT) middleware that takes a state transition machine and replicates it on many machines. An internal modification made in versions 0.34.28 and 0.37.1 to the way struct `PeerState` is serialized to JSON introduced a deadlock when new function MarshallJSON is called. This function can be called from two places. The first is via logs, setting the `consensus` logging module to "debug" level (should not happen in production), and setting the log output format to JSON. The second is via RPC `dump_consensus_state`.\n\nCase 1, which should not be hit in production, will eventually hit the deadlock in most goroutines, effectively halting the node.\n\nIn case 2, only the data structures related to the first peer will be deadlocked, together with the thread(s) dealing with the RPC request(s). This means that only one of the channels of communication to the node's peers will be blocked. Eventually the peer will timeout and excluded from the list (typically after 2 minutes). The goroutines involved in the deadlock will not be garbage collected, but they will not interfere with the system after the peer is excluded.\n\nThe theoretical worst case for case 2, is a network with only two validator nodes. In this case, each of the nodes only has one `PeerState` struct. If `dump_consensus_state` is called in either node (or both), the chain will halt until the peer connections time out, after which the nodes will reconnect (with different `PeerState` structs) and the chain will progress again. Then, the same process can be repeated.\n\nAs the number of nodes in a network increases, and thus, the number of peer struct each node maintains, the possibility of reproducing the perturbation visible with two nodes decreases. Only the first `PeerState` struct will deadlock, and not the others (RPC `dump_consensus_state` accesses them in a for loop, so the deadlock at the first iteration causes the rest of the iterations of that "for" loop to never be reached).\n\nThis regression was fixed in versions 0.34.29 and 0.37.2. Some workarounds are available. For case 1 (hitting the deadlock via logs), either don't set the log output to "json", leave at "plain", or don't set the consensus logging module to "debug", leave it at "info" or higher. For case 2 (hitting the deadlock via RPC `dump_consensus_state`), do not expose `dump_consensus_state` RPC endpoint to the public internet (e.g., via rules in one's nginx setup).5.3https://nvd.nist.gov/vuln/detail/CVE-2023-34450
CVE-2023-37378Nullsoft Scriptable Install System (NSIS) before 3.09 mishandles access control for an uninstaller directory.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-37378
CVE-2023-35863In MADEFORNET HTTP Debugger through 9.12, the Windows service does not set the seclevel registry key before launching the driver. Thus, it is possible for an unprivileged application to obtain a handle to the NetFilterSDK wrapper before the service obtains exclusive access.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-35863
CVE-2023-37238Vulnerability of apps' permission to access a certain API being incompletely verified in the wireless projection module. Successful exploitation of this vulnerability may affect some wireless projection features.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-37238
CVE-2023-3456Vulnerability of kernel raw address leakage in the hang detector module. Successful exploitation of this vulnerability may affect service confidentiality.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-3456
CVE-2023-33008Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache Johnzon.\n\n\nA malicious attacker can craft up some JSON input that uses large numbers (numbers such as 1e20000000) that Apache Johnzon will deserialize into BigDecimal and maybe use numbers too large which may result in a slow conversion (Denial of service risk). Apache Johnzon 1.2.21 mitigates this by setting a scale limit of 1000 (by default) to the BigDecimal. \n\n\nThis issue affects Apache Johnzon: through 1.2.20.\n\n5.3https://nvd.nist.gov/vuln/detail/CVE-2023-33008
CVE-2023-2796The EventON WordPress plugin before 2.1.2 lacks authentication and authorization in its eventon_ics_download ajax action, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-2796
CVE-2023-35698\nObservable Response Discrepancy in the SICK ICR890-4 could allow a remote attacker to identify valid usernames for the FTP server from the response given during a failed login\nattempt.\n\n5.3https://nvd.nist.gov/vuln/detail/CVE-2023-35698
CVE-2023-3219The EventON WordPress plugin before 2.1.2 does not validate that the event_id parameter in its eventon_ics_download ajax action is a valid Event, allowing unauthenticated visitors to access any Post (including unpublished or protected posts) content via the ics export functionality by providing the numeric id of the post.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-3219
CVE-2023-30956A security defect was identified in Foundry Comments that enabled a user to discover the contents of an attachment submitted to another comment if they knew the internal UUID of the target attachment. This defect was resolved with the release of Foundry Comments 2.267.0.\n5.3https://nvd.nist.gov/vuln/detail/CVE-2023-30956
CVE-2023-2079The "Buy Me a Coffee – Button and Widget Plugin" plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the recieve_post, bmc_disconnect, name_post, and widget_post functions in versions up to, and including, 3.7. This makes it possible for unauthenticated attackers to update the plugins settings, via a forged request granted the attacker can trick a site's administrator into performing an action such as clicking on a link.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-2079
CVE-2023-31405SAP NetWeaver AS for Java - versions ENGINEAPI 7.50, SERVERCORE 7.50, J2EE-APPS 7.50, allows an unauthenticated attacker to craft a request over the network which can result in unwarranted modifications to a system log without user interaction. There is no ability to view any information or any effect on availability.\n\n5.3https://nvd.nist.gov/vuln/detail/CVE-2023-31405
CVE-2023-36919In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the Referrer-Policy response header is not implemented, allowing an unauthenticated attacker to obtain referrer details, resulting in information disclosure.\n\n5.3https://nvd.nist.gov/vuln/detail/CVE-2023-36919
CVE-2022-29562A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). Affected devices do not properly handle malformed HTTP packets. This could allow an unauthenticated remote attacker to send a malformed HTTP packet causing certain functions to fail in a controlled manner.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-29562
CVE-2023-35373Mono Authenticode Validation Spoofing Vulnerability5.3https://nvd.nist.gov/vuln/detail/CVE-2023-35373
CVE-2023-34036\nReactive web applications that use Spring HATEOAS to produce hypermedia-based responses might be exposed to malicious forwarded headers if they are not behind a trusted proxy that ensures correctness of such headers, or if they don't have anything else in place to handle (and possibly discard) forwarded headers either in WebFlux or at the level of the underlying HTTP server.\n\nFor the application to be affected, it needs to satisfy the following requirements:\n\n * It needs to use the reactive web stack (Spring WebFlux) and Spring HATEOAS to create links in hypermedia-based responses.\n * The application infrastructure does not guard against clients submitting (X-)Forwarded… headers.\n\n\n\n\n\n5.3https://nvd.nist.gov/vuln/detail/CVE-2023-34036
CVE-2023-3709The Royal Elementor Addons plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 1.3.70 due to the plugin adding the API key to the source code of any page running the MailChimp block. This makes it possible for unauthenticated attackers to obtain a site's MailChimp API key. We recommend resetting any MailChimp API keys if running a vulnerable version of this plugin with the MailChimp block enabled as the API key may have been compromised.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-3709
CVE-2023-22041Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK executes to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).5.1https://nvd.nist.gov/vuln/detail/CVE-2023-22041
CVE-2023-35936Pandoc is a Haskell library for converting from one markup format to another, and a command-line tool that uses this library. Starting in version 1.13 and prior to version 3.1.4, Pandoc is susceptible to an arbitrary file write vulnerability, which can be triggered by providing a specially crafted image element in the input when generating files using the `--extract-media` option or outputting to PDF format. This vulnerability allows an attacker to create or overwrite arbitrary files on the system ,depending on the privileges of the process running pandoc. It only affects systems that pass untrusted user input to pandoc and allow pandoc to be used to produce a PDF or with the `--extract-media` option.\n\nThe fix is to unescape the percent-encoding prior to checking that the resource is not above the working directory, and prior to extracting the extension. Some code for checking that the path is below the working directory was flawed in a similar way and has also been fixed. Note that the `--sandbox` option, which only affects IO done by readers and writers themselves, does not block this vulnerability. The vulnerability is patched in pandoc 3.1.4. As a workaround, audit the pandoc command and disallow PDF output and the `--extract-media` option.\n5https://nvd.nist.gov/vuln/detail/CVE-2023-35936
CVE-2022-23621XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with SCRIPT right can read any file located in the XWiki WAR (for example xwiki.cfg and xwiki.properties) through XWiki#invokeServletAndReturnAsString as `$xwiki.invokeServletAndReturnAsString("/WEB-INF/xwiki.cfg")`. This issue has been patched in XWiki versions 12.10.9, 13.4.3 and 13.7-rc-1. Users are advised to update. The only workaround is to limit SCRIPT right.4.9https://nvd.nist.gov/vuln/detail/CVE-2022-23621
CVE-2021-42079An authenticated administrator is able to prepare an alert that is able to execute an SSRF attack. This is exclusively with POST requests.4.9https://nvd.nist.gov/vuln/detail/CVE-2021-42079
CVE-2023-32083Microsoft Failover Cluster Information Disclosure Vulnerability4.9https://nvd.nist.gov/vuln/detail/CVE-2023-32083
CVE-2023-21950Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.27 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).4.9https://nvd.nist.gov/vuln/detail/CVE-2023-21950
CVE-2023-22007Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 5.7.41 and prior and 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).4.9https://nvd.nist.gov/vuln/detail/CVE-2023-22007
CVE-2023-22008Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).4.9https://nvd.nist.gov/vuln/detail/CVE-2023-22008
CVE-2023-22034Vulnerability in the Unified Audit component of Oracle Database Server. Supported versions that are affected are 19.3-19.19 and 21.3-21.10. Easily exploitable vulnerability allows high privileged attacker having SYSDBA privilege with network access via Oracle Net to compromise Unified Audit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Unified Audit accessible data. CVSS 3.1 Base Score 4.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N).4.9https://nvd.nist.gov/vuln/detail/CVE-2023-22034
CVE-2023-22046Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).4.9https://nvd.nist.gov/vuln/detail/CVE-2023-22046
CVE-2023-22054Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).4.9https://nvd.nist.gov/vuln/detail/CVE-2023-22054
CVE-2023-22056Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).4.9https://nvd.nist.gov/vuln/detail/CVE-2023-22056
CVE-2023-22057Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).4.9https://nvd.nist.gov/vuln/detail/CVE-2023-22057
CVE-2023-20188A vulnerability in the web-based management interface of Cisco Small Business 200 Series Smart Switches, Cisco Small Business 300 Series Managed Switches, and Cisco Small Business 500 Series Stackable Managed Switches could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface on an affected device.\r\n\r This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to view a page containing malicious HTML or script content. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need to have valid credentials to access the web-based management interface of the affected device.\r\n\r Cisco has not released software updates to address this vulnerability.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-20188
CVE-2023-37061Chamilo 1.11.x up to 1.11.20 allows users with an admin privilege account to insert XSS in the languages management section.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-37061
CVE-2023-37062Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the course categories' definition.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-37062
CVE-2023-37063Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the careers & promotions management section.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-37063
CVE-2023-37064Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the extra fields management section.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-37064
CVE-2023-37065Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the session category management section.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-37065
CVE-2023-37066Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the skills wheel.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-37066
CVE-2023-37067Chamilo 1.11.x up to 1.11.20 allows users with admin privilege account to insert XSS in the classes/usergroups management section.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-37067
CVE-2023-37269Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Users with the `backend.manage_branding` permission can upload SVGs as the application logo. Prior to version 1.2.3, SVG uploads were not sanitized, which could have allowed a stored cross-site scripting (XSS) attack. To exploit the vulnerability, an attacker would already need to have developer or super user level permissions in Winter CMS. This means they would already have extensive access and control within the system. Additionally, to execute the XSS, the attacker would need to convince the victim to directly visit the URL of the maliciously uploaded SVG, and the application would have to be using local storage where uploaded files are served under the same domain as the application itself instead of a CDN. This is because all SVGs in Winter CMS are rendered through an `img` tag, which prevents any payloads from being executed directly. These two factors significantly limit the potential harm of this vulnerability. This issue has been patched in v1.2.3 through the inclusion of full support for SVG uploads and automatic sanitization of uploaded SVG files. As a workaround, one may apply the patches manually.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-37269
CVE-2023-32000A Cross-Site Scripting (XSS) vulnerability found in UniFi Network (Version 7.3.83 and earlier) allows a malicious actor with Site Administrator credentials to escalate privileges by persuading an Administrator to visit a malicious web page.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-32000
CVE-2023-2026The Image Protector WordPress plugin through 1.1 does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).4.8https://nvd.nist.gov/vuln/detail/CVE-2023-2026
CVE-2023-2028The Call Now Accessibility Button WordPress plugin before 1.1 does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).4.8https://nvd.nist.gov/vuln/detail/CVE-2023-2028
CVE-2023-2029The PrePost SEO WordPress plugin through 3.0 does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)4.8https://nvd.nist.gov/vuln/detail/CVE-2023-2029
CVE-2023-2578The Buy Me a Coffee WordPress plugin before 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).4.8https://nvd.nist.gov/vuln/detail/CVE-2023-2578
CVE-2023-2635The Call Now Accessibility Button WordPress plugin before 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)4.8https://nvd.nist.gov/vuln/detail/CVE-2023-2635
CVE-2023-2709The AN_GradeBook WordPress plugin through 5.0.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).4.8https://nvd.nist.gov/vuln/detail/CVE-2023-2709
CVE-2023-2967The TinyMCE Custom Styles WordPress plugin before 1.1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).4.8https://nvd.nist.gov/vuln/detail/CVE-2023-2967
CVE-2023-36376Cross-Site Scripting (XSS) vulnerability in Hostel Management System v.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the add course section.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-36376
CVE-2023-3129The URL Shortify WordPress plugin before 1.7.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)4.8https://nvd.nist.gov/vuln/detail/CVE-2023-3129
CVE-2023-3175The AI ChatBot WordPress plugin before 4.6.1 does not adequately escape some settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-3175
CVE-2023-3225The Float menu WordPress plugin before 5.0.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)4.8https://nvd.nist.gov/vuln/detail/CVE-2023-3225
CVE-2023-36940Cross Site Scripting (XSS) vulnerability in PHPGurukul Online Fire Reporting System Using PHP and MySQL v.1.2 allows attackers to execute arbitrary code via a crafted payload injected into the search field.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-36940
CVE-2023-37191A stored cross-site scripting (XSS) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Group and Description parameters.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-37191
CVE-2023-37189A stored cross site scripting (XSS) vulnerability in index.php?menu=billing_rates of Issabel PBX version 4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Name or Prefix fields under the Create New Rate module.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-37189
CVE-2023-37190A stored cross-site scripting (XSS) vulnerability in Issabel issabel-pbx v.4.0.0-6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Virtual Fax Name and Caller ID Name parameters under the New Virtual Fax feature.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-37190
CVE-2023-24496Cross-site scripting (xss) vulnerabilities exist in the requestHandlers.js detail_device functionality of Milesight VPN v2.0.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger these vulnerabilities.This XSS is exploited through the name field of the database.4.7https://nvd.nist.gov/vuln/detail/CVE-2023-24496
CVE-2023-24497Cross-site scripting (xss) vulnerabilities exist in the requestHandlers.js detail_device functionality of Milesight VPN v2.0.2. A specially-crafted HTTP request can lead to arbitrary Javascript code injection. An attacker can send an HTTP request to trigger these vulnerabilities.This XSS is exploited through the remote_subnet field of the database4.7https://nvd.nist.gov/vuln/detail/CVE-2023-24497
CVE-2023-36836A Use of an Uninitialized Resource vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with low privileges to cause a Denial of Service (DoS).\n\nOn all Junos OS and Junos OS Evolved platforms, in a Multicast only Fast Reroute (MoFRR) scenario, the rpd process can crash when a a specific low privileged CLI command is executed. The rpd crash will impact all routing protocols until the process has automatically been restarted. As the operational state which makes this issue exploitable is outside the attackers control, this issue is considered difficult to exploit. Continued execution of this command will lead to a sustained DoS.\n\nThis issue affects:\nJuniper Networks Junos OS\n19.4 version 19.4R3-S5 and later versions prior to 19.4R3-S9;\n20.1 version 20.1R2 and later versions;\n20.2 versions prior to 20.2R3-S7;\n20.3 versions prior to 20.3R3-S5;\n20.4 versions prior to 20.4R3-S6;\n21.1 versions prior to 21.1R3-S4;\n21.2 versions prior to 21.2R3-S2;\n21.3 versions prior to 21.3R3-S1;\n21.4 versions prior to 21.4R3;\n22.1 versions prior to 22.1R1-S2, 22.1R2;\n22.2 versions prior to 22.2R2.\n\nJuniper Networks Junos OS Evolved\nAll versions prior to 20.4R3-S6-EVO;\n21.1-EVO version 21.1R1-EVO and later versions;\n21.2-EVO version 21.2R1-EVO and later versions;\n21.3-EVO versions prior to 21.3R3-S1-EVO;\n21.4-EVO versions prior to 21.4R3-EVO;\n22.1-EVO versions prior to 22.1R1-S2-EVO, 22.1R2-EVO;\n22.2-EVO versions prior to 22.2R2-EVO.\n4.7https://nvd.nist.gov/vuln/detail/CVE-2023-36836
CVE-2022-39873Improper authorization vulnerability in Samsung Internet prior to version 18.0.4.14 allows physical attackers to add bookmarks in secret mode without user authentication.4.6https://nvd.nist.gov/vuln/detail/CVE-2022-39873
CVE-2023-3520Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository it-novum/openitcockpit prior to 4.6.6.4.6https://nvd.nist.gov/vuln/detail/CVE-2023-3520
CVE-2023-30676Improper access control vulnerability in Samsung Pass prior to version 4.2.03.1 allows physical attackers to access data of Samsung Pass.4.6https://nvd.nist.gov/vuln/detail/CVE-2023-30676
CVE-2023-30677Improper access control vulnerability in Samsung Pass prior to version 4.2.03.1 allows physical attackers to access data of Samsung Pass on a certain state of an unlocked device.4.6https://nvd.nist.gov/vuln/detail/CVE-2023-30677
CVE-2023-37453An issue was discovered in the USB subsystem in the Linux kernel through 6.4.2. There is an out-of-bounds and crash in read_descriptors in drivers/usb/core/sysfs.c.4.6https://nvd.nist.gov/vuln/detail/CVE-2023-37453
CVE-2023-35699\nCleartext Storage on Disk in the SICK ICR890-4 could allow an unauthenticated attacker with local access to the device to disclose sensitive information by accessing a SD card.\n\n\n4.6https://nvd.nist.gov/vuln/detail/CVE-2023-35699
CVE-2023-30665Improper input validation vulnerability in OnOemServiceMode in libsec-ril prior to SMR Jul-2023 Release 1 allows local attackers to cause an Out-Of-Bounds read.4.4https://nvd.nist.gov/vuln/detail/CVE-2023-30665
CVE-2023-3369The About Me 3000 widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.4.4https://nvd.nist.gov/vuln/detail/CVE-2023-3369
CVE-2023-33896In libimpl-ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.4.4https://nvd.nist.gov/vuln/detail/CVE-2023-33896
CVE-2023-33897In libimpl-ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.4.4https://nvd.nist.gov/vuln/detail/CVE-2023-33897
CVE-2023-22005Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).4.4https://nvd.nist.gov/vuln/detail/CVE-2023-22005
CVE-2023-22031Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 14.1.1.0.0 and 12.2.1.4.0. Difficult to exploit vulnerability allows high privileged attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).4.4https://nvd.nist.gov/vuln/detail/CVE-2023-22031
CVE-2023-22033Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).4.4https://nvd.nist.gov/vuln/detail/CVE-2023-22033
CVE-2023-22058Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).4.4https://nvd.nist.gov/vuln/detail/CVE-2023-22058
CVE-2021-41250Python discord bot is the community bot for the Python Discord community. In affected versions when a non-blacklisted URL and an otherwise triggering filter token is included in the same message the token filter does not trigger. This means that by including any non-blacklisted URL moderation filters can be bypassed. This issue has been resolved in commit 67390298852513d13e0213870e50fb3cff1424e04.3https://nvd.nist.gov/vuln/detail/CVE-2021-41250
CVE-2022-27218Jenkins incapptic connect uploader Plugin 1.15 and earlier stores tokens unencrypted in job config.xml files on the Jenkins controller where they can be viewed by users with Extended Read permission, or access to the Jenkins controller file system.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-27218
CVE-2022-39272Flux is an open and extensible continuous delivery solution for Kubernetes. Versions prior to 0.35.0 are subject to a Denial of Service. Users that have permissions to change Flux’s objects, either through a Flux source or directly within a cluster, can provide invalid data to fields `.spec.interval` or `.spec.timeout` (and structured variations of these fields), causing the entire object type to stop being processed. This issue is patched in version 0.35.0. As a workaround, Admission controllers can be employed to restrict the values that can be used for fields `.spec.interval` and `.spec.timeout`, however upgrading to the latest versions is still the recommended mitigation.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-39272
CVE-2022-4734Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository usememos/memos prior to 0.9.1.\n\n4.3https://nvd.nist.gov/vuln/detail/CVE-2022-4734
CVE-2022-3994The Authenticator WordPress plugin before 1.3.1 does not prevent subscribers from updating a site's feed access token, which may deny other users access to the functionality in certain configurations.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-3994
CVE-2022-3923The ActiveCampaign for WooCommerce WordPress plugin through 1.9.6 does not have authorisation check when cleaning up its error logs via an AJAX action, which could allow any authenticated users, such as subscriber to call it and remove error logs.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-3923
CVE-2022-4872The Chained Products WordPress plugin before 2.12.0 does not have authorisation and CSRF checks, as well as does not ensure that the option to be updated belong to the plugin, allowing unauthenticated attackers to set arbitrary options to 'no'4.3https://nvd.nist.gov/vuln/detail/CVE-2022-4872
CVE-2023-30641Improper access control vulnerability in Settings prior to SMR Jul-2023 Release 1 allows physical attacker to use restricted user profile to access device owner&#39;s google account data.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-30641
CVE-2023-26138All versions of the package drogonframework/drogon are vulnerable to CRLF Injection when untrusted user input is used to set request headers in the addHeader function. An attacker can add the \\r\\n (carriage return line feeds) characters and inject additional headers in the request sent.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-26138
CVE-2020-8934The Site Kit by Google plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions up to, and including, 1.8.0 This is due to the lack of capability checks on the admin_enqueue_scripts action which displays the connection key. This makes it possible for authenticated attackers with any level of access obtaining owner access to a site in the Google Search Console. We recommend upgrading to V1.8.1 or above.\n4.3https://nvd.nist.gov/vuln/detail/CVE-2020-8934
CVE-2023-37264Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 0.35.0, pipelines do not validate child UIDs, which means that a user that has access to create TaskRuns can create their own Tasks that the Pipelines controller will accept as the child Task. While the software stores and validates the PipelineRun's (api version, kind, name, uid) in the child Run's OwnerReference, it only store (api version, kind, name) in the ChildStatusReference. This means that if a client had access to create TaskRuns on a cluster, they could create a child TaskRun for a pipeline with the same name + owner reference, and the Pipeline controller picks it up as if it was the original TaskRun. This is problematic since it can let users modify the config of Pipelines at runtime, which violates SLSA L2 Service Generated / Non-falsifiable requirements. This issue can be used to trick the Pipeline controller into associating unrelated Runs to the Pipeline, feeding its data through the rest of the Pipeline. This requires access to create TaskRuns, so impact may vary depending on one Tekton setup. If users already have unrestricted access to create any Task/PipelineRun, this does not grant any additional capabilities. As of time of publication, there are no known patches for this issue.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-37264
CVE-2023-20180A vulnerability in the web interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.\r\n\r This vulnerability is due to insufficient CSRF protections for the web interface on an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a malicious link. A successful exploit could allow the attacker to perform arbitrary actions. These actions could include joining meetings and scheduling training sessions.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-20180
CVE-2023-23487IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to insufficient audit logging. IBM X-Force ID: 245918.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-23487
CVE-2023-28953IBM Cognos Analytics on Cloud Pak for Data 4.0 could allow an attacker to make system calls that might compromise the security of the containers due to misconfigured security context. IBM X-Force ID: 251465.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-28953
CVE-2023-2495The Greeklish-permalink WordPress plugin through 3.3 does not implement correct authorization or nonce checks in the cyrtrans_ajax_old AJAX action, allowing unauthenticated and low-privilege users to trigger the plugin's functionality to change Post slugs either directly or through CSRF.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-2495
CVE-2023-35887Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache MINA.\n\nIn SFTP servers implemented using Apache MINA SSHD that use a RootedFileSystem, logged users may be able to discover "exists/does not exist" information about items outside the rooted tree via paths including parent navigation ("..") beyond the root, or involving symlinks.\n\nThis issue affects Apache MINA: from 1.0 before 2.10. Users are recommended to upgrade to 2.10\n4.3https://nvd.nist.gov/vuln/detail/CVE-2023-35887
CVE-2023-3580Improper Handling of Additional Special Element in GitHub repository squidex/squidex prior to 7.4.0.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-3580
CVE-2023-24490Users with only access to launch VDA applications can launch an unauthorized desktop\n4.3https://nvd.nist.gov/vuln/detail/CVE-2023-24490
CVE-2023-30960A security defect was discovered in Foundry job-tracker that enabled users to query metadata related to builds on resources they did not have access to. This defect was resolved with the release of job-tracker 4.645.0. The service was rolled out to all affected Foundry instances. No further intervention is required.\n\n\n\n4.3https://nvd.nist.gov/vuln/detail/CVE-2023-30960
CVE-2023-2078The "Buy Me a Coffee – Button and Widget Plugin" plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on the recieve_post, bmc_disconnect, name_post, and widget_post functions in versions up to, and including, 3.7. This makes it possible for authenticated attackers, with minimal permissions such as subscribers, to update the plugins settings. CVE-2023-25030 may be a duplicate of this issue.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-2078
CVE-2023-35044Cross-Site Request Forgery (CSRF) vulnerability in Drew Phillips Securimage-WP plugin <= 3.6.16 versions.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-35044
CVE-2020-36750The EWWW Image Optimizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.8.1. This is due to missing or incorrect nonce validation on the ewww_ngg_bulk_init() function. This makes it possible for unauthenticated attackers to perform bulk image optimization via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.4.3https://nvd.nist.gov/vuln/detail/CVE-2020-36750
CVE-2021-4407The Custom Banners plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.2 This is due to missing or incorrect nonce validation on the saveCustomFields() function. This makes it possible for unauthenticated attackers to save custom fields via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-4407
CVE-2021-4408The DW Question & Answer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.8. This is due to missing or incorrect nonce validation on the update_answer() function. This makes it possible for unauthenticated attackers to update answers to questions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-4408
CVE-2021-4409The WooCommerce Etsy Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.3.1. This is due to missing or incorrect nonce validation on the etcpf_delete_feed() function. This makes it possible for unauthenticated attackers to delete an export feed via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-4409
CVE-2021-4410The Qtranslate Slug plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.18. This is due to missing or incorrect nonce validation on the save_postdata() function. This makes it possible for unauthenticated attackers to save post data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-4410
CVE-2021-4411The WP EasyPay – Square for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.0. This is due to missing or incorrect nonce validation on the wpep_download_transaction_in_excel() function. This makes it possible for unauthenticated attackers to trigger a transactions download via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-4411
CVE-2021-4412The WP Prayer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.5. This is due to missing or incorrect nonce validation on the save() and export() functions. This makes it possible for unauthenticated attackers to save plugin settings and trigger a data export via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-4412
CVE-2021-4413The Process Steps Template Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on the save() function. This makes it possible for unauthenticated attackers to save field icons via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-4413
CVE-2021-4414The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.8.5. This is due to missing or incorrect nonce validation on the wcal_preview_emails() function. This makes it possible for unauthenticated attackers to generate email preview templates via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-4414
CVE-2021-4415The Sunshine Photo Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.28 This is due to missing or incorrect nonce validation on the sunshine_products_quicksave_post() function. This makes it possible for unauthenticated attackers to save custom post data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-4415
CVE-2021-4416The wp-mpdf plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.1. This is due to missing or incorrect nonce validation on the mpdf_admin_savepost() function. This makes it possible for unauthenticated attackers to save post data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-4416
CVE-2021-4417The Forminator – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.13.4. This is due to missing or incorrect nonce validation on the listen_for_saving_export_schedule() function. This makes it possible for unauthenticated attackers to export form submissions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-4417
CVE-2020-36752The Coming Soon & Maintenance Mode Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.57. This is due to missing or incorrect nonce validation on the save_meta_box() function. This makes it possible for unauthenticated attackers to save meta boxes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.4.3https://nvd.nist.gov/vuln/detail/CVE-2020-36752
CVE-2023-2517The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.3.2. This is due to missing or incorrect nonce validation on the permalink_setup function. This makes it possible for unauthenticated attackers to change the permalink structure via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. While nonce verification is implemented, verification only takes place when a nonce is provided.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-2517
CVE-2023-2561The Gallery Metabox for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the gallery_remove function in versions up to, and including, 1.5. This makes it possible for subscriber-level attackers to modify galleries attached to posts and pages with this plugin.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-2561
CVE-2023-2562The Gallery Metabox for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the refresh_metabox function in versions up to, and including, 1.5. This makes it possible for subscriber-level attackers to obtain a list of images attached to a post.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-2562
CVE-2023-2869The WP-Members Membership plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the do_field_reorder function in versions up to, and including, 3.4.7.3. This makes it possible for authenticated attackers with subscriber-level access to reorder form elements on login forms.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-2869
CVE-2023-3199The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_status_order_title function. This makes it possible for unauthenticated attackers to update status order title via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-3199
CVE-2023-3202The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_firebase_server_key function. This makes it possible for unauthenticated attackers to update the firebase server key to push notification when order status changed via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-3202
CVE-2020-36756The 10WebAnalytics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.8. This is due to missing or incorrect nonce validation on the create_csv_file() function. This makes it possible for unauthenticated attackers to create a CSV file via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.4.3https://nvd.nist.gov/vuln/detail/CVE-2020-36756
CVE-2020-36757The WP Hotel Booking plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.10.1. This is due to missing or incorrect nonce validation on the admin_add_order_item() function. This makes it possible for unauthenticated attackers to add an order item via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.4.3https://nvd.nist.gov/vuln/detail/CVE-2020-36757
CVE-2021-4419The WP-Backgrounds Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on the ino_save_data() function. This makes it possible for unauthenticated attackers to save meta data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-4419
CVE-2021-4420The Sell Media plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.5. This is due to missing or incorrect nonce validation on the sell_media_process() function. This makes it possible for unauthenticated attackers to sell media paypal orders via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-4420
CVE-2021-4421The Advanced Popups plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the metabox_popup_save() function. This makes it possible for unauthenticated attackers to save meta tags via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-4421
CVE-2021-4422The POST SMTP Mailer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.20. This is due to missing or incorrect nonce validation on the handleCsvExport() function. This makes it possible for unauthenticated attackers to trigger a CSV export via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-4422
CVE-2021-4423The RAYS Grid plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.2. This is due to missing or incorrect nonce validation on the rsgd_insert_update() function. This makes it possible for unauthenticated attackers to update post fields via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-4423
CVE-2021-4424The Slider Hero plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.2.0. This is due to missing or incorrect nonce validation on the qc_slider_hero_duplicate() function. This makes it possible for unauthenticated attackers to duplicate slides via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-4424
CVE-2020-36760The Ocean Extra plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.5]. This is due to missing or incorrect nonce validation on the add_core_extensions_bundle_validation() function. This makes it possible for unauthenticated attackers to validate extension bundles via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.4.3https://nvd.nist.gov/vuln/detail/CVE-2020-36760
CVE-2020-36761The Top 10 plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.10.4. This is due to missing or incorrect nonce validation on the tptn_export_tables() function. This makes it possible for unauthenticated attackers to generate an export of the top 10 table via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.4.3https://nvd.nist.gov/vuln/detail/CVE-2020-36761
CVE-2021-4425The Defender Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.6. This is due to missing or incorrect nonce validation on the verify_otp_login_time() function. This makes it possible for unauthenticated attackers to verify a one time login via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-4425
CVE-2021-4426The Absolute Reviews plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.8. This is due to missing or incorrect nonce validation on the metabox_review_save() function. This makes it possible for unauthenticated attackers to save meta tags via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-4426
CVE-2021-4427The Vuukle Comments, Reactions, Share Bar, Revenue plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.31. This is due to missing or incorrect nonce validation in the /admin/partials/free-comments-for-wordpress-vuukle-admin-display.php file. This makes it possible for unauthenticated attackers to edit the plugins settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-4427
CVE-2023-36883Microsoft Edge for iOS Spoofing Vulnerability4.3https://nvd.nist.gov/vuln/detail/CVE-2023-36883
CVE-2023-22004Vulnerability in the Oracle Applications Technology product of Oracle E-Business Suite (component: Reports Configuration). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Technology accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).4.3https://nvd.nist.gov/vuln/detail/CVE-2023-22004
CVE-2023-22009Vulnerability in the Oracle Self-Service Human Resources product of Oracle E-Business Suite (component: Workforce Management). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Self-Service Human Resources. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Self-Service Human Resources accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).4.3https://nvd.nist.gov/vuln/detail/CVE-2023-22009
CVE-2023-22012Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). The supported version that is affected is 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).4.3https://nvd.nist.gov/vuln/detail/CVE-2023-22012
CVE-2023-22013Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).4.3https://nvd.nist.gov/vuln/detail/CVE-2023-22013
CVE-2023-22021Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).4.3https://nvd.nist.gov/vuln/detail/CVE-2023-22021
CVE-2023-22027Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). The supported version that is affected is 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).4.3https://nvd.nist.gov/vuln/detail/CVE-2023-22027
CVE-2023-2538A CWE-552 "Files or Directories Accessible to External Parties” in the web interface of the Tyan S5552 BMC version 3.00 allows an unauthenticated remote attacker to retrieve the private key of the TLS certificate in use by the BMC via forced browsing. This can then be abused to perform Man-in-the-Middle (MitM) attacks against victims that access the web interface through HTTPS.4.2https://nvd.nist.gov/vuln/detail/CVE-2023-2538
CVE-2023-22016Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.46 and Prior to 7.0.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 4.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H).4.2https://nvd.nist.gov/vuln/detail/CVE-2023-22016
CVE-2023-21949Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 19.3-19.19 and 21.3-21.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Advanced Networking Option accessible data. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).3.7https://nvd.nist.gov/vuln/detail/CVE-2023-21949
CVE-2023-22036Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Utility). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).3.7https://nvd.nist.gov/vuln/detail/CVE-2023-22036
CVE-2023-22044Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371-perf, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).3.7https://nvd.nist.gov/vuln/detail/CVE-2023-22044
CVE-2023-22045Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).3.7https://nvd.nist.gov/vuln/detail/CVE-2023-22045
CVE-2023-22049Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).3.7https://nvd.nist.gov/vuln/detail/CVE-2023-22049
CVE-2023-22051Vulnerability in the Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: GraalVM Compiler). Supported versions that are affected are Oracle GraalVM Enterprise Edition: 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).3.7https://nvd.nist.gov/vuln/detail/CVE-2023-22051
CVE-2022-27575Information exposure vulnerability in One UI Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission.3.3https://nvd.nist.gov/vuln/detail/CVE-2022-27575
CVE-2022-39885Improper access control vulnerability in BootCompletedReceiver_CMCC in DeviceManagement prior to SMR Nov-2022 Release 1 allows local attacker to access to Device information.3.3https://nvd.nist.gov/vuln/detail/CVE-2022-39885
CVE-2022-39886Improper access control vulnerability in IpcRxServiceModeBigDataInfo in RIL prior to SMR Nov-2022 Release 1 allows local attacker to access Device information.3.3https://nvd.nist.gov/vuln/detail/CVE-2022-39886
CVE-2022-39887Improper access control vulnerability in clearAllGlobalProxy in MiscPolicy prior to SMR Nov-2022 Release 1 allows local attacker to configure EDM setting.3.3https://nvd.nist.gov/vuln/detail/CVE-2022-39887
CVE-2023-3291Heap-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.2.2.3.3https://nvd.nist.gov/vuln/detail/CVE-2023-3291
CVE-2023-30640Improper access control vulnerability in PersonaManagerService prior to SMR Jul-2023 Release 1 allows local attackers to change confiugration.3.3https://nvd.nist.gov/vuln/detail/CVE-2023-30640
CVE-2023-30667Improper access control in Audio system service prior to SMR Jul-2023 Release 1 allows attacker to send broadcast with system privilege.3.3https://nvd.nist.gov/vuln/detail/CVE-2023-30667
CVE-2023-34442Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Camel.This issue affects Apache Camel: from 3.X through <=3.14.8, from 3.18.X through <=3.18.7, from 3.20.X through <= 3.20.5, from 4.X through <= 4.0.0-M3.\n\nUsers should upgrade to 3.14.9, 3.18.8, 3.20.6 or 3.21.0 and for users on Camel 4.x update to 4.0.0-M1\n3.3https://nvd.nist.gov/vuln/detail/CVE-2023-34442
CVE-2022-22302A clear text storage of sensitive information (CWE-312) vulnerability in both FortiGate version 6.4.0 through 6.4.1, 6.2.0 through 6.2.9 and 6.0.0 through 6.0.13 and FortiAuthenticator version 5.5.0 and all versions of 6.1 and 6.0 may allow a local unauthorized party to retrieve the Fortinet private keys used to establish secure communication with both Apple Push Notification and Google Cloud Messaging services, via accessing the files on the filesystem.3.3https://nvd.nist.gov/vuln/detail/CVE-2022-22302
CVE-2023-34117Relative path traversal in the Zoom Client SDK before version 5.15.0 may allow an unauthorized user to enable information disclosure via local access.\n3.3https://nvd.nist.gov/vuln/detail/CVE-2023-34117
CVE-2021-43758Adobe Media Encoder versions 22.0, 15.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious MP4 file.3.3https://nvd.nist.gov/vuln/detail/CVE-2021-43758
CVE-2021-43759Adobe Media Encoder versions 22.0, 15.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious MP4 file.3.3https://nvd.nist.gov/vuln/detail/CVE-2021-43759
CVE-2021-43760Adobe Media Encoder versions 22.0, 15.4.2 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious MOV file.3.3https://nvd.nist.gov/vuln/detail/CVE-2021-43760
CVE-2021-44696Adobe Prelude version 22.1.1 (and earlier) is affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious JPEG file.3.3https://nvd.nist.gov/vuln/detail/CVE-2021-44696
CVE-2023-22006Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).3.1https://nvd.nist.gov/vuln/detail/CVE-2023-22006
CVE-2023-22048Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).3.1https://nvd.nist.gov/vuln/detail/CVE-2023-22048
CVE-2023-22052Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.19 and 21.3-21.10. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java VM accessible data. CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).3.1https://nvd.nist.gov/vuln/detail/CVE-2023-22052
CVE-2023-22038Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).2.7https://nvd.nist.gov/vuln/detail/CVE-2023-22038
CVE-2023-22010Vulnerability in Oracle Essbase (component: Security and Provisioning). The supported version that is affected is 21.4.3.0.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Essbase. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Essbase accessible data. CVSS 3.1 Base Score 2.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N).2.2https://nvd.nist.gov/vuln/detail/CVE-2023-22010
CVE-2023-3269A vulnerability exists in the memory management subsystem of the Linux kernel. The lock handling for accessing and updating virtual memory areas (VMAs) is incorrect, leading to use-after-free problems. This issue can be successfully exploited to execute arbitrary kernel code, escalate containers, and gain root privileges.https://nvd.nist.gov/vuln/detail/CVE-2023-3269
CVE-2022-23447An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in FortiExtender management interface 7.0.0 through 7.0.3, 4.2.0 through 4.2.4, 4.1.1 through 4.1.8, 4.0.0 through 4.0.2, 3.3.0 through 3.3.2, 3.2.1 through 3.2.3, 5.3 all versions may allow an unauthenticated and remote attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests.https://nvd.nist.gov/vuln/detail/CVE-2022-23447
CVE-2023-25606An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-23] in FortiAnalyzer and FortiManager management interface 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4  all versions may allow a remote and authenticated attacker to retrieve arbitrary files from the underlying filesystem via specially crafted web requests.https://nvd.nist.gov/vuln/detail/CVE-2023-25606
CVE-2023-36824Redis is an in-memory database that persists on disk. In Redit 7.0 prior to 7.0.12, extracting key names from a command and a list of arguments may, in some cases, trigger a heap overflow and result in reading random heap memory, heap corruption and potentially remote code execution. Several scenarios that may lead to authenticated users executing a specially crafted `COMMAND GETKEYS` or `COMMAND GETKEYSANDFLAGS`and authenticated users who were set with ACL rules that match key names, executing a specially crafted command that refers to a variadic list of key names. The vulnerability is patched in Redis 7.0.12.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-36824
CVE-2023-3354A flaw was found in the QEMU built-in VNC server. When a client connects to the VNC server, QEMU checks whether the current number of connections crosses a certain threshold and if so, cleans up the previous connection. If the previous connection happens to be in the handshake phase and fails, QEMU cleans up the connection again, resulting in a NULL pointer dereference issue. This could allow a remote unauthenticated client to cause a denial of service.https://nvd.nist.gov/vuln/detail/CVE-2023-3354
CVE-2023-3623A vulnerability was found in Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System up to 20230704. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Duty/AjaxHandle/UploadHandler.ashx of the component Duty Module. The manipulation of the argument Filedata leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-233576. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.https://nvd.nist.gov/vuln/detail/CVE-2023-3623
CVE-2023-3624A vulnerability classified as critical has been found in Nesote Inout Blockchain FiatExchanger 3.0. This affects an unknown part of the file /index.php/coins/update_marketboxslider of the component POST Parameter Handler. The manipulation of the argument marketcurrency leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-233577 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.https://nvd.nist.gov/vuln/detail/CVE-2023-3624
CVE-2023-32693Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The external link feature is susceptible to cross-site scripting. This allows a remote attacker to execute JavaScript code in the context of a currently logged-in user. An attacker could use this vulnerability to make other users endorse or support proposals they have no intention of supporting or endorsing. The problem was patched in versions 0.27.3 and 0.26.6.https://nvd.nist.gov/vuln/detail/CVE-2023-32693
CVE-2023-34089Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The processes filter feature is susceptible to Cross-site scripting. This allows a remote attacker to execute JavaScript code in the context of a currently logged-in user. An attacker could use this vulnerability to make other users endorse or support proposals they have no intention of supporting or endorsing. The problem was patched in version 0.27.3 and 0.26.6.\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-34089
CVE-2023-34090Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. Decidim uses a third-party library named Ransack for filtering certain database collections (e.g., public meetings). By default, this library allows filtering on all data attributes and associations. This allows an unauthenticated remote attacker to exfiltrate non-public data from the underlying database of a Decidim instance (e.g., exfiltrating data from the user table). This issue may lead to Sensitive Data Disclosure. The problem was patched in version 0.27.3.https://nvd.nist.gov/vuln/detail/CVE-2023-34090
CVE-2023-34118Improper privilege management in Zoom Rooms for Windows before version 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access.\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-34118
CVE-2023-34119Insecure temporary file in the installer for Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access.\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-34119
CVE-2023-36536Untrusted search path in the installer for Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access.\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-36536
CVE-2023-36537Improper privilege management in Zoom Rooms for Windows before version 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access.\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-36537
CVE-2023-36538Improper access control in Zoom Rooms for Windows before version 5.15.0 may allow an authenticated user to enable an escalation of privilege via local access.\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-36538
CVE-2023-36825Orchid is a Laravel package that allows application development of back-office applications, admin/user panels, and dashboards. A vulnerability present starting in version 14.0.0-alpha4 and prior to version 14.5.0 is related to the deserialization of untrusted data from the `_state` query parameter, which can result in remote code execution. The issue has been addressed in version 14.5.0. Users are advised to upgrade their software to this version or any subsequent versions that include the patch. There are no known workarounds.https://nvd.nist.gov/vuln/detail/CVE-2023-36825
CVE-2023-37271RestrictedPython is a tool that helps to define a subset of the Python language which allows users to provide a program input into a trusted environment. RestrictedPython does not check access to stack frames and their attributes. Stack frames are accessible within at least generators and generator expressions, which are allowed inside RestrictedPython. Prior to versions 6.1 and 5.3, an attacker with access to a RestrictedPython environment can write code that gets the current stack frame in a generator and then walk the stack all the way beyond the RestrictedPython invocation boundary, thus breaking out of the restricted sandbox and potentially allowing arbitrary code execution in the Python interpreter. All RestrictedPython deployments that allow untrusted users to write Python code in the RestrictedPython environment are at risk. In terms of Zope and Plone, this would mean deployments where the administrator allows untrusted users to create and/or edit objects of type `Script (Python)`, `DTML Method`, `DTML Document` or `Zope Page Template`. This is a non-default configuration and likely to be extremely rare. The problem has been fixed in versions 6.1 and 5.3.https://nvd.nist.gov/vuln/detail/CVE-2023-37271
CVE-2023-3625A vulnerability classified as critical was found in Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System up to 20230706. This vulnerability affects unknown code of the file /Duty/AjaxHandle/Write/UploadFile.ashx of the component Duty Write-UploadFile. The manipulation of the argument Filedata leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-233578 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.https://nvd.nist.gov/vuln/detail/CVE-2023-3625
CVE-2023-3626A vulnerability, which was classified as critical, has been found in Suncreate Mountain Flood Disaster Prevention Monitoring and Early Warning System up to 20230706. This issue affects some unknown processing of the file /Duty/AjaxHandle/UpLoadFloodPlanFile.ashx of the component UpLoadFloodPlanFile. The manipulation of the argument Filedata leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-233579. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.https://nvd.nist.gov/vuln/detail/CVE-2023-3626
CVE-2023-20575\nA potential power side-channel vulnerability in some AMD processors may allow an authenticated attacker to use the power reporting functionality to monitor a program’s execution inside an AMD SEV VM potentially resulting in a leak of sensitive information.\n\n\n\n\n\n\n\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-20575
CVE-2023-37280Pimcore Admin Classic Bundle provides a Backend UI for Pimcore based on the ExtJS framework. An admin who has not setup two factor authentication before is vulnerable for this attack, without need for any form of privilege, causing the application to execute arbitrary scripts/HTML content. This vulnerability has been patched in version 1.0.3.https://nvd.nist.gov/vuln/detail/CVE-2023-37280
CVE-2022-48521An issue was discovered in OpenDKIM through 2.10.3, and 2.11.x through 2.11.0-Beta2. It fails to keep track of ordinal numbers when removing fake Authentication-Results header fields, which allows a remote attacker to craft an e-mail message with a fake sender address such that programs that rely on Authentication-Results from OpenDKIM will treat the message as having a valid DKIM signature when in fact it has none.https://nvd.nist.gov/vuln/detail/CVE-2022-48521
CVE-2023-23756Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in advcomsys.com oneVote component for Joomla. It allows XSS Targeting Non-Script Elements.https://nvd.nist.gov/vuln/detail/CVE-2023-23756
CVE-2023-29406The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send requests containing an invalid Request.Host or Request.URL.Host value.https://nvd.nist.gov/vuln/detail/CVE-2023-29406
CVE-2023-29984Null pointer dereference vulnerability exists in multiple vendors MFPs and printers which implement Debut web server 1.2 or 1.3. Processing a specially crafted request may lead an affected product to a denial-of-service (DoS) condition. As for the affected products/models/versions, see the detailed information provided by each vendor.https://nvd.nist.gov/vuln/detail/CVE-2023-29984
CVE-2023-24491\nA vulnerability has been discovered in the Citrix Secure Access client for Windows\n\n\n\nwhich, if exploited, could allow an attacker with access to an endpoint with Standard User Account that has the vulnerable client installed to escalate their local privileges to that of NT AUTHORITY\\SYSTEM.\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-24491
CVE-2023-24492\nA vulnerability has been discovered in the Citrix Secure Access client for Ubuntu which, if exploited, could allow an attacker to remotely execute code if a victim user opens an attacker-crafted link and accepts further prompts.\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-24492
CVE-2023-3127An unauthenticated user could log into iSTAR Ultra, iSTAR Ultra LT, iSTAR Ultra G2, and iSTAR Edge G2 with administrator rights.https://nvd.nist.gov/vuln/detail/CVE-2023-3127
CVE-2023-37174GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the dump_isom_scene function at /mp4box/filedump.c.https://nvd.nist.gov/vuln/detail/CVE-2023-37174
CVE-2023-37765GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the gf_dump_vrml_sffield function at /lib/libgpac.so.https://nvd.nist.gov/vuln/detail/CVE-2023-37765
CVE-2023-37766GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the gf_isom_remove_user_data function at /lib/libgpac.so.https://nvd.nist.gov/vuln/detail/CVE-2023-37766
CVE-2023-37767GPAC v2.3-DEV-rev381-g817a848f6-master was discovered to contain a segmentation violation in the BM_ParseIndexValueReplace function at /lib/libgpac.so.https://nvd.nist.gov/vuln/detail/CVE-2023-37767
CVE-2023-37196\nA CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command\n('SQL Injection') vulnerability exists that could allow a user already authenticated on DCE to\naccess unauthorized content, change, or delete content, or perform unauthorized actions when\ntampering with the alert settings of endpoints on DCE.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-37196
CVE-2023-37197\n\n\nA CWE-89: Improper Neutralization of Special Elements vulnerability used in an SQL Command\n('SQL Injection') vulnerability exists that could allow a user already authenticated on DCE to\naccess unauthorized content, change, or delete content, or perform unauthorized actions when\ntampering with the mass configuration settings of endpoints on DCE. \n\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-37197
CVE-2023-37198\n\n\n\n\nA CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that\ncould cause remote code execution when an admin user on DCE uploads or tampers with install\npackages. \n\n \n\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-37198
CVE-2023-2762A Use-After-Free vulnerability in SLDPRT file reading procedure exists in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted SLDPRT file.https://nvd.nist.gov/vuln/detail/CVE-2023-2762
CVE-2023-2763Use-After-Free, Out-of-bounds Write and Heap-based Buffer Overflow vulnerabilities exist in the DWG and DXF file reading procedure in SOLIDWORKS Desktop from Release SOLIDWORKS 2021 through Release SOLIDWORKS 2023. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted DWG or DXF file.https://nvd.nist.gov/vuln/detail/CVE-2023-2763
CVE-2023-32200There is insufficient restrictions of called script functions in Apache Jena\n versions 4.8.0 and earlier. It allows a \nremote user to execute javascript via a SPARQL query.\nThis issue affects Apache Jena: from 3.7.0 through 4.8.0.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-32200
CVE-2023-37199\nA CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists that\ncould cause remote code execution when an admin user on DCE tampers with backups which\nare then manually restored. \n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-37199
CVE-2023-37200\nA CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that\ncould cause loss of confidentiality when replacing a project file on the local filesystem and after\nmanual restart of the server. \n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-37200
CVE-2022-48450In bluetooth service, there is a possible missing params check. This could lead to local denial of service with System execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2022-48450
CVE-2022-48451In bluetooth service, there is a possible out of bounds write due to race condition. This could lead to local denial of service with System execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2022-48451
CVE-2023-29414\nA CWE-120: Buffer Copy without Checking Size of Input (Classic Buffer Overflow) vulnerability\nexists that could cause user privilege escalation if a local user sends specific string input to a\nlocal function call.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-29414
CVE-2023-30913In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2023-30913
CVE-2023-30916In DMService, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.https://nvd.nist.gov/vuln/detail/CVE-2023-30916
CVE-2023-30917In DMService, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.https://nvd.nist.gov/vuln/detail/CVE-2023-30917
CVE-2023-30918In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2023-30918
CVE-2023-30922In messaging service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2023-30922
CVE-2023-30923In messaging service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2023-30923
CVE-2023-30924In messaging service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2023-30924
CVE-2023-30925In opm service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2023-30925
CVE-2023-30926In opm service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2023-30926
CVE-2023-30927In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2023-30927
CVE-2023-30928In telephony service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.https://nvd.nist.gov/vuln/detail/CVE-2023-30928
CVE-2023-30929In telephony service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.https://nvd.nist.gov/vuln/detail/CVE-2023-30929
CVE-2023-30930In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2023-30930
CVE-2023-30931In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2023-30931
CVE-2023-30932In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2023-30932
CVE-2023-30933In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2023-30933
CVE-2023-30934In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2023-30934
CVE-2023-30935In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2023-30935
CVE-2023-30936In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2023-30936
CVE-2023-30937In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2023-30937
CVE-2023-30938In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2023-30938
CVE-2023-30939In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2023-30939
CVE-2023-30940In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2023-30940
CVE-2023-30941In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2023-30941
CVE-2023-30942In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2023-30942
CVE-2023-32788In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2023-32788
CVE-2023-32789In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2023-32789
CVE-2023-33879In music service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2023-33879
CVE-2023-33880In music service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2023-33880
CVE-2023-33881In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2023-33881
CVE-2023-33882In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2023-33882
CVE-2023-33883In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2023-33883
CVE-2023-33884In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2023-33884
CVE-2023-33885In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2023-33885
CVE-2023-33886In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2023-33886
CVE-2023-33887In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2023-33887
CVE-2023-33888In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2023-33888
CVE-2023-33903In FM service, there is a possible missing params check. This could lead to local denial of service with System execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2023-33903
CVE-2023-33904In hci_server, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2023-33904
CVE-2023-33905In iwnpi server, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed.https://nvd.nist.gov/vuln/detail/CVE-2023-33905
CVE-2023-3106A NULL pointer dereference vulnerability was found in netlink_dump. This issue can occur when the Netlink socket receives the message(sendmsg) for the XFRM_MSG_GETSA, XFRM_MSG_GETPOLICY type message, and the DUMP flag is set and can cause a denial of service or possibly another unspecified impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is unlikely.https://nvd.nist.gov/vuln/detail/CVE-2023-3106
CVE-2022-42009SpringEL injection in the server agent in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7.\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-42009
CVE-2022-45855SpringEL injection in the metrics source in Apache Ambari version 2.7.0 to 2.7.6 allows a malicious authenticated user to execute arbitrary code remotely. Users are recommended to upgrade to 2.7.7.\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-45855
CVE-2022-46651Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an unauthorized actor to gain access to sensitive information in Connection edit view. This vulnerability is considered low since it requires someone with access to Connection resources specifically updating the connection to exploit it. Users should upgrade to version 2.6.3 or later which has removed the vulnerability.\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-46651
CVE-2023-22887Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to perform unauthorized file access outside the intended directory structure by manipulating the run_id parameter. This vulnerability is considered low since it requires an authenticated user to exploit it. It is recommended to upgrade to a version that is not affectedhttps://nvd.nist.gov/vuln/detail/CVE-2023-22887
CVE-2023-22888Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows an attacker to cause a service disruption by manipulating the run_id parameter. This vulnerability is considered low since it requires an authenticated user to exploit it. It is recommended to upgrade to a version that is not affectedhttps://nvd.nist.gov/vuln/detail/CVE-2023-22888
CVE-2023-30428Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar Broker's Rest Producer allows authenticated user with a custom HTTP header to produce a message to any topic using the broker's admin role.\nThis issue affects Apache Pulsar Brokers: from 2.9.0 through 2.9.5, from 2.10.0 before 2.10.4, 2.11.0.\n\nThe vulnerability is exploitable when an attacker can connect directly to the Pulsar Broker. If an attacker is connecting through the Pulsar Proxy, there is no known way to exploit this authorization vulnerability.\n\nThere are two known risks for affected users. First, an attacker could produce garbage messages to any topic in the cluster. Second, an attacker could produce messages to the topic level policies topic for other tenants and influence topic settings that could lead to exfiltration and/or deletion of messages for other tenants.\n\n2.8 Pulsar Broker users and earlier are unaffected.\n2.9 Pulsar Broker users should upgrade to one of the patched versions.\n2.10 Pulsar Broker users should upgrade to at least 2.10.4.\n2.11 Pulsar Broker users should upgrade to at least 2.11.1.\n3.0 Pulsar Broker users are unaffected.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-30428
CVE-2023-30429Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar.\n\nThis issue affects Apache Pulsar: before 2.10.4, and 2.11.0.\n\nWhen a client connects to the Pulsar Function Worker via the Pulsar Proxy where the Pulsar Proxy uses mTLS authentication to authenticate with the Pulsar Function Worker, the Pulsar Function Worker incorrectly performs authorization by using the Proxy's role for authorization instead of the client's role, which can lead to privilege escalation, especially if the proxy is configured with a superuser role.\n\nThe recommended mitigation for impacted users is to upgrade the Pulsar Function Worker to a patched version.\n\n2.10 Pulsar Function Worker users should upgrade to at least 2.10.4.\n2.11 Pulsar Function Worker users should upgrade to at least 2.11.1.\n3.0 Pulsar Function Worker users are unaffected.\nAny users running the Pulsar Function Worker for 2.9.* and earlier should upgrade to one of the above patched versions.\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-30429
CVE-2023-31007Improper Authentication vulnerability in Apache Software Foundation Apache Pulsar Broker allows a client to stay connected to a broker after authentication data expires if the client connected through the Pulsar Proxy when the broker is configured with authenticateOriginalAuthData=false or if a client connects directly to a broker with a specially crafted connect command when the broker is configured with authenticateOriginalAuthData=false.\n\nThis issue affects Apache Pulsar: through 2.9.4, from 2.10.0 through 2.10.3, 2.11.0.\n\n2.9 Pulsar Broker users should upgrade to at least 2.9.5.\n2.10 Pulsar Broker users should upgrade to at least 2.10.4.\n2.11 Pulsar Broker users should upgrade to at least 2.11.1.\n3.0 Pulsar Broker users are unaffected.\nAny users running the Pulsar Broker for 2.8.* and earlier should upgrade to one of the above patched versions.\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-31007
CVE-2023-35908Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows unauthorized read access to a DAG through the URL. It is recommended to upgrade to a version that is not affectedhttps://nvd.nist.gov/vuln/detail/CVE-2023-35908
CVE-2023-36543Apache Airflow, versions before 2.6.3, has a vulnerability where an authenticated user can use crafted input to make the current request hang. It is recommended to upgrade to a version that is not affectedhttps://nvd.nist.gov/vuln/detail/CVE-2023-36543
CVE-2023-37579Incorrect Authorization vulnerability in Apache Software Foundation Apache Pulsar Function Worker.\n\nThis issue affects Apache Pulsar: before 2.10.4, and 2.11.0.\n\nAny authenticated user can retrieve a source's configuration or a sink's configuration without authorization. Many sources and sinks contain credentials in the configuration, which could lead to leaked credentials. This vulnerability is mitigated by the fact that there is not a known way for an authenticated user to enumerate another tenant's sources or sinks, meaning the source or sink name would need to be guessed in order to exploit this vulnerability.\n\nThe recommended mitigation for impacted users is to upgrade the Pulsar Function Worker to a patched version.\n\n2.10 Pulsar Function Worker users should upgrade to at least 2.10.4.\n2.11 Pulsar Function Worker users should upgrade to at least 2.11.1.\n3.0 Pulsar Function Worker users are unaffected.\nAny users running the Pulsar Function Worker for 2.9.* and earlier should upgrade to one of the above patched versions.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-37579
CVE-2023-37582The RocketMQ NameServer component still has a remote command execution vulnerability as the CVE-2023-33246 issue was not completely fixed in version 5.1.1. \n\nWhen NameServer address are leaked on the extranet and lack permission verification, an attacker can exploit this vulnerability by using the update configuration function on the NameServer component to execute commands as the system users that RocketMQ is running as. \n\nIt is recommended for users to upgrade their NameServer version to 5.1.2 or above for RocketMQ 5.x or 4.9.7 or above for RocketMQ 4.x to prevent these attacks.\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-37582
CVE-2020-20021An issue discovered in MikroTik Router v6.46.3 and earlier allows attacker to cause denial of service via misconfiguration in the SSH daemon.https://nvd.nist.gov/vuln/detail/CVE-2020-20021
CVE-2023-33668DigiExam up to v14.0.2 lacks integrity checks for native modules, allowing attackers to access PII and takeover accounts on shared computers.https://nvd.nist.gov/vuln/detail/CVE-2023-33668
CVE-2023-38061In JetBrains TeamCity before 2023.05.1 stored XSS when using a custom theme was possiblehttps://nvd.nist.gov/vuln/detail/CVE-2023-38061
CVE-2023-38062In JetBrains TeamCity before 2023.05.1 parameters of the "password" type could be shown in the UI in certain composite build configurationshttps://nvd.nist.gov/vuln/detail/CVE-2023-38062
CVE-2023-38063In JetBrains TeamCity before 2023.05.1 stored XSS while running custom builds was possiblehttps://nvd.nist.gov/vuln/detail/CVE-2023-38063
CVE-2023-38064In JetBrains TeamCity before 2023.05.1 build chain parameters of the "password" type could be written to the agent loghttps://nvd.nist.gov/vuln/detail/CVE-2023-38064
CVE-2023-38065In JetBrains TeamCity before 2023.05.1 stored XSS while viewing the build log was possiblehttps://nvd.nist.gov/vuln/detail/CVE-2023-38065
CVE-2023-38066In JetBrains TeamCity before 2023.05.1 reflected XSS via the Referer header was possible during artifact downloadshttps://nvd.nist.gov/vuln/detail/CVE-2023-38066
CVE-2023-38067In JetBrains TeamCity before 2023.05.1 build parameters of the "password" type could be written to the agent loghttps://nvd.nist.gov/vuln/detail/CVE-2023-38067
CVE-2023-38068In JetBrains YouTrack before 2023.1.16597 captcha was not properly validated for Helpdesk formshttps://nvd.nist.gov/vuln/detail/CVE-2023-38068
CVE-2023-38069In JetBrains IntelliJ IDEA before 2023.1.4 license dialog could be suppressed in certain caseshttps://nvd.nist.gov/vuln/detail/CVE-2023-38069
CVE-2023-3595\nWhere this vulnerability exists in the Rockwell Automation 1756 EN2* and 1756 EN3* ControlLogix communication products, it could allow a malicious user to perform remote code execution with persistence on the target system through maliciously crafted CIP messages. This includes the ability to modify, deny, and exfiltrate data passing through the device.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-3595
CVE-2023-3596\nWhere this vulnerability exists in the Rockwell Automation 1756-EN4* Ethernet/IP communication products, it could allow a malicious user to cause a denial of service by asserting the target system through maliciously crafted CIP messages.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-3596
CVE-2023-20207A vulnerability in the logging component of Cisco Duo Authentication Proxy could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system.\r\n\r This vulnerability exists because certain unencrypted credentials are stored. An attacker could exploit this vulnerability by accessing the logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to view sensitive information in clear text.https://nvd.nist.gov/vuln/detail/CVE-2023-20207
CVE-2023-20210A vulnerability in Cisco BroadWorks could allow an authenticated, local attacker to elevate privileges to the root user on an affected device.\r\n\r The vulnerability is due to insufficient input validation by the operating system CLI. An attacker could exploit this vulnerability by issuing a crafted command to the affected system. A successful exploit could allow the attacker to execute commands as the root user. To exploit this vulnerability, an attacker must have valid BroadWorks administrative privileges on the affected device.https://nvd.nist.gov/vuln/detail/CVE-2023-20210
CVE-2023-37455The permission request prompt from the site in the background tab was overlaid on top of the site in the foreground tab. This vulnerability affects Firefox for iOS < 115.https://nvd.nist.gov/vuln/detail/CVE-2023-37455
CVE-2023-37456The session restore helper crashed whenever there was no parameter sent to the message handler. This vulnerability affects Firefox for iOS < 115.https://nvd.nist.gov/vuln/detail/CVE-2023-37456
CVE-2023-3600During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash. This vulnerability affects Firefox < 115.0.2 and Firefox ESR < 115.0.2.https://nvd.nist.gov/vuln/detail/CVE-2023-3600
CVE-2023-37627Code-projects Online Restaurant Management System 1.0 is vulnerable to SQL Injection. Through SQL injection, an attacker can bypass the admin panel and view order records, add items, delete items etc.https://nvd.nist.gov/vuln/detail/CVE-2023-37627
CVE-2023-3618A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service.https://nvd.nist.gov/vuln/detail/CVE-2023-3618
CVE-2023-36266An issue was discovered in Keeper Password Manager for Desktop version 16.10.2, and the KeeperFill Browser Extensions version 16.5.4, allows local attackers to gain sensitive information via plaintext password storage in memory after the user is already logged in, and may persist after logout.https://nvd.nist.gov/vuln/detail/CVE-2023-36266
CVE-2023-37942Jenkins External Monitor Job Type Plugin 206.v9a_94ff0b_4a_10 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.https://nvd.nist.gov/vuln/detail/CVE-2023-37942
CVE-2023-37943Jenkins Active Directory Plugin 2.30 and earlier ignores the "Require TLS" and "StartTls" options and always performs the connection test to Active directory unencrypted, allowing attackers able to capture network traffic between the Jenkins controller and Active Directory servers to obtain Active Directory credentials.https://nvd.nist.gov/vuln/detail/CVE-2023-37943
CVE-2023-37944A missing permission check in Jenkins Datadog Plugin 5.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.https://nvd.nist.gov/vuln/detail/CVE-2023-37944
CVE-2023-37945A missing permission check in Jenkins SAML Single Sign On(SSO) Plugin 2.1.0 through 2.3.0 (both inclusive) allows attackers with Overall/Read permission to download a string representation of the current security realm.https://nvd.nist.gov/vuln/detail/CVE-2023-37945
CVE-2023-37946Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb_1a_20 and earlier does not invalidate the previous session on login.https://nvd.nist.gov/vuln/detail/CVE-2023-37946
CVE-2023-37947Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb_1a_20 and earlier improperly determines that a redirect URL after login is legitimately pointing to Jenkins, allowing attackers to perform phishing attacks.https://nvd.nist.gov/vuln/detail/CVE-2023-37947
CVE-2023-37948Jenkins Oracle Cloud Infrastructure Compute Plugin 1.0.16 and earlier does not validate SSH host keys when connecting OCI clouds, enabling man-in-the-middle attacks.https://nvd.nist.gov/vuln/detail/CVE-2023-37948
CVE-2023-37949A missing permission check in Jenkins Orka by MacStadium Plugin 1.33 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.https://nvd.nist.gov/vuln/detail/CVE-2023-37949
CVE-2023-37950A missing permission check in Jenkins mabl Plugin 0.0.46 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.https://nvd.nist.gov/vuln/detail/CVE-2023-37950
CVE-2023-37951Jenkins mabl Plugin 0.0.46 and earlier does not set the appropriate context for credentials lookup, allowing attackers with Item/Configure permission to access and capture credentials they are not entitled to.https://nvd.nist.gov/vuln/detail/CVE-2023-37951
CVE-2023-37952A cross-site request forgery (CSRF) vulnerability in Jenkins mabl Plugin 0.0.46 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.https://nvd.nist.gov/vuln/detail/CVE-2023-37952
CVE-2023-37953A missing permission check in Jenkins mabl Plugin 0.0.46 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.https://nvd.nist.gov/vuln/detail/CVE-2023-37953
CVE-2023-37954A cross-site request forgery (CSRF) vulnerability in Jenkins Rebuilder Plugin 320.v5a_0933a_e7d61 and earlier allows attackers to rebuild a previous build.https://nvd.nist.gov/vuln/detail/CVE-2023-37954
CVE-2023-37955A cross-site request forgery (CSRF) vulnerability in Jenkins Test Results Aggregator Plugin 1.2.13 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials.https://nvd.nist.gov/vuln/detail/CVE-2023-37955
CVE-2023-37956A missing permission check in Jenkins Test Results Aggregator Plugin 1.2.13 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials.https://nvd.nist.gov/vuln/detail/CVE-2023-37956
CVE-2023-37957A cross-site request forgery (CSRF) vulnerability in Jenkins Pipeline restFul API Plugin 0.11 and earlier allows attackers to connect to an attacker-specified URL, capturing a newly generated JCLI token.https://nvd.nist.gov/vuln/detail/CVE-2023-37957
CVE-2023-37958A cross-site request forgery (CSRF) vulnerability in Jenkins Sumologic Publisher Plugin 2.2.1 and earlier allows attackers to connect to an attacker-specified URL.https://nvd.nist.gov/vuln/detail/CVE-2023-37958
CVE-2023-37959A missing permission check in Jenkins Sumologic Publisher Plugin 2.2.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL.https://nvd.nist.gov/vuln/detail/CVE-2023-37959
CVE-2023-37960Jenkins MathWorks Polyspace Plugin 1.0.5 and earlier allows attackers with Item/Configure permission to send emails with arbitrary files from the Jenkins controller file systems.https://nvd.nist.gov/vuln/detail/CVE-2023-37960
CVE-2023-37961A cross-site request forgery (CSRF) vulnerability in Jenkins Assembla Auth Plugin 1.14 and earlier allows attackers to trick users into logging in to the attacker's account.https://nvd.nist.gov/vuln/detail/CVE-2023-37961
CVE-2023-37962A cross-site request forgery (CSRF) vulnerability in Jenkins Benchmark Evaluator Plugin 1.0.1 and earlier allows attackers to connect to an attacker-specified URL and to check for the existence of directories, `.csv`, and `.ycsb` files on the Jenkins controller file system.https://nvd.nist.gov/vuln/detail/CVE-2023-37962
CVE-2023-37963A missing permission check in Jenkins Benchmark Evaluator Plugin 1.0.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL and to check for the existence of directories, `.csv`, and `.ycsb` files on the Jenkins controller file system.https://nvd.nist.gov/vuln/detail/CVE-2023-37963
CVE-2023-37964A cross-site request forgery (CSRF) vulnerability in Jenkins ElasticBox CI Plugin 5.0.1 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.https://nvd.nist.gov/vuln/detail/CVE-2023-37964
CVE-2023-37965A missing permission check in Jenkins ElasticBox CI Plugin 5.0.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.https://nvd.nist.gov/vuln/detail/CVE-2023-37965
CVE-2023-37628Online Piggery Management System 1.0 is vulnerable to SQL Injection.https://nvd.nist.gov/vuln/detail/CVE-2023-37628
CVE-2023-37629Online Piggery Management System 1.0 is vulnerable to File Upload. An unauthenticated user can upload a php file by sending a POST request to "add-pig.php."https://nvd.nist.gov/vuln/detail/CVE-2023-37629
CVE-2023-37630Online Piggery Management System 1.0 is vulnerable to Cross Site Scripting (XSS). An unauthenticated user can POST JavaScript code to "manage-breed.php" resulting in Persistent XSS.https://nvd.nist.gov/vuln/detail/CVE-2023-37630
CVE-2023-38046A vulnerability exists in Palo Alto Networks PAN-OS software that enables an authenticated administrator with the privilege to commit a specifically created configuration to read local files and resources from the system.https://nvd.nist.gov/vuln/detail/CVE-2023-38046
CVE-2023-3641A vulnerability has been found in khodakhah NodCMS 3.4.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /en/blog-comment-4 of the component POST Request Handler. The manipulation of the argument comment_name/comment_content leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-233887.https://nvd.nist.gov/vuln/detail/CVE-2023-3641
CVE-2023-3642A vulnerability was found in GZ Scripts Vacation Rental Website 1.8 and classified as problematic. Affected by this issue is some unknown functionality of the file /VacationRentalWebsite/property/8/ad-has-principes/ of the component HTTP POST Request Handler. The manipulation of the argument username/title/comment leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-233888.https://nvd.nist.gov/vuln/detail/CVE-2023-3642
CVE-2023-3643A vulnerability was found in Boss Mini 1.4.0 Build 6221. It has been classified as critical. This affects an unknown part of the file boss/servlet/document. The manipulation of the argument path leads to file inclusion. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-233889 was assigned to this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-3643
CVE-2023-3644A vulnerability was found in SourceCodester Service Provider Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /classes/Master.php?f=save_inquiry. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. VDB-233890 is the identifier assigned to this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-3644
CVE-2023-3635GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to denial of service of the Okio client when handling a crafted GZIP archive, by using the GzipSource class.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-3635
CVE-2023-26563The Syncfusion EJ2 Node File Provider 0102271 is vulnerable to filesystem-server.js directory traversal. As a result, an unauthenticated attacker can: - On Windows, list files in any directory, read any file, delete any file, upload any file to any directory accessible by the web server. - On Linux, read any file, download any directory, delete any file, upload any file to any directory accessible by the web server.https://nvd.nist.gov/vuln/detail/CVE-2023-26563
CVE-2023-26564The Syncfusion EJ2 ASPCore File Provider 3ac357f is vulnerable to Models/PhysicalFileProvider.cs directory traversal. As a result, an unauthenticated attacker can list files within a directory, download any file, or upload any file to any directory accessible by the web server.https://nvd.nist.gov/vuln/detail/CVE-2023-26564
CVE-2023-33274The authentication mechanism in PowerShield SNMP Web Pro 1.1 contains a vulnerability that allows unauthenticated users to directly access Common Gateway Interface (CGI) scripts without proper identification or authorization. This vulnerability arises from a lack of proper cookie verification and affects all instances of SNMP Web Pro 1.1 without HTTP Digest authentication enabled, regardless of the password used for the web interface.https://nvd.nist.gov/vuln/detail/CVE-2023-33274
CVE-2021-0948The PVRSRVBridgeGetMultiCoreInfo ioctl in the PowerVR kernel driver can return uninitialized kernel memory to user space. The contents of this memory could contain sensitive information.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-0948
CVE-2023-20918In getPendingIntentLaunchFlags of ActivityOptions.java, there is a possible elevation of privilege due to a confused deputy with no additional execution privileges needed. User interaction is not needed for exploitation.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-20918
CVE-2023-20942In openMmapStream of AudioFlinger.cpp, there is a possible way to record audio without displaying the microphone privacy indicator due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-20942
CVE-2023-21145In updatePictureInPictureMode of ActivityRecord.java, there is a possible bypass of background launch restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-21145
CVE-2023-21238In visitUris of RemoteViews.java, there is a possible leak of images between users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-21238
CVE-2023-21239In visitUris of Notification.java, there is a possible way to leak image data across user boundaries due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-21239
CVE-2023-21240In Policy of Policy.java, there is a possible boot loop due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-21240
CVE-2023-21241In rw_i93_send_to_upper of rw_i93.cc, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-21241
CVE-2023-21243In validateForCommonR1andR2 of PasspointConfiguration.java, there is a possible way to inflate the size of a config file with no limits due to a buffer overflow. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-21243
CVE-2023-21245In showNextSecurityScreenOrFinish of KeyguardSecurityContainerController.java, there is a possible way to access the lock screen during device setup due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-21245
CVE-2023-21246In ShortcutInfo of ShortcutInfo.java, there is a possible way for an app to retain notification listening access due to an uncaught exception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-21246
CVE-2023-21247In getAvailabilityStatus of BluetoothScanningMainSwitchPreferenceController.java, there is a possible way to bypass a device policy restriction due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-21247
CVE-2023-21248In getAvailabilityStatus of WifiScanningMainSwitchPreferenceController.java, there is a possible way to bypass a device policy restriction due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-21248
CVE-2023-21249In multiple functions of OneTimePermissionUserManager.java, there is a possible one-time permission retention due to a permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-21249
CVE-2023-21250In gatt_end_operation of gatt_utils.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-21250
CVE-2023-21251In onCreate of ConfirmDialog.java, there is a possible way to connect to VNP bypassing user's consent due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-21251
CVE-2023-21254In getCurrentState of OneTimePermissionUserManager.java, there is a possible way to hold one-time permissions after the app is being killed due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-21254
CVE-2023-21255In multiple functions of binder.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-21255
CVE-2023-21256In SettingsHomepageActivity.java, there is a possible way to launch arbitrary activities via Settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-21256
CVE-2023-21257In updateSettingsInternalLI of InstallPackageHelper.java, there is a possible way to sideload an app in the work profile due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-21257
CVE-2023-21261In ft_open_face_internal of ftobjs.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-21261
CVE-2023-21262In startInput of AudioPolicyInterfaceImpl.cpp, there is a possible way of erroneously displaying the microphone privacy indicator due to a race condition. This could lead to false user expectations. User interaction is needed for exploitation.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-21262
CVE-2023-21399there is a possible way to bypass cryptographic assurances due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-21399
CVE-2023-21400In multiple functions of io_uring.c, there is a possible kernel memory corruption due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-21400
CVE-2023-34123Use of Hard-coded Cryptographic Key vulnerability in SonicWall GMS, SonicWall Analytics. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-34123
CVE-2023-35691there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with System execution privileges needed. User interaction is not needed for exploitation.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-35691
CVE-2023-35693In incfs_kill_sb of fs/incfs/vfs.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-35693
CVE-2023-35694In DMPixelLogger_ProcessDmCommand of DMPixelLogger.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-35694
CVE-2023-21260In notification access permission dialog box, malicious application can embedded a very long service label that overflow the original user prompt and possibly contains mis-leading information to be appeared as a system message for user confirmation.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-21260
CVE-2023-34124The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-34124
CVE-2023-34125Path Traversal vulnerability in GMS and Analytics allows an authenticated attacker to read arbitrary files from the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-34125
CVE-2023-34126Vulnerability in SonicWall GMS and Analytics allows an authenticated attacker to upload files on the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.https://nvd.nist.gov/vuln/detail/CVE-2023-34126
CVE-2023-34127Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in SonicWall GMS, SonicWall Analytics enables an authenticated attacker to execute arbitrary code with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.https://nvd.nist.gov/vuln/detail/CVE-2023-34127
CVE-2023-34128Tomcat application credentials are hardcoded in SonicWall GMS and Analytics configuration file. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.https://nvd.nist.gov/vuln/detail/CVE-2023-34128
CVE-2023-2190An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.10 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. It may be possible for users to view new commits to private projects in a fork created while the project was public.https://nvd.nist.gov/vuln/detail/CVE-2023-2190
CVE-2023-34129Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in SonicWall GMS and Analytics allows an authenticated remote attacker to traverse the directory and extract arbitrary files using Zip Slip method to any location on the underlying filesystem with root privileges. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-34129
CVE-2023-34130SonicWall GMS and Analytics use outdated Tiny Encryption Algorithm (TEA) with a hardcoded key to encrypt sensitive data. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-34130
CVE-2023-37560Cross-site scripting vulnerability in WRH-300WH-H v2.12 and earlier, and WTC-300HWH v1.09 and earlier allows a remote unauthenticated attacker to inject an arbitrary script.https://nvd.nist.gov/vuln/detail/CVE-2023-37560
CVE-2023-37561Open redirect vulnerability in ELECOM wireless LAN routers and ELECOM wireless LAN repeaters allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted URL. Affected products and versions are as follows: WRH-300WH-H v2.12 and earlier, WTC-300HWH v1.09 and earlier, WTC-C1167GC-B v1.17 and earlier, and WTC-C1167GC-W v1.17 and earlier.\r\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-37561
CVE-2023-37566ELECOM wireless LAN routers WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier allow a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page.https://nvd.nist.gov/vuln/detail/CVE-2023-37566
CVE-2023-37567ELECOM wireless LAN router WRC-1167GHBK3-A v1.24 and earlier allows a remote unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain port of the web management page.https://nvd.nist.gov/vuln/detail/CVE-2023-37567
CVE-2023-37568ELECOM wireless LAN routers WRC-1167GHBK-S v1.03 and earlier, and WRC-1167GEBK-S v1.03 and earlier allow a network-adjacent authenticated attacker to execute an arbitrary command by sending a specially crafted request to the web management page.https://nvd.nist.gov/vuln/detail/CVE-2023-37568
CVE-2023-38197An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.https://nvd.nist.gov/vuln/detail/CVE-2023-38197
CVE-2023-2200An issue has been discovered in GitLab CE/EE affecting all versions starting from 7.14 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows an attacker to inject HTML in an email address field.https://nvd.nist.gov/vuln/detail/CVE-2023-2200
CVE-2023-2576An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. This allowed a developer to remove the CODEOWNERS rules and merge to a protected branch.https://nvd.nist.gov/vuln/detail/CVE-2023-2576
CVE-2023-2620An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.1 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1. A maintainer could modify a webhook URL to leak masked webhook secrets by manipulating other masked portions. This addresses an incomplete fix for CVE-2023-0838.https://nvd.nist.gov/vuln/detail/CVE-2023-2620
CVE-2023-34131Exposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and Analytics enables an unauthenticated attacker to access restricted web pages. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.https://nvd.nist.gov/vuln/detail/CVE-2023-34131
CVE-2023-34132Use of password hash instead of password for authentication vulnerability in SonicWall GMS and Analytics allows Pass-the-Hash attacks. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.https://nvd.nist.gov/vuln/detail/CVE-2023-34132
CVE-2023-34133Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SonicWall GMS and Analytics allows an unauthenticated attacker to extract sensitive information from the application database. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.https://nvd.nist.gov/vuln/detail/CVE-2023-34133
CVE-2023-34134Exposure of sensitive information to an unauthorized actor vulnerability in SonicWall GMS and Analytics allows authenticated attacker to read administrator password hash via a web service call. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-34134
CVE-2023-34135Path Traversal vulnerability in SonicWall GMS and Analytics allows a remote authenticated attacker to read arbitrary files from the underlying file system via web service. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-34135
CVE-2023-34136Vulnerability in SonicWall GMS and Analytics allows unauthenticated attacker to upload files to a restricted location not controlled by the attacker. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.https://nvd.nist.gov/vuln/detail/CVE-2023-34136
CVE-2023-34137SonicWall GMS and Analytics CAS Web Services application use static values for authentication without proper checks leading to authentication bypass vulnerability. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier versions.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-34137
CVE-2023-37562Cross-site request forgery (CSRF) vulnerability in exists in WTC-C1167GC-B v1.17 and earlier, and WTC-C1167GC-W v1.17 and earlier. If a user views a malicious page while logged in, unintended operations may be performed.https://nvd.nist.gov/vuln/detail/CVE-2023-37562
CVE-2023-37563Exposure of sensitive information to an unauthorized actor issue exists in ELECOM wireless LAN routers, which allows a network-adjacent attacker to obtain sensitive information. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier.https://nvd.nist.gov/vuln/detail/CVE-2023-37563
CVE-2023-38198acme.sh before 3.0.6 runs arbitrary commands from a remote server via eval, as exploited in the wild in June 2023.https://nvd.nist.gov/vuln/detail/CVE-2023-38198
CVE-2023-38199coreruleset (aka OWASP ModSecurity Core Rule Set) through 3.3.4 does not block multiple Content-Type headers, which might allow attackers to bypass a WAF with a crafted payload, aka "Content-Type confusion." This occurs when the web application relies on only the last Content-Type header.https://nvd.nist.gov/vuln/detail/CVE-2023-38199
CVE-2023-3362An information disclosure issue in GitLab CE/EE affecting all versions from 16.0 prior to 16.0.6, and version 16.1.0 allows unauthenticated actors to access the import error information if a project was imported from GitHub.https://nvd.nist.gov/vuln/detail/CVE-2023-3362
CVE-2023-3363An information disclosure issue in Gitlab CE/EE affecting all versions from 13.6 prior to 15.11.10, all versions from 16.0 prior to 16.0.6, all versions from 16.1 prior to 16.1.1, resulted in the Sidekiq log including webhook tokens when the log format was set to `default`.https://nvd.nist.gov/vuln/detail/CVE-2023-3363
CVE-2023-3424An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.3 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. A Regular Expression Denial of Service was possible via sending crafted payloads to the preview_markdown endpoint.https://nvd.nist.gov/vuln/detail/CVE-2023-3424
CVE-2023-3444An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.3 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows an attacker to merge arbitrary code into protected branches.https://nvd.nist.gov/vuln/detail/CVE-2023-3444
CVE-2023-37564OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute an arbitrary OS command with a root privilege by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier.https://nvd.nist.gov/vuln/detail/CVE-2023-37564
CVE-2023-37565Code injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent authenticated attacker to execute arbitrary code by sending a specially crafted request. Affected products and versions are as follows: WRC-1167GHBK-S v1.03 and earlier, WRC-1167GEBK-S v1.03 and earlier, WRC-1167FEBK-S v1.04 and earlier, WRC-1167GHBK3-A v1.24 and earlier, and WRC-1167FEBK-A v1.18 and earlier.https://nvd.nist.gov/vuln/detail/CVE-2023-37565
CVE-2023-37415Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Apache Hive Provider.\n\nPatching on top of CVE-2023-35797\nBefore 6.1.2 the proxy_user option can also inject semicolon.\n\nThis issue affects Apache Airflow Apache Hive Provider: before 6.1.2.\n\nIt is recommended updating provider version to 6.1.2 in order to avoid this vulnerability.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-37415
CVE-2023-29449JavaScript preprocessing, webhooks and global scripts can cause uncontrolled CPU, memory, and disk I/O utilization. Preprocessing/webhook/global script configuration and testing are only available to Administrative roles (Admin and Superadmin). Administrative privileges should be typically granted to users who need to perform tasks that require more control over the system. The security risk is limited because not all users have this level of access.https://nvd.nist.gov/vuln/detail/CVE-2023-29449
CVE-2023-29450JavaScript pre-processing can be used by the attacker to gain access to the file system (read-only access on behalf of user "zabbix") on the Zabbix Server or Zabbix Proxy, potentially leading to unauthorized access to sensitive data.https://nvd.nist.gov/vuln/detail/CVE-2023-29450
CVE-2023-29451Specially crafted string can cause a buffer overrun in the JSON parser library leading to a crash of the Zabbix Server or a Zabbix Proxy.https://nvd.nist.gov/vuln/detail/CVE-2023-29451
CVE-2023-29452\nCurrently, geomap configuration (Administration -> General -> Geographical maps) allows using HTML in the field “Attribution text” when selected “Other” Tile provider.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-29452
CVE-2023-29454Stored or persistent cross-site scripting (XSS) is a type of XSS where the attacker first sends the payload to the web application, then the application saves the payload (e.g., in a database or server-side text files), and finally, the application unintentionally executes the payload for every victim visiting its web pages.https://nvd.nist.gov/vuln/detail/CVE-2023-29454
CVE-2023-29455Reflected XSS attacks, also known as non-persistent attacks, occur when a malicious script is reflected off a web application to the victim's browser. The script is activated through a link, which sends a request to a website with a vulnerability that enables execution of malicious scripts.https://nvd.nist.gov/vuln/detail/CVE-2023-29455
CVE-2023-29456URL validation scheme receives input from a user and then parses it to identify its various components. The validation scheme can ensure that all URL components comply with internet standards.\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-29456
CVE-2023-29457Reflected XSS attacks, occur when a malicious script is reflected off a web application to the victim's browser. The script can be activated through Action form fields, which can be sent as request to a website with a vulnerability that enables execution of malicious scripts.https://nvd.nist.gov/vuln/detail/CVE-2023-29457
CVE-2023-29458Duktape is an 3rd-party embeddable JavaScript engine, with a focus on portability and compact footprint. When adding too many values in valstack JavaScript will crash. This issue occurs due to bug in Duktape 2.6 which is an 3rd-party solution that we use.https://nvd.nist.gov/vuln/detail/CVE-2023-29458
CVE-2023-3657A vulnerability, which was classified as critical, has been found in SourceCodester AC Repair and Services System 1.0. This issue affects some unknown processing of the file Master.php?f=save_book of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-234011.https://nvd.nist.gov/vuln/detail/CVE-2023-3657
CVE-2023-22435Experion server may experience a DoS due to a stack overflow when handling a specially crafted message.https://nvd.nist.gov/vuln/detail/CVE-2023-22435
CVE-2023-23585Experion server DoS due to heap overflow occurring during the handling of a specially crafted message for a specific configuration operation.https://nvd.nist.gov/vuln/detail/CVE-2023-23585
CVE-2023-24474Experion server may experience a DoS due to a heap overflow which could occur when handling a specially crafted messagehttps://nvd.nist.gov/vuln/detail/CVE-2023-24474
CVE-2023-24480Controller DoS due to stack overflow when decoding a message from the serverhttps://nvd.nist.gov/vuln/detail/CVE-2023-24480
CVE-2023-25078Server or Console Station DoS due to heap overflow occurring during the handling of a specially crafted message for a specific configuration operation.https://nvd.nist.gov/vuln/detail/CVE-2023-25078
CVE-2023-25178Controller may be loaded with malicious firmware which could enable remote code execution\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-25178
CVE-2023-25770Controller DoS may occur due to buffer overflow when an error is generated in response to a specially crafted message.https://nvd.nist.gov/vuln/detail/CVE-2023-25770
CVE-2023-3658A vulnerability, which was classified as critical, was found in SourceCodester AC Repair and Services System 1.0. Affected is an unknown function of the file Master.php?f=delete_book of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-234012.https://nvd.nist.gov/vuln/detail/CVE-2023-3658
CVE-2023-3659A vulnerability has been found in SourceCodester AC Repair and Services System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file admin/?page=user/manage_user. The manipulation of the argument firstname/middlename leads to cross site scripting. The attack can be launched remotely. The identifier VDB-234013 was assigned to this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-3659
CVE-2023-25948Server information leak of configuration data when an error is generated in response to a specially crafted message.https://nvd.nist.gov/vuln/detail/CVE-2023-25948
CVE-2023-26597Controller DoS due to buffer overflow in the handling of a specially crafted message received by the controller.https://nvd.nist.gov/vuln/detail/CVE-2023-26597
CVE-2023-2003Embedded malicious code vulnerability in Vision1210, in the build 5 of operating system version 4.3, which could allow a remote attacker to store base64-encoded malicious code in the device's data tables via the PCOM protocol, which can then be retrieved by a client and executed on the device.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-2003
CVE-2023-3660A vulnerability was found in Campcodes Retro Cellphone Online Store 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/add_user_modal.php. The manipulation of the argument un leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-234014 is the identifier assigned to this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-3660
CVE-2023-3661A vulnerability was found in SourceCodester AC Repair and Services System 1.0. It has been classified as critical. This affects an unknown part of the file /classes/Master.php?f=save_inquiry. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-234015.https://nvd.nist.gov/vuln/detail/CVE-2023-3661
CVE-2023-31819An issue found in KEISEI STORE Co, Ltd. LIVRE KEISEI v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp function.https://nvd.nist.gov/vuln/detail/CVE-2023-31819
CVE-2023-31820An issue found in Shizutetsu Store v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp function.https://nvd.nist.gov/vuln/detail/CVE-2023-31820
CVE-2023-31822An issue found in Entetsu Store v.13.4.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp Entetsu Store function.https://nvd.nist.gov/vuln/detail/CVE-2023-31822
CVE-2023-31825An issue found in Inageya v.13.4.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp Inageya function.https://nvd.nist.gov/vuln/detail/CVE-2023-31825
CVE-2023-37267Umbraco is a ASP.NET CMS. Under rare conditions a restart of Umbraco can allow unauthorized users access to admin-level permissions. This vulnerability was patched in versions 10.6.1, 11.4.2 and 12.0.1.https://nvd.nist.gov/vuln/detail/CVE-2023-37267
CVE-2022-24834Redis is an in-memory database that persists on disk. A specially crafted Lua script executing in Redis can trigger a heap overflow in the cjson library, and result with heap corruption and potentially remote code execution. The problem exists in all versions of Redis with Lua scripting support, starting from 2.6, and affects only authenticated and authorized users. The problem is fixed in versions 7.0.12, 6.2.13, and 6.0.20.https://nvd.nist.gov/vuln/detail/CVE-2022-24834
CVE-2023-31704Sourcecodester Online Computer and Laptop Store 1.0 is vulnerable to Incorrect Access Control, which allows remote attackers to elevate privileges to the administrator's role.https://nvd.nist.gov/vuln/detail/CVE-2023-31704
CVE-2023-31705A Reflected Cross-site scripting (XSS) vulnerability in Sourcecodester Task Reminder System 1.0 allows an authenticated user to inject malicious javascript into the page parameter.https://nvd.nist.gov/vuln/detail/CVE-2023-31705
CVE-2023-31821An issue found in ALBIS Co. ALBIS v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp ALBIS function.https://nvd.nist.gov/vuln/detail/CVE-2023-31821
CVE-2023-31823An issue found in Marui Co Marui Official app v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp Marui Official Store function.https://nvd.nist.gov/vuln/detail/CVE-2023-31823
CVE-2023-31824An issue found in DERICIA Co. Ltd, DELICIA v.13.6.1 allows a remote attacker to gain access to sensitive information via the channel access token in the miniapp DELICIA function.https://nvd.nist.gov/vuln/detail/CVE-2023-31824
CVE-2023-33768Incorrect signature verification of the firmware during the Device Firmware Update process of Belkin Wemo Smart Plug WSP080 v1.2 allows attackers to cause a Denial of Service (DoS) via a crafted firmware file.https://nvd.nist.gov/vuln/detail/CVE-2023-33768
CVE-2023-37743A cross-site scripting (XSS) vulnerability in Teacher Subject Allocation System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search text box.https://nvd.nist.gov/vuln/detail/CVE-2023-37743
CVE-2023-37744Maid Hiring Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/search-booking-request.php.https://nvd.nist.gov/vuln/detail/CVE-2023-37744
CVE-2023-37745A cross-site scripting (XSS) vulnerability in Maid Hiring Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page Description of the /admin/aboutus.php component.https://nvd.nist.gov/vuln/detail/CVE-2023-37745
CVE-2023-30151A SQL injection vulnerability in the Boxtal (envoimoinscher) module for PrestaShop, after version 3.1.10, allows remote authenticated users to execute arbitrary SQL commands via the `key` GET parameter.https://nvd.nist.gov/vuln/detail/CVE-2023-30151
CVE-2023-35833An issue was discovered in YSoft SAFEQ 6 Server before 6.0.82. When modifying the URL of the LDAP server configuration from LDAPS to LDAP, the system does not require the password to be (re)entered. This results in exposing cleartext credentials when connecting to a rogue LDAP server.https://nvd.nist.gov/vuln/detail/CVE-2023-35833
CVE-2023-37746A cross-site scripting (XSS) vulnerability in Maid Hiring Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title parameter of the /admin/contactus.php component.https://nvd.nist.gov/vuln/detail/CVE-2023-37746
CVE-2023-37785A cross-site scripting (XSS) vulnerability in ImpressCMS v1.4.5 and before allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the smile_code parameter of the component /editprofile.php.https://nvd.nist.gov/vuln/detail/CVE-2023-37785
CVE-2023-37786Multiple cross-site scripting (XSS) vulnerabilities in Geeklog v2.2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Mail Settings[backend], Mail Settings[host], Mail Settings[port] and Mail Settings[auth] parameters of the /admin/configuration.php.https://nvd.nist.gov/vuln/detail/CVE-2023-37786
CVE-2023-37787Multiple cross-site scripting (XSS) vulnerabilities in Geeklog v2.2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Rule and Route parameters of /admin/router.php.https://nvd.nist.gov/vuln/detail/CVE-2023-37787
CVE-2023-30559The configuration from the PCU can be modified without authentication using physical connection to the PCU. \n\n\n\n\n\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-30559
CVE-2022-42045Certain Zemana products are vulnerable to Arbitrary code injection. This affects Watchdog Anti-Malware 4.1.422 and Zemana AntiMalware 3.2.28.https://nvd.nist.gov/vuln/detail/CVE-2022-42045
CVE-2023-30560The configuration from the PCU can be modified without authentication using physical connection to the PCU. \n\n\n\n\n\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-30560
CVE-2023-34458mx-chain-go is the official implementation of the MultiversX blockchain protocol, written in golang. When executing a relayed transaction, if the inner transaction failed, it would have increased the inner transaction's sender account nonce. This could have contributed to a limited DoS attack on a targeted account. The fix is a breaking change so a new flag `RelayedNonceFixEnableEpoch` was needed. This was a strict processing issue while validating blocks on a chain. This vulnerability has been patched in version 1.4.17.https://nvd.nist.gov/vuln/detail/CVE-2023-34458
CVE-2023-30561The data flowing between the PCU and its modules is insecure. A threat actor with physical access could potentially read or modify data by attaching a specially crafted device while an infusion is running.https://nvd.nist.gov/vuln/detail/CVE-2023-30561
CVE-2023-30562A GRE dataset file within Systems Manager can be tampered with and distributed to PCUs. \n\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-30562
CVE-2023-30563A malicious file could be uploaded into a System Manager User Import Function resulting in a hijacked session.https://nvd.nist.gov/vuln/detail/CVE-2023-30563
CVE-2023-30564Alaris Systems Manager does not perform input validation during the Device Import Function.https://nvd.nist.gov/vuln/detail/CVE-2023-30564
CVE-2023-30565An insecure connection between Systems Manager and CQI Reporter application could expose infusion data to an attacker.https://nvd.nist.gov/vuln/detail/CVE-2023-30565
CVE-2023-37463cmark-gfm is an extended version of the C reference implementation of CommonMark, a rationalized version of Markdown syntax with a spec. Three polynomial time complexity issues in cmark-gfm may lead to unbounded resource exhaustion and subsequent denial of service. These vulnerabilities have been patched in 0.29.0.gfm.12.\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-37463
CVE-2023-35945Envoy is a cloud-native high-performance edge/middle/service proxy. Envoy’s HTTP/2 codec may leak a header map and bookkeeping structures upon receiving `RST_STREAM` immediately followed by the `GOAWAY` frames from an upstream server. In nghttp2, cleanup of pending requests due to receipt of the `GOAWAY` frame skips de-allocation of the bookkeeping structure and pending compressed header. The error return [code path] is taken if connection is already marked for not sending more requests due to `GOAWAY` frame. The clean-up code is right after the return statement, causing memory leak. Denial of service through memory exhaustion. This vulnerability was patched in versions(s) 1.26.3, 1.25.8, 1.24.9, 1.23.11.https://nvd.nist.gov/vuln/detail/CVE-2023-35945
CVE-2023-36473Discourse is an open source discussion platform. A CSP (Content Security Policy) nonce reuse vulnerability could allow XSS attacks to bypass CSP protection. There are no known XSS vectors at the moment, but should one be discovered, this vulnerability would allow the XSS attack to completely bypass CSP. The vulnerability is patched in the latest tests-passed, beta and stable branches.\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-36473
CVE-2023-37468Feedbacksystem is a personalized feedback system for students using artificial intelligence. Passwords of users using LDAP login are stored in clear text in the database. The LDAP users password is passed unencrypted in the LoginController.scala and stored in the database when logging in for the first time. Users using only local login or the cas login are not affected. This issue has been patched in version 1.19.2.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-37468
CVE-2023-37598A Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via the delete new virtual fax function.https://nvd.nist.gov/vuln/detail/CVE-2023-37598
CVE-2023-37599An issue in issabel-pbx v.4.0.0-6 allows a remote attacker to obtain sensitive information via the modules directoryhttps://nvd.nist.gov/vuln/detail/CVE-2023-37599
CVE-2023-37839An arbitrary file upload vulnerability in /dede/file_manage_control.php of DedeCMS v5.7.109 allows attackers to execute arbitrary code via uploading a crafted PHP file.https://nvd.nist.gov/vuln/detail/CVE-2023-37839
CVE-2023-37849A DLL hijacking vulnerability in Panda Security VPN for Windows prior to version v15.14.8 allows attackers to execute arbitrary code via placing a crafted DLL file in the same directory as PANDAVPN.exe.https://nvd.nist.gov/vuln/detail/CVE-2023-37849
CVE-2023-37272JS7 is an Open Source Job Scheduler. Users specify file names when uploading files holding user-generated documentation for JOC Cockpit. Specifically crafted file names allow an XSS attack to inject code that is executed with the browser. Risk of the vulnerability is considered high for branch 1.13 of JobScheduler (JS1). The vulnerability does not affect branch 2.x of JobScheduler (JS7) for releases after 2.1.0. The vulnerability is resolved with release 1.13.19.https://nvd.nist.gov/vuln/detail/CVE-2023-37272
CVE-2023-37273Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. Running Auto-GPT version prior to 0.4.3 by cloning the git repo and executing `docker compose run auto-gpt` in the repo root uses a different docker-compose.yml file from the one suggested in the official docker set up instructions. The docker-compose.yml file located in the repo root mounts itself into the docker container without write protection. This means that if malicious custom python code is executed via the `execute_python_file` and `execute_python_code` commands, it can overwrite the docker-compose.yml file and abuse it to gain control of the host system the next time Auto-GPT is started. The issue has been patched in version 0.4.3.https://nvd.nist.gov/vuln/detail/CVE-2023-37273
CVE-2023-37274Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. When Auto-GPT is executed directly on the host system via the provided run.sh or run.bat files, custom Python code execution is sandboxed using a temporary dedicated docker container which should not have access to any files outside of the Auto-GPT workspace directory.\nBefore v0.4.3, the `execute_python_code` command (introduced in v0.4.1) does not sanitize the `basename` arg before writing LLM-supplied code to a file with an LLM-supplied name. This allows for a path traversal attack that can overwrite any .py file outside the workspace directory by specifying a `basename` such as `../../../main.py`. This can further be abused to achieve arbitrary code execution on the host running Auto-GPT by e.g. overwriting autogpt/main.py which will be executed outside of the docker environment meant to sandbox custom python code execution the next time Auto-GPT is started. The issue has been patched in version 0.4.3. As a workaround, the risk introduced by this vulnerability can be remediated by running Auto-GPT in a virtual machine, or another environment in which damage to files or corruption of the program is not a critical problem.https://nvd.nist.gov/vuln/detail/CVE-2023-37274
CVE-2023-37275Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. The Auto-GPT command line UI makes heavy use of color-coded print statements to signify different types of system messages to the user, including messages that are crucial for the user to review and control which commands should be executed. Before v0.4.3, it was possible for a malicious external resource (such as a website browsed by Auto-GPT) to cause misleading messages to be printed to the console by getting the LLM to regurgitate JSON encoded ANSI escape sequences (`\\u001b[`). These escape sequences were JSON decoded and printed to the console as part of the model's "thinking process". The issue has been patched in release version 0.4.3.\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-37275
CVE-2023-37278GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An administrator can trigger SQL injection via dashboards administration. This vulnerability has been patched in version 10.0.9.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-37278
CVE-2023-37836libjpeg commit db33a6e was discovered to contain a reachable assertion via BitMapHook::BitMapHook at bitmaphook.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file.https://nvd.nist.gov/vuln/detail/CVE-2023-37836
CVE-2023-37837libjpeg commit db33a6e was discovered to contain a heap buffer overflow via LineBitmapRequester::EncodeRegion at linebitmaprequester.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file.https://nvd.nist.gov/vuln/detail/CVE-2023-37837
CVE-2023-37466vm2 is an advanced vm/sandbox for Node.js. The library contains critical security issues and should not be used for production. The maintenance of the project has been discontinued. In vm2 for versions up to 3.9.19, `Promise` handler sanitization can be bypassed with `@@species` accessor property allowing attackers to escape the sandbox and run arbitrary code. Remote Code Execution, assuming the attacker has arbitrary code execution primitive inside the context of vm2 sandbox.https://nvd.nist.gov/vuln/detail/CVE-2023-37466
CVE-2023-37714Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromRouteStatic.https://nvd.nist.gov/vuln/detail/CVE-2023-37714
CVE-2023-37715Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function frmL7ProtForm.https://nvd.nist.gov/vuln/detail/CVE-2023-37715
CVE-2023-37716Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0, AC1206 V1.0, AC7 V1.0, AC5 V1.0, and AC9 V3.0 were discovered to contain a stack overflow in the page parameter in the function fromNatStaticSetting.https://nvd.nist.gov/vuln/detail/CVE-2023-37716
CVE-2023-37717Tenda F1202 V1.0BR_V1.2.0.20(408) and FH1202_V1.2.0.19_EN, AC10 V1.0, AC1206 V1.0, AC7 V1.0, AC5 V1.0, and AC9 V3.0 were discovered to contain a stack overflow in the page parameter in the function fromDhcpListClient.https://nvd.nist.gov/vuln/detail/CVE-2023-37717
CVE-2023-37718Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromSafeClientFilter.https://nvd.nist.gov/vuln/detail/CVE-2023-37718
CVE-2023-37719Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromP2pListFilter.https://nvd.nist.gov/vuln/detail/CVE-2023-37719
CVE-2023-37721Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromSafeMacFilter.https://nvd.nist.gov/vuln/detail/CVE-2023-37721
CVE-2023-37722Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromSafeUrlFilter.https://nvd.nist.gov/vuln/detail/CVE-2023-37722
CVE-2023-37723Tenda F1202 V1.0BR_V1.2.0.20(408), FH1202_V1.2.0.19_EN were discovered to contain a stack overflow in the page parameter in the function fromqossetting.https://nvd.nist.gov/vuln/detail/CVE-2023-37723
CVE-2023-3668Improper Encoding or Escaping of Output in GitHub repository froxlor/froxlor prior to 2.0.21.https://nvd.nist.gov/vuln/detail/CVE-2023-3668
CVE-2023-38286Thymeleaf through 3.1.1.RELEASE, as used in spring-boot-admin (aka Spring Boot Admin) through 3.1.1 and other products, allows sandbox bypass via crafted HTML. This may be relevant for SSTI (Server Side Template Injection) and code execution in spring-boot-admin if MailNotifier is enabled and there is write access to environment variables via the UI.https://nvd.nist.gov/vuln/detail/CVE-2023-38286
CVE-2023-3513Improper Privilege Control in RazerCentralSerivce Named Pipe in Razer RazerCentral <=7.11.0.558 on Windows allows a malicious actor with local access to gain SYSTEM privilege via communicating with the named pipe as a low-privilege user and triggering an insecure .NET deserialization.https://nvd.nist.gov/vuln/detail/CVE-2023-3513
CVE-2023-3514Improper Privilege Control in RazerCentralSerivce Named Pipe in Razer RazerCentral <=7.11.0.558 on Windows allows a malicious actor with local access to gain SYSTEM privilege via communicating with the named pipe as a low-privilege user and calling "AddModule" or "UninstallModules" command to execute arbitrary executable file.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-3514
CVE-2023-3648Kafka dissector crash in Wireshark 4.0.0 to 4.0.6 and 3.6.0 to 3.6.14 allows denial of service via packet injection or crafted capture filehttps://nvd.nist.gov/vuln/detail/CVE-2023-3648
CVE-2023-3649iSCSI dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture filehttps://nvd.nist.gov/vuln/detail/CVE-2023-3649
CVE-2023-3672Cross-site Scripting (XSS) - DOM in GitHub repository plaidweb/webmention.js prior to 0.5.5.https://nvd.nist.gov/vuln/detail/CVE-2023-3672
CVE-2023-2975Issue summary: The AES-SIV cipher implementation contains a bug that causes\nit to ignore empty associated data entries which are unauthenticated as\na consequence.\n\nImpact summary: Applications that use the AES-SIV algorithm and want to\nauthenticate empty data entries as associated data can be mislead by removing\nadding or reordering such empty entries as these are ignored by the OpenSSL\nimplementation. We are currently unaware of any such applications.\n\nThe AES-SIV algorithm allows for authentication of multiple associated\ndata entries along with the encryption. To authenticate empty data the\napplication has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with\nNULL pointer as the output buffer and 0 as the input buffer length.\nThe AES-SIV implementation in OpenSSL just returns success for such a call\ninstead of performing the associated data authentication operation.\nThe empty data thus will not be authenticated.\n\nAs this issue does not affect non-empty associated data authentication and\nwe expect it to be rare for an application to use empty associated data\nentries this is qualified as Low severity issue.https://nvd.nist.gov/vuln/detail/CVE-2023-2975
CVE-2023-3433The "nickname" field within Savoir-faire Linux's Jami application is susceptible to a failed state when a user inserts special characters into the field. When present, these special characters, make it so the application cannot create the signature for the user and results in a local denial of service to the application. https://nvd.nist.gov/vuln/detail/CVE-2023-3433
CVE-2023-3434Improper Input Validation in the hyperlink interpretation in Savoir-faire Linux's Jami (version 20222284) on Windows. \n\nThis allows an attacker to send a custom HTML anchor tag to pass a string value to the Windows QRC Handler through the Jami messenger.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-3434
CVE-2023-3673SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.24.https://nvd.nist.gov/vuln/detail/CVE-2023-3673
CVE-2023-36119File upload vulnerability in PHPGurukul Online Security Guards Hiring System v.1.0 allows a remote attacker to execute arbitrary code via a crafted php file to the \\osghs\\admin\\images file.https://nvd.nist.gov/vuln/detail/CVE-2023-36119
CVE-2023-35692In getLocationCache of GeoLocation.java, there is a possible way to send a mock location during an emergency call due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-35692
CVE-2023-32759An issue in Archer Platform before v.6.13 and fixed in 6.12.0.6 and 6.13.0 allows an authenticated attacker to obtain sensitive information via a crafted URL.https://nvd.nist.gov/vuln/detail/CVE-2023-32759
CVE-2023-32760An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to obtain sensitive information via API calls related to data feeds and data publication.https://nvd.nist.gov/vuln/detail/CVE-2023-32760
CVE-2023-32761Cross Site Request Forgery (CSRF) vulnerability in Archer Platform before v.6.13 and fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to execute arbitrary code via a crafted request.https://nvd.nist.gov/vuln/detail/CVE-2023-32761
CVE-2023-37223Cross Site Scripting (XSS) vulnerability in Archer Platform before v.6.13 and fixed in v.6.12.0.6 and v.6.13.0 allows a remote authenticated attacker to execute arbitrary code via a crafted malicious script.https://nvd.nist.gov/vuln/detail/CVE-2023-37223
CVE-2023-37224An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to obtain sensitive information via the log files.https://nvd.nist.gov/vuln/detail/CVE-2023-37224
CVE-2023-38252An out-of-bounds read flaw was found in w3m, in the Strnew_size function in Str.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file.https://nvd.nist.gov/vuln/detail/CVE-2023-38252
CVE-2023-38253An out-of-bounds read flaw was found in w3m, in the growbuf_to_Str function in indep.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file.https://nvd.nist.gov/vuln/detail/CVE-2023-38253
CVE-2023-37474Copyparty is a portable file server. Versions prior to 1.8.2 are subject to a path traversal vulnerability detected in the `.cpr` subfolder. The Path Traversal attack technique allows an attacker access to files, directories, and commands that reside outside the web document root directory. This issue has been addressed in commit `043e3c7d` which has been included in release 1.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-37474
CVE-2023-38325The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options.https://nvd.nist.gov/vuln/detail/CVE-2023-38325
CVE-2023-3633An out-of-bounds write vulnerability in Bitdefender Engines on Windows causes the engine to crash. This issue affects Bitdefender Engines version 7.94791 and lower.https://nvd.nist.gov/vuln/detail/CVE-2023-3633
CVE-2023-37462XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Improper escaping in the document `SkinsCode.XWikiSkinsSheet` leads to an injection vector from view right on that document to programming rights, or in other words, it is possible to execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. The attack works by opening a non-existing page with a name crafted to contain a dangerous payload. It is possible to check if an existing installation is vulnerable. See the linked GHSA for instructions on testing an installation. This issue has been patched in XWiki 14.4.8, 14.10.4 and 15.0-rc-1. Users are advised to upgrade. The fix commit `d9c88ddc` can also be applied manually to the impacted document `SkinsCode.XWikiSkinsSheet` and users unable to upgrade are advised to manually patch their installations.https://nvd.nist.gov/vuln/detail/CVE-2023-37462
CVE-2023-37464OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption (JOSE). The AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag provided in the JWE. The spec says that a fixed length of 16 octets must be applied. Therefore this bug allows an attacker to provide a truncated Authentication Tag and to modify the JWE accordingly. Users should upgrade to a version >= 0.6.2.2. Users unable to upgrade should avoid using AES GCM encryption and replace it with another encryption algorithm (e.g. AES CBC).https://nvd.nist.gov/vuln/detail/CVE-2023-37464
CVE-2023-37472Knowage is an open source suite for business analytics. The application often use user supplied data to create HQL queries without prior sanitization. An attacker can create specially crafted HQL queries that will break subsequent SQL queries generated by the Hibernate engine. The endpoint `_/knowage/restful-services/2.0/documents/listDocument_` calls the `_countBIObjects_` method of the `_BIObjectDAOHibImpl_` object with the user supplied `_label_` parameter without prior sanitization. This can lead to SQL injection in the backing database. Other injections have been identified in the application as well. An authenticated attacker with low privileges could leverage this vulnerability in order to retrieve sensitive information from the database, such as account credentials or business information. This issue has been addressed in version 8.1.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-37472
CVE-2023-37473zenstruck/collections is a set of helpers for iterating/paginating/filtering collections. Passing _callable strings_ (ie `system`) caused the function to be executed. This would result in a limited subset of specific user input being executed as if it were code. This issue has been addressed in commit `f4b1c48820` and included in release version 0.2.1. Users are advised to upgrade. Users unable to upgrade should ensure that user input is not passed to either `EntityRepository::find()` or `query()`.https://nvd.nist.gov/vuln/detail/CVE-2023-37473
CVE-2023-34236Weave GitOps Terraform Controller (aka Weave TF-controller) is a controller for Flux to reconcile Terraform resources in a GitOps way. A vulnerability has been identified in Weave GitOps Terraform Controller which could allow an authenticated remote attacker to view sensitive information. This vulnerability stems from Weave GitOps Terraform Runners (`tf-runner`), where sensitive data is inadvertently printed - potentially revealing sensitive user data in their pod logs. In particular, functions `tfexec.ShowPlan`, `tfexec.ShowPlanRaw`, and `tfexec.Output` are implicated when the `tfexec` object set its `Stdout` and `Stderr` to be `os.Stdout` and `os.Stderr`. An unauthorized remote attacker could exploit this vulnerability by accessing these prints of sensitive information, which may contain configurations or tokens that could be used to gain unauthorized control or access to resources managed by the Terraform controller. A successful exploit could allow the attacker to utilize this sensitive data, potentially leading to unauthorized access or control of the system. This vulnerability has been addressed in Weave GitOps Terraform Controller versions `v0.14.4` and `v0.15.0-rc.5`. Users are urged to upgrade to one of these versions to mitigate the vulnerability. As a temporary measure until the patch can be applied, users can add the environment variable `DISABLE_TF_LOGS` to the tf-runners via the runner pod template of the Terraform Custom Resource. This will prevent the logging of sensitive information and mitigate the risk of this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-34236
CVE-2023-36466Discourse is an open source discussion platform. When editing a topic, there is a vulnerability that enables a user to bypass the topic title validations for things like title length, number of emojis in title and blank topic titles. The issue is patched in the latest stable, beta and tests-passed version of Discourse.\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-36466
CVE-2023-36818Discourse is an open source discussion platform. In affected versions a request to create or update custom sidebar section can cause a denial of service. This issue has been patched in commit `52b003d915`. Users are advised to upgrade. There are no known workarounds for this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-36818
CVE-2023-37268Warpgate is an SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps. When logging in as a user with SSO enabled an attacker may authenticate as an other user. Any user account which does not have a second factor enabled could be compromised. This issue has been addressed in commit `8173f6512a` and in releases starting with version 0.7.3. Users are advised to upgrade. Users unable to upgrade should require their users to use a second factor in authentication.https://nvd.nist.gov/vuln/detail/CVE-2023-37268
CVE-2023-38336netkit-rcp in rsh-client 0.17-24 allows command injection via filenames because /bin/sh is used by susystem, a related issue to CVE-2006-0225, CVE-2019-7283, and CVE-2020-15778.https://nvd.nist.gov/vuln/detail/CVE-2023-38336
CVE-2023-38337rswag before 2.10.1 allows remote attackers to read arbitrary JSON and YAML files via directory traversal, because rswag-api can expose a file that is not the OpenAPI (or Swagger) specification file of a project.https://nvd.nist.gov/vuln/detail/CVE-2023-38337
CVE-2023-37793WAYOS FBM-291W 19.09.11V was discovered to contain a buffer overflow via the component /upgrade_filter.asp.https://nvd.nist.gov/vuln/detail/CVE-2023-37793
CVE-2023-37794WAYOS FBM-291W 19.09.11V was discovered to contain a command injection vulnerability via the component /upgrade_filter.asp.https://nvd.nist.gov/vuln/detail/CVE-2023-37794
CVE-2023-35802IQ Engine before 10.6r1 on Extreme Network AP devices has a Buffer Overflow in the implementation of the CAPWAP protocol that may be exploited to obtain elevated privileges to conduct remote code execution. Access to the internal management interface/subnet is required to conduct the exploit.https://nvd.nist.gov/vuln/detail/CVE-2023-35802
CVE-2023-38349PNP4Nagios through 81ebfc5 lacks CSRF protection in the AJAX controller. This affects 0.6.26.https://nvd.nist.gov/vuln/detail/CVE-2023-38349
CVE-2023-38350PNP4Nagios through 81ebfc5 has stored XSS in the AJAX controller via the basket API and filters. This affects 0.6.26.https://nvd.nist.gov/vuln/detail/CVE-2023-38350
CVE-2023-3678A vulnerability was found in SourceCodester AC Repair and Services System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=delete_inquiry of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-234223.https://nvd.nist.gov/vuln/detail/CVE-2023-3678
CVE-2023-3679A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /classes/Master.php?f=save_inquiry of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-234224.https://nvd.nist.gov/vuln/detail/CVE-2023-3679
CVE-2023-3680A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. This affects an unknown part of the file /classes/Master.php?f=save_item of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-234225 was assigned to this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-3680
CVE-2023-3681A vulnerability classified as problematic was found in Campcodes Retro Cellphone Online Store 1.0. This vulnerability affects unknown code of the file /admin/modal_add_product.php. The manipulation of the argument description leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-234226 is the identifier assigned to this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-3681
CVE-2023-3682A vulnerability, which was classified as critical, was found in Nesote Inout Blockchain EasyPayments 1.0. Affected is an unknown function of the file /index.php/payment/getcoinaddress of the component POST Parameter Handler. The manipulation of the argument coinid leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-234228. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.https://nvd.nist.gov/vuln/detail/CVE-2023-3682
CVE-2023-2268Plane version 0.7.1 allows an unauthenticated attacker to view all stored server files of all users.\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-2268
CVE-2023-2507CleverTap Cordova Plugin version 2.6.2 allows a remote attacker to execute JavaScript code in any application that is opened via a specially constructed deeplink by an attacker.\n\nThis is possible because the plugin does not correctly validate the data coming from the deeplinks before using them.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-2507
CVE-2023-30791Plane version 0.7.1-dev allows an attacker to change the avatar of his profile, which allows uploading files with HTML extension that interprets both HTML and JavaScript.\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-30791
CVE-2021-31294Redis before 6cbea7d allows a replica to cause an assertion failure in a primary server by sending a non-administrative command (specifically, a SET command). NOTE: this was fixed for Redis 6.2.x and 7.x in 2021. Versions before 6.2 were not intended to have safety guarantees related to this.https://nvd.nist.gov/vuln/detail/CVE-2021-31294
CVE-2023-3692Unrestricted Upload of File with Dangerous Type in GitHub repository admidio/admidio prior to 4.2.10.https://nvd.nist.gov/vuln/detail/CVE-2023-3692
CVE-2023-3683A vulnerability has been found in LivelyWorks Articart 2.0.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /items/search. The manipulation of the argument search_term leads to cross site scripting. The attack can be launched remotely. The identifier VDB-234229 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.https://nvd.nist.gov/vuln/detail/CVE-2023-3683
CVE-2023-3684A vulnerability was found in LivelyWorks Articart 2.0.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /change-language/de_DE of the component Base64 Encoding Handler. The manipulation of the argument redirectTo leads to open redirect. The attack may be launched remotely. VDB-234230 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.https://nvd.nist.gov/vuln/detail/CVE-2023-3684
CVE-2023-3685A vulnerability was found in Nesote Inout Search Engine AI Edition 1.1. It has been classified as problematic. This affects an unknown part of the file /index.php. The manipulation of the argument page leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-234231. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.https://nvd.nist.gov/vuln/detail/CVE-2023-3685
CVE-2023-3686A vulnerability was found in Bylancer QuickAI OpenAI 3.8.1. It has been declared as critical. This vulnerability affects unknown code of the file /blog of the component GET Parameter Handler. The manipulation of the argument s leads to sql injection. The attack can be initiated remotely. The identifier of this vulnerability is VDB-234232. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.https://nvd.nist.gov/vuln/detail/CVE-2023-3686
CVE-2023-3687A vulnerability was found in Bylancer QuickVCard 2.1. It has been rated as critical. This issue affects some unknown processing of the file /blog of the component GET Parameter Handler. The manipulation of the argument s leads to sql injection. The attack may be initiated remotely. The identifier VDB-234233 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.https://nvd.nist.gov/vuln/detail/CVE-2023-3687
CVE-2023-3688A vulnerability classified as critical has been found in Bylancer QuickJob 6.1. Affected is an unknown function of the component GET Parameter Handler. The manipulation of the argument keywords/gender leads to sql injection. It is possible to launch the attack remotely. VDB-234234 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.https://nvd.nist.gov/vuln/detail/CVE-2023-3688
CVE-2023-3689A vulnerability classified as critical was found in Bylancer QuickQR 6.3.7. Affected by this vulnerability is an unknown functionality of the file /blog of the component GET Parameter Handler. The manipulation of the argument s leads to sql injection. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-234235. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.https://nvd.nist.gov/vuln/detail/CVE-2023-3689
CVE-2023-3690A vulnerability, which was classified as critical, has been found in Bylancer QuickOrder 6.3.7. Affected by this issue is some unknown functionality of the file /blog of the component GET Parameter Handler. The manipulation of the argument s leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-234236. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.https://nvd.nist.gov/vuln/detail/CVE-2023-3690
CVE-2023-38378The web interface on the RIGOL MSO5000 digital oscilloscope with firmware 00.01.03.00.03 allows remote attackers to execute arbitrary code via shell metacharacters in pass1 to the webcontrol changepwd.cgi application.https://nvd.nist.gov/vuln/detail/CVE-2023-38378
CVE-2023-38379The web interface on the RIGOL MSO5000 digital oscilloscope with firmware 00.01.03.00.03 allows remote attackers to change the admin password via a zero-length pass0 to the webcontrol changepwd.cgi application, i.e., the entered password only needs to match the first zero characters of the saved password.https://nvd.nist.gov/vuln/detail/CVE-2023-38379
CVE-2023-3691A vulnerability, which was classified as problematic, was found in layui up to v2.8.0-rc.16. This affects an unknown part of the component HTML Attribute Handler. The manipulation of the argument title leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 2.8.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-234237 was assigned to this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-3691
CVE-2023-3693A vulnerability classified as critical was found in SourceCodester Life Insurance Management System 1.0. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-234244.https://nvd.nist.gov/vuln/detail/CVE-2023-3693
CVE-2023-30988The IBM i 7.2, 7.3, 7.4, and 7.5 product Facsimile Support for i contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system. IBM X-Force ID: 254016.https://nvd.nist.gov/vuln/detail/CVE-2023-30988
CVE-2023-30989IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain all object access to the host operating system. IBM X-Force ID: 254017.https://nvd.nist.gov/vuln/detail/CVE-2023-30989
CVE-2023-33857IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain system information using a specially crafted query that could aid in further attacks against the system. IBM X-Force ID: 257695.https://nvd.nist.gov/vuln/detail/CVE-2023-33857
CVE-2023-35901IBM Robotic Process Automation 21.0.0 through 21.0.7.6 and 23.0.0 through 23.0.6 is vulnerable to client side validation bypass which could allow invalid changes or values in some fields. IBM X-Force ID: 259380.https://nvd.nist.gov/vuln/detail/CVE-2023-35901
CVE-2023-3694A vulnerability, which was classified as critical, has been found in SourceCodester House Rental and Property Listing 1.0. This issue affects some unknown processing of the file index.php. The manipulation of the argument keywords/location leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-234245 was assigned to this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-3694
CVE-2023-35012IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 with a Federated configuration is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user with SYSADM privileges could overflow the buffer and execute arbitrary code on the system. IBM X-Force ID: 257763.https://nvd.nist.gov/vuln/detail/CVE-2023-35012
CVE-2023-3695A vulnerability classified as critical has been found in Campcodes Beauty Salon Management System 1.0. Affected is an unknown function of the file add-product.php. The manipulation of the argument category leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-234252.https://nvd.nist.gov/vuln/detail/CVE-2023-3695
CVE-2023-3696Prototype Pollution in GitHub repository automattic/mongoose prior to 7.3.4.https://nvd.nist.gov/vuln/detail/CVE-2023-3696
CVE-2022-4952A vulnerability has been found in OmniSharp csharp-language-server-protocol up to 0.19.6 and classified as problematic. This vulnerability affects the function CreateSerializerSettings of the file src/JsonRpc/Serialization/SerializerBase.cs of the component JSON Serializer. The manipulation leads to resource consumption. Upgrading to version 0.19.7 is able to address this issue. The patch is identified as 7fd2219f194a9ef2a8901bb131c5fa12272305ce. It is recommended to upgrade the affected component. VDB-234238 is the identifier assigned to this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2022-4952
CVE-2023-3700Improper Access Control in GitHub repository alextselegidis/easyappointments prior to 1.5.0.https://nvd.nist.gov/vuln/detail/CVE-2023-3700
CVE-2023-26512CWE-502 Deserialization of Untrusted Data at the rabbitmq-connector plugin module in Apache EventMesh (incubating) V1.7.0\\V1.8.0 on windows\\linux\\mac os e.g. platforms allows attackers to send controlled message and \n\nremote code execute via rabbitmq messages. Users can use the code under the master branch in project repo to fix this issue, we will release the new version as soon as possible.https://nvd.nist.gov/vuln/detail/CVE-2023-26512
CVE-2023-22672Cross-Site Request Forgery (CSRF) vulnerability in Mr.Vibe vSlider Multi Image Slider for WordPress plugin <= 4.1.2 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-22672
CVE-2023-23646Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Album Gallery – WordPress Gallery plugin <= 1.4.9 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-23646
CVE-2023-23719Cross-Site Request Forgery (CSRF) vulnerability in Premmerce plugin <= 1.3.17 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-23719
CVE-2023-27606Cross-Site Request Forgery (CSRF) vulnerability in Sajjad Hossain WP Reroute Email plugin <= 1.4.6 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-27606
CVE-2023-27424Cross-Site Request Forgery (CSRF) vulnerability in Korol Yuriy aka Shra Inactive User Deleter plugin <= 1.59 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-27424
CVE-2023-2912Use After Free vulnerability in Secomea SiteManager Embedded allows Obstruction.https://nvd.nist.gov/vuln/detail/CVE-2023-2912
CVE-2022-4023The 3DPrint WordPress plugin before 3.5.6.9 does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious request that will create an archive of any files or directories on the target server by tricking a logged in admin into submitting a form. Furthermore the created archive has a predictable location and name, allowing the attacker to download the file if they know the time at which the form was submitted, making it possible to leak sensitive files like the WordPress configuration containing database credentials and secrets.https://nvd.nist.gov/vuln/detail/CVE-2022-4023
CVE-2023-0439The NEX-Forms WordPress plugin before 8.4.4 does not escape its form name, which could lead to Stored Cross-Site Scripting issues. By default only SuperAdmins (in multisite) / admins (in single site) can create forms, however there is a settings allowing them to give lower roles access to such feature.https://nvd.nist.gov/vuln/detail/CVE-2023-0439
CVE-2023-1893The Login Configurator WordPress plugin through 2.1 does not properly escape a URL parameter before outputting it to the page, leading to a reflected cross-site scripting vulnerability targeting site administrators.https://nvd.nist.gov/vuln/detail/CVE-2023-1893
CVE-2023-2143The Enable SVG, WebP & ICO Upload WordPress plugin through 1.0.3 does not sanitize SVG file contents, leading to a Cross-Site Scripting vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-2143
CVE-2023-2329The WooCommerce Google Sheet Connector WordPress plugin through 1.3.4 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attackhttps://nvd.nist.gov/vuln/detail/CVE-2023-2329
CVE-2023-2330The Caldera Forms Google Sheets Connector WordPress plugin through 1.2 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attackhttps://nvd.nist.gov/vuln/detail/CVE-2023-2330
CVE-2023-2579The InventoryPress WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow users with the role of author and above to perform Stored Cross-Site Scripting attacks.https://nvd.nist.gov/vuln/detail/CVE-2023-2579
CVE-2023-2636The AN_GradeBook WordPress plugin through 5.0.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriberhttps://nvd.nist.gov/vuln/detail/CVE-2023-2636
CVE-2023-2701The Gravity Forms WordPress plugin before 2.7.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high-privileged users such as admin.https://nvd.nist.gov/vuln/detail/CVE-2023-2701
CVE-2023-31216Cross-Site Request Forgery (CSRF) vulnerability in Ultimate Member plugin <= 2.6.0 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-31216
CVE-2023-31852Cudy LT400 1.13.4 is vulnerable to Cross Site Scripting (XSS) in cgi-bin/luci/admin/network/wireless/config via the iface parameter.https://nvd.nist.gov/vuln/detail/CVE-2023-31852
CVE-2023-35038Cross-Site Request Forgery (CSRF) vulnerability in wpexperts.Io WP PDF Generator plugin <= 1.2.2 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-35038
CVE-2023-35089Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Plugins Recipe Maker For Your Food Blog from Zip Recipes plugin <= 8.0.7 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-35089
CVE-2023-35096Cross-Site Request Forgery (CSRF) vulnerability in myCred plugin <= 2.5 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-35096
CVE-2023-35880Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Brands plugin <= 1.6.49 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-35880
CVE-2023-3041The Autochat Automatic Conversation WordPress plugin through 1.1.7 does not sanitise and escape user input before outputting it back on the page, leading to a cross-site Scripting attack.https://nvd.nist.gov/vuln/detail/CVE-2023-3041
CVE-2023-3179The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the manage_postman_smtp capability resend an email to an arbitrary address (for example a password reset email could be resent to an attacker controlled email, and allow them to take over an account).https://nvd.nist.gov/vuln/detail/CVE-2023-3179
CVE-2023-3182The Membership WordPress plugin before 3.2.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as adminhttps://nvd.nist.gov/vuln/detail/CVE-2023-3182
CVE-2023-3186The Popup by Supsystic WordPress plugin before 1.10.19 has a prototype pollution vulnerability that could allow an attacker to inject arbitrary properties into Object.prototype.https://nvd.nist.gov/vuln/detail/CVE-2023-3186
CVE-2023-3245The Floating Chat Widget WordPress plugin before 3.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)https://nvd.nist.gov/vuln/detail/CVE-2023-3245
CVE-2023-3418The Querlo Chatbot WordPress plugin through 1.2.4 does not escape or sanitize chat messages, leading to a stored Cross-Site Scripting vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-3418
CVE-2022-47172Cross-Site Request Forgery (CSRF) vulnerability in HasThemes ShopLentor plugin <= 2.6.2 versions.https://nvd.nist.gov/vuln/detail/CVE-2022-47172
CVE-2023-31851Cudy LT400 1.13.4 is has a cross-site scripting (XSS) vulnerability in /cgi-bin/luci/admin/network/wireless/status via the iface parameter.https://nvd.nist.gov/vuln/detail/CVE-2023-31851
CVE-2023-31853Cudy LT400 1.13.4 is vulnerable Cross Site Scripting (XSS) in /cgi-bin/luci/admin/network/bandwidth via the icon parameter.https://nvd.nist.gov/vuln/detail/CVE-2023-31853
CVE-2023-34005Cross-Site Request Forgery (CSRF) vulnerability in Etoile Web Design Front End Users plugin <= 3.2.24 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-34005
CVE-2023-36511Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Order Barcodes plugin <= 1.6.4 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-36511
CVE-2023-36513Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce AutomateWoo plugin <= 5.7.5 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-36513
CVE-2023-36514Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Shipping Multiple Addresses plugin <= 3.8.5 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-36514
CVE-2023-37968Cross-Site Request Forgery (CSRF) vulnerability in Faboba Falang multilanguage for WordPress plugin <= 1.3.39 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-37968
CVE-2022-36424Cross-Site Request Forgery (CSRF) vulnerability in Nikola Loncar Easy Appointments plugin <= 3.11.9 versions.https://nvd.nist.gov/vuln/detail/CVE-2022-36424
CVE-2022-38062Cross-Site Request Forgery (CSRF) vulnerability in Metagauss Download Theme plugin <= 1.0.9 versions.https://nvd.nist.gov/vuln/detail/CVE-2022-38062
CVE-2023-35818An issue was discovered on Espressif ESP32 3.0 (ESP32_rev300 ROM) devices. An EMFI attack on ECO3 provides the attacker with a capability to influence the PC value at the CPU context level, regardless of Secure Boot and Flash Encryption status. By using this capability, the attacker can exploit another behavior in the chip to gain unauthorized access to the ROM download mode. Access to ROM download mode may be further exploited to read the encrypted flash content in cleartext format or execute stub code.https://nvd.nist.gov/vuln/detail/CVE-2023-35818
CVE-2023-36656Cross Site Scripting (XSS) vulnerability in Jaegertracing Jaeger UI before v.1.31.0 allows a remote attacker to execute arbitrary code via the KeyValuesTable component.https://nvd.nist.gov/vuln/detail/CVE-2023-36656
CVE-2023-37974Cross-Site Request Forgery (CSRF) vulnerability in Justin Klein WP Social AutoConnect plugin <= 4.6.1 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-37974
CVE-2023-37985Cross-Site Request Forgery (CSRF) vulnerability in FiveStarPlugins Restaurant Menu and Food Ordering plugin <= 2.4.6 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-37985
CVE-2023-3577Mattermost fails to properly restrict requests to localhost/intranet during the interactive dialog, which could allow an attacker to perform a limited blind SSRF.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-3577
CVE-2023-3581Mattermost fails to properly validate the origin of a websocket connection allowing a MITM attacker on Mattermost to access the websocket APIs.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-3581
CVE-2023-3582Mattermost fails to verify channel membership when linking a board to a channel allowing a low-privileged authenticated user to link a Board to a private channel they don't have access to, \n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-3582
CVE-2023-3584Mattermost fails to properly check the authorization of POST /api/v4/teams when passing a team override scheme ID in the request, allowing an authenticated attacker with knowledge of a Team Override Scheme ID to create a new team with said team override scheme.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-3584
CVE-2023-3585Mattermost Boards fail to properly validate a board link, allowing an attacker to crash a channel by posting a specially crafted boards link.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-3585
CVE-2023-3586Mattermost fails to disable public Boards after the "Enable Publicly-Shared Boards" configuration option is disabled, resulting in previously-shared public Boards to remain accessible.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-3586
CVE-2023-3587Mattermost fails to properly show information in the UI, allowing a system admin to modify a board state allowing any user with a valid sharing link to join the board with editor access, without the UI showing the updated permissions.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-3587
CVE-2023-3590Mattermost fails to delete card attachments in Boards, allowing an attacker to access deleted attachments.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-3590
CVE-2023-3591Mattermost fails to invalidate previously generated password reset tokens when a new reset token was created.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-3591
CVE-2023-3593Mattermost fails to properly validate markdown, allowing an attacker to crash the server via a specially crafted markdown input.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-3593
CVE-2023-3613Mattermost WelcomeBot plugin fails to to validate the membership status when inviting or adding users to channels allowing guest accounts to be added or invited to channels by default. \n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-3613
CVE-2023-3614Mattermost fails to properly validate a gif image file, allowing an attacker to consume a significant amount of server resources, making the server unresponsive for an extended period of time by linking to specially crafted image file.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-3614
CVE-2023-3615Mattermost iOS app fails to properly validate the server certificate while initializing the TLS connection allowing a network attacker to intercept the WebSockets connection.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-3615
CVE-2021-37386Furukawa 423-41W/AC before v1.1.4 and LD421-21W before v1.3.3 were discovered to contain an HTML injection vulnerability via the serial number update function.https://nvd.nist.gov/vuln/detail/CVE-2021-37386
CVE-2023-34669TOTOLINK CP300+ V5.2cu.7594 contains a Denial of Service vulnerability in function RebootSystem of the file lib/cste_modules/system which can reboot the system.https://nvd.nist.gov/vuln/detail/CVE-2023-34669
CVE-2023-37475Hamba avro is a go lang encoder/decoder implementation of the avro codec specification. In affected versions a well-crafted string passed to avro's `github.com/hamba/avro/v2.Unmarshal()` can throw a `fatal error: runtime: out of memory` which is unrecoverable and can cause denial of service of the consumer of avro. The root cause of the issue is that avro uses part of the input to `Unmarshal()` to determine the size when creating a new slice and hence an attacker may consume arbitrary amounts of memory which in turn may cause the application to crash. This issue has been addressed in commit `b4a402f4` which has been included in release version `2.13.0`. Users are advised to upgrade. There are no known workarounds for this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-37475
CVE-2022-30858An issue was discovered in ngiflib 0.4. There is SEGV in SDL_LoadAnimatedGif when use SDLaffgif. poc : ./SDLaffgif CA_file2_0https://nvd.nist.gov/vuln/detail/CVE-2022-30858
CVE-2023-37791D-Link DIR-619L v2.04(TW) was discovered to contain a stack overflow via the curTime parameter at /goform/formLogin.https://nvd.nist.gov/vuln/detail/CVE-2023-37791
CVE-2023-28864Progress Chef Infra Server before 15.7 allows a local attacker to exploit a /var/opt/opscode/local-mode-cache/backup world-readable temporary backup path to access sensitive information, resulting in the disclosure of all indexed node data, because OpenSearch credentials are exposed. (The data typically includes credentials for additional systems.) The attacker must wait for an admin to run the "chef-server-ctl reconfigure" command.https://nvd.nist.gov/vuln/detail/CVE-2023-28864
CVE-2023-37461Metersphere is an opensource testing framework. Files uploaded to Metersphere may define a `belongType` value with a relative path like `../../../../` which may cause metersphere to attempt to overwrite an existing file in the defined location or to create a new file. Attackers would be limited to overwriting files that the metersphere process has access to. This issue has been addressed in version 2.10.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-37461
CVE-2023-37769stress-test master commit e4c878 was discovered to contain a FPE vulnerability via the component combine_inner at /pixman-combine-float.c.https://nvd.nist.gov/vuln/detail/CVE-2023-37769
CVE-2023-37770faust commit ee39a19 was discovered to contain a stack overflow via the component boxppShared::print() at /boxes/ppbox.cpp.https://nvd.nist.gov/vuln/detail/CVE-2023-37770
CVE-2023-37781An issue in the emqx_sn plugin of EMQX v4.3.8 allows attackers to execute a directory traversal via uploading a crafted .txt file.https://nvd.nist.gov/vuln/detail/CVE-2023-37781
CVE-2021-37384A remote command execution (RCE) vulnerability in the web interface component of Furukawa 423-41W/AC before v1.1.4 and LD421-21W before v1.3.3 allows unauthenticated attackers to send arbitrary commands to the device via unspecified vectors.https://nvd.nist.gov/vuln/detail/CVE-2021-37384
CVE-2023-37265CasaOS is an open-source Personal Cloud system. Due to a lack of IP address verification an unauthenticated attackers can execute arbitrary commands as `root` on CasaOS instances. The problem was addressed by improving the detection of client IP addresses in `391dd7f`. This patch is part of CasaOS 0.4.4. Users should upgrade to CasaOS 0.4.4. If they can't, they should temporarily restrict access to CasaOS to untrusted users, for instance by not exposing it publicly.https://nvd.nist.gov/vuln/detail/CVE-2023-37265
CVE-2023-37266CasaOS is an open-source Personal Cloud system. Unauthenticated attackers can craft arbitrary JWTs and access features that usually require authentication and execute arbitrary commands as `root` on CasaOS instances. This problem was addressed by improving the validation of JWTs in commit `705bf1f`. This patch is part of CasaOS 0.4.4. Users should upgrade to CasaOS 0.4.4. If they can't, they should temporarily restrict access to CasaOS to untrusted users, for instance by not exposing it publicly.https://nvd.nist.gov/vuln/detail/CVE-2023-37266
CVE-2023-38403iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field.https://nvd.nist.gov/vuln/detail/CVE-2023-38403
CVE-2023-38404The XPRTLD web application in Veritas InfoScale Operations Manager (VIOM) before 8.0.0.410 allows an authenticated attacker to upload all types of files to the server. An authenticated attacker can then execute the malicious file to perform command execution on the remote server.https://nvd.nist.gov/vuln/detail/CVE-2023-38404
CVE-2023-38405On Crestron 3-Series Control Systems before 1.8001.0187, crafting and sending a specific BACnet packet can cause a crash.https://nvd.nist.gov/vuln/detail/CVE-2023-38405
CVE-2023-37476OpenRefine is a free, open source tool for data processing. A carefully crafted malicious OpenRefine project tar file can be used to trigger arbitrary code execution in the context of the OpenRefine process if a user can be convinced to import it. The vulnerability exists in all versions of OpenRefine up to and including 3.7.3. Users should update to OpenRefine 3.7.4 as soon as possible. Users unable to upgrade should only import OpenRefine projects from trusted sources.https://nvd.nist.gov/vuln/detail/CVE-2023-37476
CVE-2023-38409An issue was discovered in set_con2fb_map in drivers/video/fbdev/core/fbcon.c in the Linux kernel before 6.2.12. Because an assignment occurs only for the first vc, the fbcon_registered_fb and fbcon_display arrays can be desynchronized in fbcon_mode_deleted (the con2fb_map points at the old fb_info).https://nvd.nist.gov/vuln/detail/CVE-2023-38409
CVE-2023-3724If a TLS 1.3 client gets neither a PSK (pre shared key) extension nor a KSE (key share extension) when connecting to a malicious server, a default predictable buffer gets used for the IKM (Input Keying Material) value when generating the session master secret. Using a potentially known IKM value when generating the session master secret key compromises the key generated, allowing an eavesdropper to reconstruct it and potentially allowing access to or meddling with message contents in the session. This issue does not affect client validation of connected servers, nor expose private key information, but could result in an insecure TLS 1.3 session when not controlling both sides of the connection. wolfSSL recommends that TLS 1.3 client side users update the version of wolfSSL used. \n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-3724
CVE-2023-37479Open Enclave is a hardware-agnostic open source library for developing applications that utilize Hardware-based Trusted Execution Environments, also known as Enclaves. There are two issues that are mitigated in version 0.19.3. First, Open Enclave SDK does not properly sanitize the `MXCSR` register on enclave entry. This makes applications vulnerable to MXCSR Configuration Dependent Timing (MCDT) attacks, where incorrect `MXCSR` values can impact instruction retirement by at most one cycle, depending on the (secret) data operand value. Please find more details in the guidance from Intel in the references. Second, Open Enclave SDK does not sanitize x86's alignment check flag `RFLAGS.AC` on enclave entry. This opens up the possibility for a side-channel attacker to be notified for every unaligned memory access performed by the enclave. The issue has been addressed in version 0.19.3 and the current master branch. Users will need to recompile their applications against the patched libraries to be protected from this vulnerability. There are no known workarounds for this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-37479
CVE-2023-38426An issue was discovered in the Linux kernel before 6.3.4. ksmbd has an out-of-bounds read in smb2_find_context_vals when create_context's name_len is larger than the tag length.https://nvd.nist.gov/vuln/detail/CVE-2023-38426
CVE-2023-38427An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/smb2pdu.c in ksmbd has an integer underflow and out-of-bounds read in deassemble_neg_contexts.https://nvd.nist.gov/vuln/detail/CVE-2023-38427
CVE-2023-38428An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/smb2pdu.c in ksmbd does not properly check the UserName value because it does not consider the address of security buffer, leading to an out-of-bounds read.https://nvd.nist.gov/vuln/detail/CVE-2023-38428
CVE-2023-38429An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/connection.c in ksmbd has an off-by-one error in memory allocation (because of ksmbd_smb2_check_message) that may lead to out-of-bounds access.https://nvd.nist.gov/vuln/detail/CVE-2023-38429
CVE-2023-38430An issue was discovered in the Linux kernel before 6.3.9. ksmbd does not validate the SMB request protocol ID, leading to an out-of-bounds read.https://nvd.nist.gov/vuln/detail/CVE-2023-38430
CVE-2023-38431An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/connection.c in ksmbd does not validate the relationship between the NetBIOS header's length field and the SMB header sizes, via pdu_size in ksmbd_conn_handler_loop, leading to an out-of-bounds read.https://nvd.nist.gov/vuln/detail/CVE-2023-38431
CVE-2023-38432An issue was discovered in the Linux kernel before 6.3.10. fs/smb/server/smb2misc.c in ksmbd does not validate the relationship between the command payload size and the RFC1002 length specification, leading to an out-of-bounds read.https://nvd.nist.gov/vuln/detail/CVE-2023-38432
CVE-2020-36695Incorrect Default Permissions vulnerability in Hitachi Device Manager on Linux (Device Manager Server component), Hitachi Tiered Storage Manager on Linux, Hitachi Replication Manager on Linux, Hitachi Tuning Manager on Linux (Hitachi Tuning Manager server, Hitachi Tuning Manager - Agent for RAID, Hitachi Tuning Manager - Agent for NAS \n\ncomponents), Hitachi Compute Systems Manager on Linux allows File Manipulation.This issue affects Hitachi Device Manager: before 8.8.5-02; Hitachi Tiered Storage Manager: before 8.8.5-02; Hitachi Replication Manager: before 8.8.5-02; Hitachi Tuning Manager: before 8.8.5-02; Hitachi Compute Systems Manager: before 8.8.3-08.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-36695
CVE-2021-43072A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiAnalyzer version 7.0.2 and below, version 6.4.7 and below, version 6.2.9 and below, version 6.0.11 and below, version 5.6.11 and below, FortiManager version 7.0.2 and below, version 6.4.7 and below, version 6.2.9 and below, version 6.0.11 and below, version 5.6.11 and below, FortiOS version 7.0.0 through 7.0.4, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.x and FortiProxy version 7.0.0 through 7.0.3, 2.0.0 through 2.0.8, 1.2.x, 1.1.x and 1.0.x allows attacker to execute unauthorized code or commands via crafted CLI `execute restore image` and `execute certificate remote` operations with the tFTP protocol.https://nvd.nist.gov/vuln/detail/CVE-2021-43072
CVE-2022-4146Expression Language Injection vulnerability in Hitachi Replication Manager on Windows, Linux, Solaris allows Code Injection.This issue affects Hitachi Replication Manager: before 8.8.5-02.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-4146
CVE-2023-31998A heap overflow vulnerability found in EdgeRouters and Aircubes allows a malicious actor to interrupt UPnP service to said devices.https://nvd.nist.gov/vuln/detail/CVE-2023-31998
CVE-2023-34142Cleartext Transmission of Sensitive Information vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Server, Device Manager Agent, Host Data Collector components) allows Interception.This issue affects Hitachi Device Manager: before 8.8.5-02.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-34142
CVE-2023-34143Improper Validation of Certificate with Host Mismatch vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Server, Device Manager Agent, Host Data Collector components) allows Man in the Middle Attack.This issue affects Hitachi Device Manager: before 8.8.5-02.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-34143
CVE-2023-38434xHTTP 72f812d has a double free in close_connection in xhttp.c via a malformed HTTP request method.https://nvd.nist.gov/vuln/detail/CVE-2023-38434
CVE-2015-10122A vulnerability was found in wp-donate Plugin up to 1.4 on WordPress. It has been classified as critical. This affects an unknown part of the file includes/donate-display.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. Upgrading to version 1.5 is able to address this issue. The identifier of the patch is 019114cb788d954c5d1b36d6c62418619e93a757. It is recommended to upgrade the affected component. The identifier VDB-234249 was assigned to this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2015-10122
CVE-2022-45828Cross-Site Request Forgery (CSRF) vulnerability in NooTheme Noo Timetable plugin <= 2.1.3 versions.https://nvd.nist.gov/vuln/detail/CVE-2022-45828
CVE-2022-46857Cross-Site Request Forgery (CSRF) vulnerability in SiteAlert plugin <= 1.9.7 versions.https://nvd.nist.gov/vuln/detail/CVE-2022-46857
CVE-2023-25473Cross-Site Request Forgery (CSRF) vulnerability in Miro Mannino Flickr Justified Gallery plugin <= 3.5 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-25473
CVE-2023-25475Cross-Site Request Forgery (CSRF) vulnerability in Vladimir Prelovac Smart YouTube PRO plugin <= 4.3 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-25475
CVE-2023-25482Cross-Site Request Forgery (CSRF) vulnerability in Mike Martel WP Tiles plugin <= 1.1.2 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-25482
CVE-2023-3743Ap Page Builder, in versions lower than 1.7.8.2, could allow a remote attacker to send a specially crafted SQL query to the product_one_img parameter to retrieve the information stored in the database.\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-3743
CVE-2018-25088A vulnerability, which was classified as critical, was found in Blue Yonder postgraas_server up to 2.0.0b2. Affected is the function _create_pg_connection/create_postgres_db of the file postgraas_server/backends/postgres_cluster/postgres_cluster_driver.py of the component PostgreSQL Backend Handler. The manipulation leads to sql injection. Upgrading to version 2.0.0 is able to address this issue. The patch is identified as 7cd8d016edc74a78af0d81c948bfafbcc93c937c. It is recommended to upgrade the affected component. VDB-234246 is the identifier assigned to this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2018-25088
CVE-2022-47169Cross-Site Request Forgery (CSRF) vulnerability in StaxWP Visibility Logic for Elementor plugin <= 2.3.4 versions.https://nvd.nist.gov/vuln/detail/CVE-2022-47169
CVE-2023-23660Auth. (subscriber+) SQL Injection (SQLi) vulnerability in MainWP MainWP Maintenance Extension plugin <= 4.1.1 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-23660
CVE-2023-25036Cross-Site Request Forgery (CSRF) vulnerability in akhlesh-nagar, a.Ankit Social Media Icons Widget plugin <= 1.6 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-25036
CVE-2023-37386Cross-Site Request Forgery (CSRF) vulnerability in Media Library Helper plugin <= 1.2.0 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-37386
CVE-2023-37387Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme Classified Listing plugin <= 2.4.5 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-37387
CVE-2023-37889Cross-Site Request Forgery (CSRF) vulnerability in WPAdmin WPAdmin AWS CDN plugin <= 2.0.13 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-37889
CVE-2023-37892Cross-Site Request Forgery (CSRF) vulnerability in Kemal YAZICI - PluginPress Shortcode IMDB plugin <= 6.0.8 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-37892
CVE-2023-37973Cross-Site Request Forgery (CSRF) vulnerability in David Pokorny Replace Word plugin <= 2.1 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-37973
CVE-2020-23909Heap-based buffer over-read in function png_convert_4 in file pngex.cc in AdvanceMAME through 2.1.https://nvd.nist.gov/vuln/detail/CVE-2020-23909
CVE-2020-23910Stack-based buffer overflow vulnerability in asn1c through v0.9.28 via function genhash_get in genhash.c.https://nvd.nist.gov/vuln/detail/CVE-2020-23910
CVE-2020-23911An issue was discovered in asn1c through v0.9.28. A NULL pointer dereference exists in the function _default_error_logger() located in asn1fix.c. It allows an attacker to cause Denial of Service.https://nvd.nist.gov/vuln/detail/CVE-2020-23911
CVE-2021-32256An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. It is a stack-overflow issue in demangle_type in rust-demangle.c.https://nvd.nist.gov/vuln/detail/CVE-2021-32256
CVE-2021-33294In elfutils 0.183, an infinite loop was found in the function handle_symtab in readelf.c .Which allows attackers to cause a denial of service (infinite loop) via crafted file.https://nvd.nist.gov/vuln/detail/CVE-2021-33294
CVE-2021-34119A flaw was discovered in htmodoc 1.9.12 in function parse_paragraph in ps-pdf.cxx ,this flaw possibly allows possible code execution and a denial of service via a crafted file.https://nvd.nist.gov/vuln/detail/CVE-2021-34119
CVE-2021-34121An Out of Bounds flaw was discovered in htmodoc 1.9.12 in function parse_tree() in toc.cxx, this possibly leads to memory layout information leaking in the data. This might be used in a chain of vulnerability in order to reach code execution.https://nvd.nist.gov/vuln/detail/CVE-2021-34121
CVE-2021-34123An issue was discovered on atasm, version 1.09. A stack-buffer-overflow vulnerability in function aprintf() in asm.c allows attackers to execute arbitrary code on the system via a crafted file.https://nvd.nist.gov/vuln/detail/CVE-2021-34123
CVE-2022-26563An issue was discovered in Tildeslash Monit before 5.31.0, allows remote attackers to gain escilated privlidges due to improper PAM-authorization.https://nvd.nist.gov/vuln/detail/CVE-2022-26563
CVE-2022-33064An off-by-one error in function wav_read_header in src/wav.c in Libsndfile 1.1.0, results in a write out of bound, which allows an attacker to execute arbitrary code, Denial of Service or other unspecified impacts.https://nvd.nist.gov/vuln/detail/CVE-2022-33064
CVE-2022-33065Multiple signed integers overflow in function au_read_header in src/au.c and in functions mat4_open and mat4_read_header in src/mat4.c in Libsndfile, allows an attacker to cause Denial of Service or other unspecified impacts.https://nvd.nist.gov/vuln/detail/CVE-2022-33065
CVE-2022-34155Improper Authentication vulnerability in miniOrange OAuth Single Sign On – SSO (OAuth Client) plugin allows Authentication Bypass.This issue affects OAuth Single Sign On – SSO (OAuth Client): from n/a through 6.23.3.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-34155
CVE-2022-41409Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.https://nvd.nist.gov/vuln/detail/CVE-2022-41409
CVE-2022-47085An issue was discovered in ostree before 2022.7 allows attackers to cause a denial of service or other unspecified impacts via the print_panic function in repo_checkout_filter.rs.https://nvd.nist.gov/vuln/detail/CVE-2022-47085
CVE-2023-30906The vulnerability could be locally exploited to allow escalation of privilege.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-30906
CVE-2023-32965Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CRUDLab Jazz Popups plugin <= 1.8.7 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-32965
CVE-2020-36762A vulnerability was found in ONS Digital RAS Collection Instrument up to 2.0.27 and classified as critical. Affected by this issue is the function jobs of the file .github/workflows/comment.yml. The manipulation of the argument $COMMENT_BODY leads to os command injection. Upgrading to version 2.0.28 is able to address this issue. The name of the patch is dcaad2540f7d50c512ff2e031d3778dd9337db2b. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-234248.https://nvd.nist.gov/vuln/detail/CVE-2020-36762
CVE-2022-47421Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Repute InfoSystems ARMember (free), Repute InfoSystems ARMember (premium) plugins.https://nvd.nist.gov/vuln/detail/CVE-2022-47421
CVE-2023-24390Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WeSecur Security plugin <= 1.2.1 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-24390
CVE-2023-31441In NATO Communications and Information Agency anet (aka Advisor Network) through 3.3.0, an attacker can provide a crafted JSON file to sanitizeJson and cause an exception. This is related to the U+FFFD Unicode replacement character. A for loop does not consider that a data structure is being modified during loop execution.https://nvd.nist.gov/vuln/detail/CVE-2023-31441
CVE-2023-36383Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce plugin <= 3.9.5 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-36383
CVE-2023-36384Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CodePeople Booking Calendar Contact Form plugin <= 1.2.40 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-36384
CVE-2023-2263\nThe Rockwell Automation Kinetix 5700 DC Bus Power Supply Series A is vulnerable to CIP fuzzing.  The new ENIP connections cannot be established if impacted by this vulnerability,  which prohibits operational capabilities of the device resulting in a denial-of-service attack.\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-2263
CVE-2023-33265In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, executor services don't check client permissions properly, allowing authenticated users to execute tasks on members without the required permissions granted.https://nvd.nist.gov/vuln/detail/CVE-2023-33265
CVE-2023-34035Spring Security versions 5.8 prior to 5.8.5, 6.0 prior to 6.0.5, and 6.1 prior to 6.1.2 could be susceptible to authorization rule misconfiguration if the application uses requestMatchers(String) and multiple servlets, one of them being Spring MVC’s DispatcherServlet. (DispatcherServlet is a Spring MVC component that maps HTTP endpoints to methods on @Controller-annotated classes.)\n\nSpecifically, an application is vulnerable when all of the following are true:\n\n * Spring MVC is on the classpath\n * Spring Security is securing more than one servlet in a single application (one of them being Spring MVC’s DispatcherServlet)\n * The application uses requestMatchers(String) to refer to endpoints that are not Spring MVC endpoints\n\n\nAn application is not vulnerable if any of the following is true:\n\n * The application does not have Spring MVC on the classpath\n * The application secures no servlets other than Spring MVC’s DispatcherServlet\n * The application uses requestMatchers(String) only for Spring MVC endpoints\n\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-34035
CVE-2021-4428A vulnerability has been found in what3words Autosuggest Plugin up to 4.0.0 on WordPress and classified as problematic. Affected by this vulnerability is the function enqueue_scripts of the file w3w-autosuggest/public/class-w3w-autosuggest-public.php of the component Setting Handler. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version 4.0.1 is able to address this issue. The patch is named dd59cbac5f86057d6a73b87007c08b8bfa0c32ac. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-234247.https://nvd.nist.gov/vuln/detail/CVE-2021-4428
CVE-2023-0160A deadlock flaw was found in the Linux kernel’s BPF subsystem. This flaw allows a local user to potentially crash the system.https://nvd.nist.gov/vuln/detail/CVE-2023-0160
CVE-2023-33231XSS attack was possible in DPA 2023.2 due to insufficient input validationhttps://nvd.nist.gov/vuln/detail/CVE-2023-33231
CVE-2023-37259matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. The Export Chat feature includes certain attacker-controlled elements in the generated document without sufficient escaping, leading to stored Cross site scripting (XSS). Since the Export Chat feature generates a separate document, an attacker can only inject code run from the `null` origin, restricting the impact. However, the attacker can still potentially use the XSS to leak message contents. A malicious homeserver is a potential attacker since the affected inputs are controllable server-side. This issue has been addressed in commit `22fcd34c60` which is included in release version 3.76.0. Users are advised to upgrade. The only known workaround for this issue is to disable or to not use the Export Chat feature.https://nvd.nist.gov/vuln/detail/CVE-2023-37259
CVE-2020-22159EVERTZ devices 3080IPX exe-guest-v1.2-r26125, 7801FC 1.3 Build 27, and 7890IXG V494 are vulnerable to Arbitrary File Upload, allowing an authenticated attacker to upload a webshell or overwrite any critical system files.https://nvd.nist.gov/vuln/detail/CVE-2020-22159
CVE-2021-37522SQL injection vulnerability in HKing2802 Locke-Bot 2.0.2 allows remote attackers to run arbitrary SQL commands via crafted string to /src/db.js, /commands/mute.js, /modules/event/messageDelete.js.https://nvd.nist.gov/vuln/detail/CVE-2021-37522
CVE-2023-28019Insufficient validation in Bigfix WebUI API App site version < 14 allows an authenticated WebUI user to issue SQL queries via an unparameterized SQL query.\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-28019
CVE-2023-33312Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wppal Easy Captcha plugin <= 1.0 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-33312
CVE-2023-33329Auth. (admin+) Reflected Cross-Site Scripting (XSS) vulnerability in Hijiri Custom Post Type Generator plugin <= 2.4.2 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-33329
CVE-2023-33871Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a directory traversal vulnerability that could allow an unauthenticated user to directly access any file outside the webroot.https://nvd.nist.gov/vuln/detail/CVE-2023-33871
CVE-2023-34329\nAMI SPx contains a vulnerability in BMC where a User may cause an authentication bypass by spoofing the HTTP header. A successful exploit of this vulnerability may lead to loss of confidentiality, integrity, and availability.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-34329
CVE-2023-34330\nAMI SPx contains a vulnerability in the BMC where a User may cause a improper control of generation of code by Dynamic Redfish Extension. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability. https://nvd.nist.gov/vuln/detail/CVE-2023-34330
CVE-2023-35189Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a remote \ncode execution vulnerability that could allow an unauthenticated user to\n upload a malicious payload and execute it.\n\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-35189
CVE-2023-35763Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a cryptographic vulnerability that could allow an unauthenticated user to decrypt encrypted passwords into plaintext.https://nvd.nist.gov/vuln/detail/CVE-2023-35763
CVE-2023-36669Missing Authentication for a Critical Function within the Kratos NGC Indoor Unit (IDU) before 11.4 allows remote attackers to obtain arbitrary control of the IDU/ODU system. Any attacker with layer-3 network access to the IDU can impersonate the Touch Panel Unit (TPU) within the IDU by sending crafted TCP requests to the IDU.https://nvd.nist.gov/vuln/detail/CVE-2023-36669
CVE-2023-38257Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to an insecure direct object reference vulnerability that could allow an unauthenticated user to view profile information, including user login names and encrypted passwords.https://nvd.nist.gov/vuln/detail/CVE-2023-38257
CVE-2023-28020 URL redirection in Login page in HCL BigFix WebUI allows malicious user to redirect the client browser to an external site via redirect URL response header.\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-28020
CVE-2023-28021The BigFix WebUI uses weak cipher suites.\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-28021
CVE-2023-30153An SQL injection vulnerability in the Payplug (payplug) module for PrestaShop, in versions 3.6.0, 3.6.1, 3.6.2, 3.6.3, 3.7.0 and 3.7.1, allows remote attackers to execute arbitrary SQL commands via the ajax.php front controller.https://nvd.nist.gov/vuln/detail/CVE-2023-30153
CVE-2023-30383TP-LINK Archer C50v2 Archer C50(US)_V2_160801, TP-LINK Archer C20v1 Archer_C20_V1_150707, and TP-LINK Archer C2v1 Archer_C2_US__V1_170228 were discovered to contain a buffer overflow which may lead to a Denial of Service (DoS) when parsing crafted data.https://nvd.nist.gov/vuln/detail/CVE-2023-30383
CVE-2023-36670A remotely exploitable command injection vulnerability was found on the Kratos NGC-IDU 9.1.0.4. An attacker can execute arbitrary Linux commands as root by sending crafted TCP requests to the device.https://nvd.nist.gov/vuln/detail/CVE-2023-36670
CVE-2023-374771Panel is an open source Linux server operation and maintenance management panel. An OS command injection vulnerability exists in 1Panel firewall functionality. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. 1Panel firewall functionality `/hosts/firewall/ip` endpoint read user input without validation, the attacker extends the default functionality of the application, which execute system commands. An attacker can execute arbitrary code on the target system, which can lead to a complete compromise of the system. This issue has been addressed in commit `e17b80cff49` which is included in release version `1.4.3`. Users are advised to upgrade. There are no known workarounds for this vulnerability.\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-37477
CVE-2023-37480Fides is an open-source privacy engineering platform for managing data privacy requests and privacy regulations. The Fides webserver is vulnerable to a type of Denial of Service (DoS) attack. Attackers can exploit a weakness in the connector template upload feature to upload a malicious zip bomb file, resulting in resource exhaustion and service unavailability for all users of the Fides webserver. This vulnerability affects Fides versions `2.11.0` through `2.15.1`. Exploitation is limited to users with elevated privileges with the `CONNECTOR_TEMPLATE_REGISTER` scope, which includes root users and users with the owner role. The vulnerability has been patched in Fides version `2.16.0`. Users are advised to upgrade to this version or later to secure their systems against this threat. There is no known workaround to remediate this vulnerability without upgrading. If an attack occurs, the impact can be mitigated by manually or automatically restarting the affected container.\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-37480
CVE-2023-37481Fides is an open-source privacy engineering platform for managing data privacy requests and privacy regulations. The Fides webserver is vulnerable to a type of Denial of Service (DoS) attack. Attackers can exploit this vulnerability to upload zip files containing malicious SVG bombs (similar to a billion laughs attack), causing resource exhaustion in Admin UI browser tabs and creating a persistent denial of service of the 'new connector' page (`datastore-connection/new`). This vulnerability affects Fides versions `2.11.0` through `2.15.1`. Exploitation is limited to users with elevated privileges with the `CONNECTOR_TEMPLATE_REGISTER` scope, which includes root users and users with the owner role. The vulnerability has been patched in Fides version `2.16.0`. Users are advised to upgrade to this version or later to secure their systems against this threat. There is no known workaround to remediate this vulnerability without upgrading.https://nvd.nist.gov/vuln/detail/CVE-2023-37481
CVE-2023-37758D-LINK DIR-815 v1.01 was discovered to contain a buffer overflow via the component /web/captcha.cgi.https://nvd.nist.gov/vuln/detail/CVE-2023-37758
CVE-2023-37788goproxy v1.1 was discovered to contain an issue which can lead to a Denial of service (DoS) via unspecified vectors.https://nvd.nist.gov/vuln/detail/CVE-2023-37788
CVE-2023-28023A cross site request forgery vulnerability in the BigFix WebUI Software Distribution interface site version 44 and before allows an NMO attacker to access files on server side systems (server machine and all the ones in its network). \nhttps://nvd.nist.gov/vuln/detail/CVE-2023-28023
CVE-2023-2913\nAn executable used in Rockwell Automation ThinManager ThinServer can be configured to enable an API feature in the HTTPS Server Settings. This feature is disabled by default. When the API is enabled and handling requests, a path traversal vulnerability exists that allows a remote actor to leverage the privileges of the server’s file system and read arbitrary files stored in it. A malicious user could exploit this vulnerability by executing a path that contains manipulating variables.\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-2913
CVE-2023-37139ChakraCore branch master cbb9b was discovered to contain a stack overflow vulnerability via the function Js::ScopeSlots::IsDebuggerScopeSlotArray().https://nvd.nist.gov/vuln/detail/CVE-2023-37139
CVE-2023-37140ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function Js::DiagScopeVariablesWalker::GetChildrenCount().https://nvd.nist.gov/vuln/detail/CVE-2023-37140
CVE-2023-37141ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function Js::ProfilingHelpers::ProfiledNewScArray().https://nvd.nist.gov/vuln/detail/CVE-2023-37141
CVE-2023-37142ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function Js::EntryPointInfo::HasInlinees().https://nvd.nist.gov/vuln/detail/CVE-2023-37142
CVE-2023-37143ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function BackwardPass::IsEmptyLoopAfterMemOp().https://nvd.nist.gov/vuln/detail/CVE-2023-37143
CVE-2023-22505This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22505 was introduced in version 8.0.0 of Confluence Data Center & Server.\n\nThis RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and no user interaction.\n\nAtlassian recommends that you upgrade your instance to latest version. If you're unable to upgrade to latest, upgrade to one of these fixed versions: 8.3.2, 8.4.0. See the release notes ([https://confluence.atlassian.com/doc/confluence-release-notes-327.html).|https://confluence.atlassian.com/doc/confluence-release-notes-327.html).] You can download the latest version of Confluence Data Center & Server from the download center ([https://www.atlassian.com/software/confluence/download-archives).|https://www.atlassian.com/software/confluence/download-archives).] \n\nThis vulnerability was discovered by a private user and reported via our Bug Bounty program.https://nvd.nist.gov/vuln/detail/CVE-2023-22505
CVE-2023-37897Grav is a file-based Web-platform built in PHP. Grav is subject to a server side template injection (SSTI) vulnerability. The fix for another SSTI vulnerability using `|map`, `|filter` and `|reduce` twigs implemented in the commit `71bbed1` introduces bypass of the denylist due to incorrect return value from `isDangerousFunction()`, which allows to execute the payload prepending double backslash (`\\\\`). The `isDangerousFunction()` check in version 1.7.42 and onwards retuns `false` value instead of `true` when the `\\` symbol is found in the `$name`. This vulnerability can be exploited if the attacker has access to: 1. an Administrator account, or 2. a non-administrator, user account that has Admin panel access and Create/Update page permissions. A fix for this vulnerability has been introduced in commit `b4c6210` and is included in release version `1.7.42.2`. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-37897
CVE-2023-3527A CSV injection vulnerability was found in the Avaya Call Management System (CMS) Supervisor web application which allows a user with administrative privileges to input crafted data which, when exported to a CSV file, may attempt arbitrary command execution on the system used to open the file by a spreadsheet software \n\nsuch as Microsoft Excel.\n\n \n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-3527
CVE-2023-22508This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22508 was introduced in version 7.19.8 of Confluence Data Center & Server.\n\nThis RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and no user interaction.\n\nAtlassian recommends that you upgrade your instance to latest version. If you're unable to upgrade to latest, upgrade to this fixed version: 8.2.0. See the release notes ([https://confluence.atlassian.com/doc/confluence-release-notes-327.html|https://confluence.atlassian.com/doc/confluence-release-notes-327.html]). You can download the latest version of Data Center & Server from the download center ([https://www.atlassian.com/software/confluence/download-archives|https://www.atlassian.com/software/confluence/download-archives]).\n\nThis vulnerability was discovered by a private user and reported via our Bug Bounty program.https://nvd.nist.gov/vuln/detail/CVE-2023-22508
Tags
Bulletins
Share