Security Bulletin 2 Aug 2023

Published on 02 Aug 2023 | Updated on 02 Aug 2023

SingCERT's Security Bulletin summarises the list of vulnerabilities collated from the National Institute of Standards and Technology (NIST)'s National Vulnerability Database (NVD) in the past week.

The vulnerabilities are tabled based on severity, in accordance to their CVSSv3 base scores:


Criticalvulnerabilities with a base score of 9.0 to 10.0
Highvulnerabilities with a base score of 7.0 to 8.9
Mediumvulnerabilities with a base score of 4.0 to 6.9
Lowvulnerabilities with a base score of 0.1 to 3.9
Nonevulnerabilities with a base score of 0.0

For those vulnerabilities without assigned CVSS scores, please visit NVD for the updated CVSS vulnerability entries.

CRITICAL VULNERABILITIES
CVE NumberDescriptionBase ScoreReference
CVE-2023-3765Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0.10https://nvd.nist.gov/vuln/detail/CVE-2023-3765
CVE-2023-37903vm2 is an open source vm/sandbox for Node.js. In vm2 for versions up to and including 3.9.19, Node.js custom inspect function allows attackers to escape the sandbox and run arbitrary code. This may result in Remote Code Execution, assuming the attacker has arbitrary code execution primitive inside the context of vm2 sandbox. There are no patches and no known workarounds. Users are advised to find an alternative software.10https://nvd.nist.gov/vuln/detail/CVE-2023-37903
CVE-2020-7357Cayin CMS suffers from an authenticated OS semi-blind command injection vulnerability using default credentials. This can be exploited to inject and execute arbitrary shell commands as the root user through the 'NTP_Server_IP' HTTP POST parameter in system.cgi page. This issue affects several branches and versions of the CMS application, including CME-SE, CMS-60, CMS-40, CMS-20, and CMS version 8.2, 8.0, and 7.5.9.9https://nvd.nist.gov/vuln/detail/CVE-2020-7357
CVE-2016-5118The OpenBlob function in blob.c in GraphicsMagick before 1.3.24 and ImageMagick allows remote attackers to execute arbitrary code via a | (pipe) character at the start of a filename.9.8https://nvd.nist.gov/vuln/detail/CVE-2016-5118
CVE-2016-10108Unauthenticated Remote Command injection as root occurs in the Western Digital MyCloud NAS 2.11.142 /web/google_analytics.php URL via a modified arg parameter in the POST data.9.8https://nvd.nist.gov/vuln/detail/CVE-2016-10108
CVE-2018-17153It was discovered that the Western Digital My Cloud device before 2.30.196 is affected by an authentication bypass vulnerability. An unauthenticated attacker can exploit this vulnerability to authenticate as an admin user without needing to provide a password, thereby gaining full control of the device. (Whenever an admin logs into My Cloud, a server-side session is created that is bound to the user's IP address. After the session is created, it is possible to call authenticated CGI modules by sending the cookie username=admin in the HTTP request. The invoked CGI will check if a valid session is present and bound to the user's IP address.) It was found that it is possible for an unauthenticated attacker to create a valid session without a login. The network_mgr.cgi CGI module contains a command called "cgi_get_ipv6" that starts an admin session -- tied to the IP address of the user making the request -- if the additional parameter "flag" with the value "1" is provided. Subsequent invocation of commands that would normally require admin privileges now succeed if an attacker sets the username=admin cookie.9.8https://nvd.nist.gov/vuln/detail/CVE-2018-17153
CVE-2020-5510PHPGurukul Hostel Management System v2.0 allows SQL injection via the id parameter in the full-profile.php file.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-5510
CVE-2022-24193CasaOS before v0.2.7 was discovered to contain a command injection vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-24193
CVE-2022-26082A file write vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26082
CVE-2022-26833An improper authentication vulnerability exists in the REST API functionality of Open Automation Software OAS Platform V16.00.0121. A specially-crafted series of HTTP requests can lead to unauthenticated use of the REST API. An attacker can send a series of HTTP requests to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-26833
CVE-2022-30521The LAN-side Web-Configuration Interface has Stack-based Buffer Overflow vulnerability in the D-Link Wi-Fi router firmware DIR-890L DIR890LA1_FW107b09.bin and previous versions. The function created at 0x17958 of /htdocs/cgibin will call sprintf without checking the length of strings in parameters given by HTTP header and can be controlled by users easily. The attackers can exploit the vulnerability to carry out arbitrary code by means of sending a specially constructed payload to port 49152.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-30521
CVE-2022-34592Wavlink WL-WN575A3 RPT75A3.V4300.201217 was discovered to contain a command injection vulnerability via the function obtw. This vulnerability allows attackers to execute arbitrary commands via a crafted POST request.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-34592
CVE-2022-34858Authentication Bypass vulnerability in miniOrange OAuth 2.0 client for SSO plugin <= 1.11.3 at WordPress.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2022-34858
CVE-2022-36944Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. On its own, it cannot be exploited. There is only a risk in conjunction with Java object deserialization within an application. In such situations, it allows attackers to erase contents of arbitrary files, make network connections, or possibly run arbitrary code (specifically, Function0 functions) via a gadget chain.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-36944
CVE-2022-29822Due to improper parameter filtering in the Feathers js library, which may ultimately lead to SQL injection9.8https://nvd.nist.gov/vuln/detail/CVE-2022-29822
CVE-2022-29823Feather-Sequalize cleanQuery method uses insecure recursive logic to filter unsupported keys from the query object. This results in a Remote Code Execution (RCE) with privileges of application.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-29823
CVE-2022-2422Due to improper input validation in the Feathers js library, it is possible to perform a SQL injection attack on the back-end database, in case the feathers-sequelize package is used.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-2422
CVE-2022-27858CSV Injection vulnerability in Activity Log Team Activity Log <= 2.8.3 on WordPress.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2022-27858
CVE-2023-23513A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.3, macOS Ventura 13.2, macOS Monterey 12.6.3. Mounting a maliciously crafted Samba network share may lead to arbitrary code execution.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-23513
CVE-2023-1803Authentication Bypass by Alternate Name vulnerability in DTS Electronics Redline Router firmware allows Authentication Bypass.This issue affects Redline Router: before 7.17.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-1803
CVE-2023-1833Authentication Bypass by Primary Weakness vulnerability in DTS Electronics Redline Router firmware allows Authentication Bypass.This issue affects Redline Router: before 7.17.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-1833
CVE-2022-46640Nanoleaf Desktop App before v1.3.1 was discovered to contain a command injection vulnerability which is exploited via a crafted HTTP request.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-46640
CVE-2022-47758Nanoleaf firmware v7.1.1 and below is missing TLS verification, allowing attackers to execute arbitrary code via a DNS hijacking attack.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-47758
CVE-2023-23526This was addressed with additional checks by Gatekeeper on files downloaded from an iCloud shared-by-me folder. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. A file from an iCloud shared-by-me folder may be able to bypass Gatekeeper.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-23526
CVE-2023-27953The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. A remote user may be able to cause unexpected system termination or corrupt kernel memory.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-27953
CVE-2023-28201This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4. A remote user may be able to cause unexpected app termination or arbitrary code execution.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-28201
CVE-2023-2712Unrestricted Upload of File with Dangerous Type vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform allows Command Injection, Using Malicious Files, Upload a Web Shell to a Web Server.This issue affects Rental Module: before 23.05.15.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-2712
CVE-2023-2713Authorization Bypass Through User-Controlled Key vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform allows Authentication Abuse, Authentication Bypass.This issue affects Rental Module: before 23.05.15.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-2713
CVE-2023-2882Generation of Incorrect Security Tokens vulnerability in CBOT Chatbot allows Token Impersonation, Privilege Abuse.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-2882
CVE-2023-2884Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG), Use of Insufficiently Random Values vulnerability in CBOT Chatbot allows Signature Spoofing by Key Recreation.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-2884
CVE-2023-2887Authentication Bypass by Spoofing vulnerability in CBOT Chatbot allows Authentication Bypass.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-2887
CVE-2023-20887Aria Operations for Networks contains a command injection vulnerability. A malicious actor with network access to VMware Aria Operations for Networks may be able to perform a command injection attack resulting in remote code execution.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-20887
CVE-2023-3048Authorization Bypass Through User-Controlled Key vulnerability in TMT Lockcell allows Authentication Abuse, Authentication Bypass.This issue affects Lockcell: before 15.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-3048
CVE-2023-3049Unrestricted Upload of File with Dangerous Type vulnerability in TMT Lockcell allows Command Injection.This issue affects Lockcell: before 15.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-3049
CVE-2023-3326pam_krb5 authenticates a user by essentially running kinit with the password, getting a ticket-granting ticket (tgt) from the Kerberos KDC (Key Distribution Center) over the network, as a way to verify the password. However, if a keytab is not provisioned on the system, pam_krb5 has no way to validate the response from the KDC, and essentially trusts the tgt provided over the network as being valid. In a non-default FreeBSD installation that leverages pam_krb5 for authentication and does not have a keytab provisioned, an attacker that is able to control both the password and the KDC responses can return a valid tgt, allowing authentication to occur for any user on the system.\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-3326
CVE-2023-32387A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. A remote attacker may be able to cause unexpected app termination or arbitrary code execution.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-32387
CVE-2023-32412A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. A remote attacker may be able to cause unexpected app termination or arbitrary code execution.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-32412
CVE-2023-32419The issue was addressed with improved bounds checks. This issue is fixed in iOS 16.5 and iPadOS 16.5. A remote attacker may be able to cause arbitrary code execution.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-32419
CVE-2023-37629Online Piggery Management System 1.0 is vulnerable to File Upload. An unauthenticated user can upload a php file by sending a POST request to "add-pig.php."9.8https://nvd.nist.gov/vuln/detail/CVE-2023-37629
CVE-2023-26563The Syncfusion EJ2 Node File Provider 0102271 is vulnerable to filesystem-server.js directory traversal. As a result, an unauthenticated attacker can: - On Windows, list files in any directory, read any file, delete any file, upload any file to any directory accessible by the web server. - On Linux, read any file, download any directory, delete any file, upload any file to any directory accessible by the web server.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-26563
CVE-2023-26564The Syncfusion EJ2 ASPCore File Provider 3ac357f is vulnerable to Models/PhysicalFileProvider.cs directory traversal. As a result, an unauthenticated attacker can list files within a directory, download any file, or upload any file to any directory accessible by the web server.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-26564
CVE-2023-1547Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Elra Parkmatik allows SQL Injection through SOAP Parameter Tampering, Command Line Execution through SQL Injection.This issue affects Parkmatik: before 02.01-a51.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-1547
CVE-2023-30151A SQL injection vulnerability in the Boxtal (envoimoinscher) module for PrestaShop, after version 3.1.10, allows remote attackers to execute arbitrary SQL commands via the `key` GET parameter.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-30151
CVE-2023-37839An arbitrary file upload vulnerability in /dede/file_manage_control.php of DedeCMS v5.7.109 allows attackers to execute arbitrary code via uploading a crafted PHP file.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-37839
CVE-2023-37466vm2 is an advanced vm/sandbox for Node.js. The library contains critical security issues and should not be used for production. The maintenance of the project has been discontinued. In vm2 for versions up to 3.9.19, `Promise` handler sanitization can be bypassed with `@@species` accessor property allowing attackers to escape the sandbox and run arbitrary code. Remote Code Execution, assuming the attacker has arbitrary code execution primitive inside the context of vm2 sandbox.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-37466
CVE-2023-36119File upload vulnerability in PHPGurukul Online Security Guards Hiring System v.1.0 allows a remote attacker to execute arbitrary code via a crafted php file to the \\osghs\\admin\\images file.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-36119
CVE-2023-38336netkit-rcp in rsh-client 0.17-24 allows command injection via filenames because /bin/sh is used by susystem, a related issue to CVE-2006-0225, CVE-2019-7283, and CVE-2020-15778.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-38336
CVE-2023-37793WAYOS FBM-291W 19.09.11V was discovered to contain a buffer overflow via the component /upgrade_filter.asp.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-37793
CVE-2023-37794WAYOS FBM-291W 19.09.11V was discovered to contain a command injection vulnerability via the component /upgrade_filter.asp.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-37794
CVE-2023-35802IQ Engine before 10.6r1 on Extreme Network AP devices has a Buffer Overflow in the implementation of the CAPWAP protocol that may be exploited to obtain elevated privileges to conduct remote code execution. Access to the internal management interface/subnet is required to conduct the exploit.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-35802
CVE-2023-38378The web interface on the RIGOL MSO5000 digital oscilloscope with firmware 00.01.03.00.03 allows remote attackers to execute arbitrary code via shell metacharacters in pass1 to the webcontrol changepwd.cgi application.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-38378
CVE-2023-3693A vulnerability classified as critical was found in SourceCodester Life Insurance Management System 1.0. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-234244.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-3693
CVE-2023-3694A vulnerability, which was classified as critical, has been found in SourceCodester House Rental and Property Listing 1.0. This issue affects some unknown processing of the file index.php. The manipulation of the argument keywords/location leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-234245 was assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-3694
CVE-2023-3695A vulnerability classified as critical has been found in Campcodes Beauty Salon Management System 1.0. Affected is an unknown function of the file add-product.php. The manipulation of the argument category leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-234252.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-3695
CVE-2023-3696Prototype Pollution in GitHub repository automattic/mongoose prior to 7.3.4.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-3696
CVE-2023-26512CWE-502 Deserialization of Untrusted Data at the rabbitmq-connector plugin module in Apache EventMesh (incubating) V1.7.0\\V1.8.0 on windows\\linux\\mac os e.g. platforms allows attackers to send controlled message and \n\nremote code execute via rabbitmq messages. Users can use the code under the master branch in project repo to fix this issue, we will release the new version as soon as possible.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-26512
CVE-2023-2963Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oliva Expertise Oliva Expertise EKS allows SQL Injection.This issue affects Oliva Expertise EKS: before 1.2.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-2963
CVE-2023-3186The Popup by Supsystic WordPress plugin before 1.10.19 has a prototype pollution vulnerability that could allow an attacker to inject arbitrary properties into Object.prototype.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-3186
CVE-2023-3376Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Digital Strategy Zekiweb allows SQL Injection.This issue affects Zekiweb: before 2.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-3376
CVE-2023-2958Authorization Bypass Through User-Controlled Key vulnerability in Origin Software ATS Pro allows Authentication Abuse, Authentication Bypass.This issue affects ATS Pro: before 20230714.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-2958
CVE-2023-37791D-Link DIR-619L v2.04(TW) was discovered to contain a stack overflow via the curTime parameter at /goform/formLogin.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-37791
CVE-2023-37461Metersphere is an opensource testing framework. Files uploaded to Metersphere may define a `belongType` value with a relative path like `../../../../` which may cause metersphere to attempt to overwrite an existing file in the defined location or to create a new file. Attackers would be limited to overwriting files that the metersphere process has access to. This issue has been addressed in version 2.10.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-37461
CVE-2021-37384A remote command execution (RCE) vulnerability in the web interface component of Furukawa Electric LatAM 423-41W/AC before v1.1.4 and LD421-21W before v1.3.3 allows unauthenticated attackers to send arbitrary commands to the device via unspecified vectors.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-37384
CVE-2023-37265CasaOS is an open-source Personal Cloud system. Due to a lack of IP address verification an unauthenticated attackers can execute arbitrary commands as `root` on CasaOS instances. The problem was addressed by improving the detection of client IP addresses in `391dd7f`. This patch is part of CasaOS 0.4.4. Users should upgrade to CasaOS 0.4.4. If they can't, they should temporarily restrict access to CasaOS to untrusted users, for instance by not exposing it publicly.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-37265
CVE-2023-37266CasaOS is an open-source Personal Cloud system. Unauthenticated attackers can craft arbitrary JWTs and access features that usually require authentication and execute arbitrary commands as `root` on CasaOS instances. This problem was addressed by improving the validation of JWTs in commit `705bf1f`. This patch is part of CasaOS 0.4.4. Users should upgrade to CasaOS 0.4.4. If they can't, they should temporarily restrict access to CasaOS to untrusted users, for instance by not exposing it publicly.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-37266
CVE-2023-38427An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/smb2pdu.c in ksmbd has an integer underflow and out-of-bounds read in deassemble_neg_contexts.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-38427
CVE-2023-38429An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/connection.c in ksmbd has an off-by-one error in memory allocation (because of ksmbd_smb2_check_message) that may lead to out-of-bounds access.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-38429
CVE-2022-4146Expression Language Injection vulnerability in Hitachi Replication Manager on Windows, Linux, Solaris allows Code Injection.This issue affects Hitachi Replication Manager: before 8.8.5-02.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2022-4146
CVE-2015-10122A vulnerability was found in wp-donate Plugin up to 1.4 on WordPress. It has been classified as critical. This affects an unknown part of the file includes/donate-display.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. Upgrading to version 1.5 is able to address this issue. The identifier of the patch is 019114cb788d954c5d1b36d6c62418619e93a757. It is recommended to upgrade the affected component. The identifier VDB-234249 was assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2015-10122
CVE-2018-25088A vulnerability, which was classified as critical, was found in Blue Yonder postgraas_server up to 2.0.0b2. Affected is the function _create_pg_connection/create_postgres_db of the file postgraas_server/backends/postgres_cluster/postgres_cluster_driver.py of the component PostgreSQL Backend Handler. The manipulation leads to sql injection. Upgrading to version 2.0.0 is able to address this issue. The patch is identified as 7cd8d016edc74a78af0d81c948bfafbcc93c937c. It is recommended to upgrade the affected component. VDB-234246 is the identifier assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2018-25088
CVE-2021-34123An issue was discovered on atasm, version 1.09. A stack-buffer-overflow vulnerability in function aprintf() in asm.c allows attackers to execute arbitrary code on the system via a crafted file.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-34123
CVE-2022-47085An issue was discovered in ostree before 2022.7 allows attackers to cause a denial of service or other unspecified impacts via the print_panic function in repo_checkout_filter.rs.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-47085
CVE-2020-36762A vulnerability was found in ONS Digital RAS Collection Instrument up to 2.0.27 and classified as critical. Affected by this issue is the function jobs of the file .github/workflows/comment.yml. The manipulation of the argument $COMMENT_BODY leads to os command injection. Upgrading to version 2.0.28 is able to address this issue. The name of the patch is dcaad2540f7d50c512ff2e031d3778dd9337db2b. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-234248.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-36762
CVE-2021-37522SQL injection vulnerability in HKing2802 Locke-Bot 2.0.2 allows remote attackers to run arbitrary SQL commands via crafted string to /src/db.js, /commands/mute.js, /modules/event/messageDelete.js.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-37522
CVE-2023-35189Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a remote \ncode execution vulnerability that could allow an unauthenticated user to\n upload a malicious payload and execute it.\n\n\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-35189
CVE-2023-36669Missing Authentication for a Critical Function within the Kratos NGC Indoor Unit (IDU) before 11.4 allows remote attackers to obtain arbitrary control of the IDU/ODU system. Any attacker with layer-3 network access to the IDU can impersonate the Touch Panel Unit (TPU) within the IDU by sending crafted TCP requests to the IDU.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-36669
CVE-2023-30153An SQL injection vulnerability in the Payplug (payplug) module for PrestaShop, in versions 3.6.0, 3.6.1, 3.6.2, 3.6.3, 3.7.0 and 3.7.1, allows remote attackers to execute arbitrary SQL commands via the ajax.php front controller.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-30153
CVE-2023-36670A remotely exploitable command injection vulnerability was found on the Kratos NGC-IDU 9.1.0.4. An attacker can execute arbitrary Linux commands as root by sending crafted TCP requests to the device.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-36670
CVE-2023-3751A vulnerability was found in Super Store Finder 3.6. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /index.php of the component POST Parameter Handler. The manipulation of the argument products leads to sql injection. The attack can be launched remotely. The identifier VDB-234421 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-3751
CVE-2023-3759A vulnerability, which was classified as critical, was found in Intergard SGS 8.7.0. Affected is an unknown function. The manipulation leads to permission issues. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-234444. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-3759
CVE-2023-3463\nAll versions of GE Digital CIMPLICITY that are not adhering to SDG guidance and accepting documents from untrusted sources are vulnerable to memory corruption issues due to insufficient input validation, including issues such as out-of-bounds reads and writes, use-after-free, stack-based buffer overflows, uninitialized pointers, and a heap-based buffer overflow. Successful exploitation could allow an attacker to execute arbitrary code.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-3463
CVE-2023-34034Using "**" as a pattern in Spring Security configuration \nfor WebFlux creates a mismatch in pattern matching between Spring \nSecurity and Spring WebFlux, and the potential for a security bypass.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-34034
CVE-2023-3638In GeoVision GV-ADR2701 cameras, an attacker could edit the login response to access the web application.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-3638
CVE-2023-3722An OS command injection vulnerability was found in the Avaya Aura Device Services Web application which could allow remote code execution as the Web server user via a malicious uploaded file. This issue affects Avaya Aura Device Services version 8.1.4.0 and earlier.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-3722
CVE-2022-28734Out-of-bounds write when handling split HTTP headers; When handling split HTTP headers, GRUB2 HTTP code accidentally moves its internal data buffer point by one position. This can lead to a out-of-bound write further when parsing the HTTP request, writing a NULL byte past the buffer. It's conceivable that an attacker controlled set of packets can lead to corruption of the GRUB2's internal memory metadata.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-28734
CVE-2023-37289It is identified a vulnerability of Unrestricted Upload of File with Dangerous Type in the file uploading function in InfoDoc Document On-line Submission and Approval System, which allows an unauthenticated remote attacker can exploit this vulnerability without logging system to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service. This issue affects Document On-line Submission and Approval System: 22547, 22567.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-37289
CVE-2023-38408The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-38408
CVE-2023-37471Open Access Management (OpenAM) is an access management solution that includes Authentication, SSO, Authorization, Federation, Entitlements and Web Services Security. OpenAM up to version 14.7.2 does not properly validate the signature of SAML responses received as part of the SAMLv1.x Single Sign-On process. Attackers can use this fact to impersonate any OpenAM user, including the administrator, by sending a specially crafted SAML response to the SAMLPOSTProfileServlet servlet. This problem has been patched in OpenAM 14.7.3-SNAPSHOT and later. User unable to upgrade should comment servlet `SAMLPOSTProfileServlet` from their pom file. See the linked GHSA for details.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-37471
CVE-2023-3791A vulnerability was found in IBOS OA 4.5.5 and classified as critical. Affected by this issue is the function actionExport of the file ?r=contact/default/export of the component Personal Office Address Book. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-235058 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-3791
CVE-2023-37165Millhouse-Project v1.414 was discovered to contain a remote code execution (RCE) vulnerability via the component /add_post_sql.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-37165
CVE-2023-31753SQL injection vulnerability in diskusi.php in eNdonesia 8.7, allows an attacker to execute arbitrary SQL commands via the "rid=" parameter.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-31753
CVE-2023-3793A vulnerability was found in Weaver e-cology. It has been rated as critical. This issue affects some unknown processing of the file filelFileDownloadForOutDoc.class of the component HTTP POST Request Handler. The manipulation of the argument fileid with the input 1+WAITFOR+DELAY leads to sql injection. Upgrading to version 10.58.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-235061 was assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-3793
CVE-2023-3795A vulnerability classified as critical was found in Bug Finder ChainCity Real Estate Investment Platform 1.0. Affected by this vulnerability is an unknown functionality of the file /property of the component GET Parameter Handler. The manipulation of the argument name leads to sql injection. The associated identifier of this vulnerability is VDB-235063. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-3795
CVE-2023-3798A vulnerability has been found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0 and classified as critical. This vulnerability affects unknown code of the file /App_Resource/UEditor/server/upload.aspx. The manipulation of the argument file leads to unrestricted upload. The exploit has been disclosed to the public and may be used. VDB-235066 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-3798
CVE-2023-3799A vulnerability was found in IBOS OA 4.5.5 and classified as critical. This issue affects some unknown processing of the file ?r=article/category/del of the component Delete Category Handler. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235067. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-3799
CVE-2023-3801A vulnerability was found in IBOS OA 4.5.5. It has been declared as critical. Affected by this vulnerability is the function actionEdit of the file ?r=officialdoc/officialdoc/edit of the component Mobile Notification Handler. The manipulation leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-235069 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-3801
CVE-2023-3802A vulnerability was found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /Controller/Ajaxfileupload.ashx. The manipulation of the argument file leads to unrestricted upload. The exploit has been disclosed to the public and may be used. VDB-235070 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-3802
CVE-2023-3804A vulnerability classified as problematic was found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. This vulnerability affects unknown code of the file /Service/FileHandler.ashx. The manipulation of the argument userFile leads to unrestricted upload. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235072. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-3804
CVE-2023-38632async-sockets-cpp through 0.3.1 has a stack-based buffer overflow in tcpsocket.hpp when processing malformed TCP packets.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-38632
CVE-2023-3805A vulnerability, which was classified as critical, has been found in Xiamen Four Letter Video Surveillance Management System up to 20230712. This issue affects some unknown processing in the library UserInfoAction.class of the component Login. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-235073 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-3805
CVE-2023-3806A vulnerability, which was classified as critical, was found in SourceCodester House Rental and Property Listing System 1.0. Affected is an unknown function of the file btn_functions.php. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-235074 is the identifier assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-3806
CVE-2023-37291\nGalaxy Software Services Vitals ESP is vulnerable to using a hard-coded encryption key. An unauthenticated remote attacker can generate a valid token parameter and exploit this vulnerability to access system to operate processes and access data.\n\n\n\nThis issue affects Vitals ESP: from 3.0.8 through 6.2.0.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-37291
CVE-2023-3809A vulnerability was found in Hospital Management System 1.0. It has been classified as critical. This affects an unknown part of the file patient.php. The manipulation of the argument address leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-235077 was assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-3809
CVE-2023-3810A vulnerability was found in Hospital Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file patientappointment.php. The manipulation of the argument loginid/password/mobileno/appointmentdate/appointmenttime/patiente/dob/doct/city leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-235078 is the identifier assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-3810
CVE-2023-3811A vulnerability was found in Hospital Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file patientprofile.php. The manipulation of the argument address leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235079.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-3811
CVE-2023-38646Metabase open source before 0.46.6.1 and Metabase Enterprise before 1.46.6.1 allow attackers to execute arbitrary commands on the server, at the server's privilege level. Authentication is not required for exploitation. The other fixed versions are 0.45.4.1, 1.45.4.1, 0.44.7.1, 1.44.7.1, 0.43.7.2, and 1.43.7.2.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-38646
CVE-2023-26301Certain HP LaserJet Pro print products are potentially vulnerable to an Elevation of Privilege and/or Information Disclosure related to a lack of authentication with certain endpoints.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-26301
CVE-2023-3826A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /?r=recruit/resume/edit&op=status of the component Interview Handler. The manipulation of the argument resumeid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235147. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-3826
CVE-2023-3836A vulnerability classified as critical was found in Dahua Smart Park Management up to 20230713. This vulnerability affects unknown code of the file /emap/devicePoint_addImgIco?hasSubsystem=true. The manipulation of the argument upload leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-235162 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-3836
CVE-2023-3850A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=delete_category of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The identifier VDB-235201 was assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-3850
CVE-2023-3854A vulnerability classified as critical has been found in phpscriptpoint BloodBank 1.1. Affected is an unknown function of the file /search of the component POST Parameter Handler. The manipulation of the argument country/city/blood_group_id leads to sql injection. It is possible to launch the attack remotely. VDB-235206 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-3854
CVE-2023-3859A vulnerability was found in phpscriptpoint Car Listing 1.6 and classified as critical. This issue affects some unknown processing of the file /search.php of the component GET Parameter Handler. The manipulation of the argument brand_id/model_id/car_condition/car_category_id/body_type_id/fuel_type_id/transmission_type_id/year/mileage_start/mileage_end/country/state/city leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-235211. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-3859
CVE-2023-34478Apache Shiro, before 1.12.0 or 2.0.0-alpha-3, may be susceptible to a path traversal attack that results in an authentication bypass when used together with APIs or other web frameworks that route requests based on non-normalized requests.\n\nMitigation: Update to Apache Shiro 1.12.0+ or 2.0.0-alpha-3+\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-34478
CVE-2023-26045NodeBB is Node.js based forum software. Starting in version 2.5.0 and prior to version 2.8.7, due to the use of the object destructuring assignment syntax in the user export code path, combined with a path traversal vulnerability, a specially crafted payload could invoke the user export logic to arbitrarily execute javascript files on the local disk. This issue is patched in version 2.8.7. As a workaround, site maintainers can cherry pick the fix into their codebase to patch the exploit.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-26045
CVE-2023-3046Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Biltay Technology Scienta allows SQL Injection.This issue affects Scienta: before 20230630.1953.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-3046
CVE-2023-35066Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Infodrom Software E-Invoice Approval System allows SQL Injection.This issue affects E-Invoice Approval System: before v.20230701.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-35066
CVE-2022-46898An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Path Traversal via the "restore SQL data" filename. The Vocera Report Console contains a websocket function that allows for the restoration of the database from a ZIP archive that expects a SQL import file. The filename provided is not properly sanitized and allows for the inclusion of a path-traversal payload that can be used to escape the intended Vocera restoration directory. An attacker could exploit this vulnerability to point to a crafted ZIP archive that contains SQL commands that could be executed against the database.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-46898
CVE-2023-34798An arbitrary file upload vulnerability in eoffice before v9.5 allows attackers to execute arbitrary code via uploading a crafted file.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-34798
CVE-2023-37258DataEase is an open source data visualization analysis tool. Prior to version 1.18.9, DataEase has a SQL injection vulnerability that can bypass blacklists. The vulnerability has been fixed in v1.18.9. There are no known workarounds.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-37258
CVE-2023-38669Use after free in paddle.diagonal in PaddlePaddle before 2.5.0. This resulted in a potentially exploitable condition.\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-38669
CVE-2023-38671Heap buffer overflow in paddle.trace in PaddlePaddle before 2.5.0. This flaw can lead to a denial of service, information disclosure, or more damage is possible.\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-38671
CVE-2023-38673PaddlePaddle before 2.5.0 has a command injection in fs.py. This resulted in the ability to execute arbitrary commands on the operating system.\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-38673
CVE-2023-33308A stack-based overflow vulnerability [CWE-124] in Fortinet FortiOS version 7.0.0 through 7.0.10 and 7.2.0 through 7.2.3 and FortiProxy version 7.0.0 through 7.0.9 and 7.2.0 through 7.2.2 allows a remote unauthenticated attacker to execute arbitrary code or command via crafted packets reaching proxy policies or firewall policies with proxy mode alongside deep or full packet inspection.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-33308
CVE-2023-3956The InstaWP Connect plugin for WordPress is vulnerable to unauthorized access of data, modification of data and loss of data due to a missing capability check on the 'events_receiver' function in versions up to, and including, 0.0.9.18. This makes it possible for unauthenticated attackers to add, modify or delete post and taxonomy, install, activate or deactivate plugin, change customizer settings, add or modify or delete user including administrator user.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-3956
CVE-2021-31962Kerberos AppContainer Security Feature Bypass Vulnerability9.4https://nvd.nist.gov/vuln/detail/CVE-2021-31962
CVE-2023-27958The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. A remote user may be able to cause unexpected system termination or corrupt kernel memory.9.1https://nvd.nist.gov/vuln/detail/CVE-2023-27958
CVE-2023-37278GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An administrator can trigger SQL injection via dashboards administration. This vulnerability has been patched in version 10.0.9.\n\n9.1https://nvd.nist.gov/vuln/detail/CVE-2023-37278
CVE-2023-38426An issue was discovered in the Linux kernel before 6.3.4. ksmbd has an out-of-bounds read in smb2_find_context_vals when create_context's name_len is larger than the tag length.9.1https://nvd.nist.gov/vuln/detail/CVE-2023-38426
CVE-2023-38428An issue was discovered in the Linux kernel before 6.3.4. fs/ksmbd/smb2pdu.c in ksmbd does not properly check the UserName value because it does not consider the address of security buffer, leading to an out-of-bounds read.9.1https://nvd.nist.gov/vuln/detail/CVE-2023-38428
CVE-2023-38430An issue was discovered in the Linux kernel before 6.3.9. ksmbd does not validate the SMB request protocol ID, leading to an out-of-bounds read.9.1https://nvd.nist.gov/vuln/detail/CVE-2023-38430
CVE-2023-38431An issue was discovered in the Linux kernel before 6.3.8. fs/smb/server/connection.c in ksmbd does not validate the relationship between the NetBIOS header's length field and the SMB header sizes, via pdu_size in ksmbd_conn_handler_loop, leading to an out-of-bounds read.9.1https://nvd.nist.gov/vuln/detail/CVE-2023-38431
CVE-2023-38432An issue was discovered in the Linux kernel before 6.3.10. fs/smb/server/smb2misc.c in ksmbd does not validate the relationship between the command payload size and the RFC1002 length specification, leading to an out-of-bounds read.9.1https://nvd.nist.gov/vuln/detail/CVE-2023-38432
CVE-2021-26427Microsoft Exchange Server Remote Code Execution Vulnerability9https://nvd.nist.gov/vuln/detail/CVE-2021-26427
CVE-2023-21974Vulnerability in the Application Express Team Calendar Plugin product of Oracle Application Express (component: User Account). Supported versions that are affected are Application Express Team Calendar Plugin: 18.2-22.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Application Express Team Calendar Plugin. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Application Express Team Calendar Plugin, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Application Express Team Calendar Plugin. CVSS 3.1 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H).9https://nvd.nist.gov/vuln/detail/CVE-2023-21974
CVE-2023-21975Vulnerability in the Application Express Customers Plugin product of Oracle Application Express (component: User Account). Supported versions that are affected are Application Express Customers Plugin: 18.2-22.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Application Express Customers Plugin. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Application Express Customers Plugin, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Application Express Customers Plugin. CVSS 3.1 Base Score 9.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H).9https://nvd.nist.gov/vuln/detail/CVE-2023-21975

OTHER VULNERABILITIES
CVE NumberDescriptionBase ScoreReference
CVE-2021-36970Windows Print Spooler Spoofing Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2021-36970
CVE-2022-23259Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2022-23259
CVE-2022-26872AMI Megarac Password reset interception via API8.8https://nvd.nist.gov/vuln/detail/CVE-2022-26872
CVE-2023-23496The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.2, watchOS 9.3, iOS 15.7.2 and iPadOS 15.7.2, Safari 16.3, tvOS 16.3, iOS 16.3 and iPadOS 16.3. Processing maliciously crafted web content may lead to arbitrary code execution.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-23496
CVE-2023-23517The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, watchOS 9.3, macOS Big Sur 11.7.3, Safari 16.3, tvOS 16.3, iOS 16.3 and iPadOS 16.3. Processing maliciously crafted web content may lead to arbitrary code execution.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-23517
CVE-2023-23518The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, watchOS 9.3, macOS Big Sur 11.7.3, Safari 16.3, tvOS 16.3, iOS 16.3 and iPadOS 16.3. Processing maliciously crafted web content may lead to arbitrary code execution.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-23518
CVE-2023-23529A type confusion issue was addressed with improved checks. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.3.1 and iPadOS 16.3.1, macOS Ventura 13.2.1, Safari 16.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-23529
CVE-2023-28205A use after free issue was addressed with improved memory management. This issue is fixed in Safari 16.4.1, iOS 15.7.5 and iPadOS 15.7.5, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-28205
CVE-2023-23532This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.6 and iPadOS 15.7.6. An app may be able to break out of its sandbox.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-23532
CVE-2023-27934A memory initialization issue was addressed. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4. A remote attacker may be able to cause unexpected app termination or arbitrary code execution.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-27934
CVE-2023-27935The issue was addressed with improved bounds checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. A remote user may be able to cause unexpected app termination or arbitrary code execution.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-27935
CVE-2023-30625rudder-server is part of RudderStack, an open source Customer Data Platform (CDP). Versions of rudder-server prior to 1.3.0-rc.1 are vulnerable to SQL injection. This issue may lead to Remote Code Execution (RCE) due to the `rudder` role in PostgresSQL having superuser permissions by default. Version 1.3.0-rc.1 contains patches for this issue.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-30625
CVE-2023-32373A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-32373
CVE-2023-32435A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.7 and iPadOS 15.7.7. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-32435
CVE-2023-32439A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5.1 and iPadOS 16.5.1, iOS 15.7.7 and iPadOS 15.7.7, macOS Ventura 13.4.1, Safari 16.5.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-32439
CVE-2021-31982Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2021-31982
CVE-2023-36162Cross Site Request Forgery vulnerability in ZZCMS v.2023 and earlier allows a remote attacker to gain privileges via the add function in adminlist.php.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-36162
CVE-2023-3600During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash. This vulnerability affects Firefox < 115.0.2, Firefox ESR < 115.0.2, and Thunderbird < 115.0.1.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-3600
CVE-2023-37946Jenkins OpenShift Login Plugin 1.1.0.227.v27e08dfb_1a_20 and earlier does not invalidate the previous session on login.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-37946
CVE-2023-37273Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. Running Auto-GPT version prior to 0.4.3 by cloning the git repo and executing `docker compose run auto-gpt` in the repo root uses a different docker-compose.yml file from the one suggested in the official docker set up instructions. The docker-compose.yml file located in the repo root mounts itself into the docker container without write protection. This means that if malicious custom python code is executed via the `execute_python_file` and `execute_python_code` commands, it can overwrite the docker-compose.yml file and abuse it to gain control of the host system the next time Auto-GPT is started. The issue has been patched in version 0.4.3.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-37273
CVE-2023-37462XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Improper escaping in the document `SkinsCode.XWikiSkinsSheet` leads to an injection vector from view right on that document to programming rights, or in other words, it is possible to execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. The attack works by opening a non-existing page with a name crafted to contain a dangerous payload. It is possible to check if an existing installation is vulnerable. See the linked GHSA for instructions on testing an installation. This issue has been patched in XWiki 14.4.8, 14.10.4 and 15.0-rc-1. Users are advised to upgrade. The fix commit `d9c88ddc` can also be applied manually to the impacted document `SkinsCode.XWikiSkinsSheet` and users unable to upgrade are advised to manually patch their installations.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-37462
CVE-2023-37473zenstruck/collections is a set of helpers for iterating/paginating/filtering collections. Passing _callable strings_ (ie `system`) caused the function to be executed. This would result in a limited subset of specific user input being executed as if it were code. This issue has been addressed in commit `f4b1c48820` and included in release version 0.2.1. Users are advised to upgrade. Users unable to upgrade should ensure that user input is not passed to either `EntityRepository::find()` or `query()`.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-37473
CVE-2023-37268Warpgate is an SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps. When logging in as a user with SSO enabled an attacker may authenticate as an other user. Any user account which does not have a second factor enabled could be compromised. This issue has been addressed in commit `8173f6512a` and in releases starting with version 0.7.3. Users are advised to upgrade. Users unable to upgrade should require their users to use a second factor in authentication.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-37268
CVE-2023-38349PNP4Nagios through 81ebfc5 lacks CSRF protection in the AJAX controller. This affects 0.6.26.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-38349
CVE-2023-2759A hidden API exists in TapHome's core platform before version 2023.2 that allows an authenticated, low privileged user to change passwords of other users without any prior knowledge. The attacker may gain full access to the device by using this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-2759
CVE-2023-22672Cross-Site Request Forgery (CSRF) vulnerability in Mr.Vibe vSlider Multi Image Slider for WordPress plugin <= 4.1.2 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-22672
CVE-2023-23646Cross-Site Request Forgery (CSRF) vulnerability in A WP Life Album Gallery – WordPress Gallery plugin <= 1.4.9 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-23646
CVE-2023-23719Cross-Site Request Forgery (CSRF) vulnerability in Premmerce plugin <= 1.3.17 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-23719
CVE-2023-27606Cross-Site Request Forgery (CSRF) vulnerability in Sajjad Hossain WP Reroute Email plugin <= 1.4.6 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-27606
CVE-2023-27424Cross-Site Request Forgery (CSRF) vulnerability in Korol Yuriy aka Shra Inactive User Deleter plugin <= 1.59 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-27424
CVE-2023-2329The WooCommerce Google Sheet Connector WordPress plugin through 1.3.4 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack8.8https://nvd.nist.gov/vuln/detail/CVE-2023-2329
CVE-2023-2330The Caldera Forms Google Sheets Connector WordPress plugin through 1.2 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack8.8https://nvd.nist.gov/vuln/detail/CVE-2023-2330
CVE-2023-2636The AN_GradeBook WordPress plugin through 5.0.1 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as subscriber8.8https://nvd.nist.gov/vuln/detail/CVE-2023-2636
CVE-2023-31216Cross-Site Request Forgery (CSRF) vulnerability in Ultimate Member plugin <= 2.6.0 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-31216
CVE-2023-35038Cross-Site Request Forgery (CSRF) vulnerability in wpexperts.Io WP PDF Generator plugin <= 1.2.2 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-35038
CVE-2023-35089Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Plugins Recipe Maker For Your Food Blog from Zip Recipes plugin <= 8.0.7 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-35089
CVE-2023-35096Cross-Site Request Forgery (CSRF) vulnerability in myCred plugin <= 2.5 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-35096
CVE-2023-35880Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Brands plugin <= 1.6.49 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-35880
CVE-2023-3179The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the manage_postman_smtp capability resend an email to an arbitrary address (for example a password reset email could be resent to an attacker controlled email, and allow them to take over an account).8.8https://nvd.nist.gov/vuln/detail/CVE-2023-3179
CVE-2022-47172Cross-Site Request Forgery (CSRF) vulnerability in HasThemes ShopLentor plugin <= 2.6.2 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-47172
CVE-2023-34005Cross-Site Request Forgery (CSRF) vulnerability in Etoile Web Design Front End Users plugin <= 3.2.24 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-34005
CVE-2023-36511Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Order Barcodes plugin <= 1.6.4 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-36511
CVE-2023-36513Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce AutomateWoo plugin <= 5.7.5 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-36513
CVE-2023-36514Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Shipping Multiple Addresses plugin <= 3.8.5 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-36514
CVE-2023-37968Cross-Site Request Forgery (CSRF) vulnerability in Faboba Falang multilanguage for WordPress plugin <= 1.3.39 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-37968
CVE-2022-36424Cross-Site Request Forgery (CSRF) vulnerability in Nikola Loncar Easy Appointments plugin <= 3.11.9 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-36424
CVE-2022-38062Cross-Site Request Forgery (CSRF) vulnerability in Metagauss Download Theme plugin <= 1.0.9 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-38062
CVE-2023-37974Cross-Site Request Forgery (CSRF) vulnerability in Justin Klein WP Social AutoConnect plugin <= 4.6.1 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-37974
CVE-2023-37985Cross-Site Request Forgery (CSRF) vulnerability in FiveStarPlugins Restaurant Menu and Food Ordering plugin <= 2.4.6 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-37985
CVE-2023-28767The configuration parser fails to sanitize user-controlled input in the Zyxel ATP series firmware versions 5.10 through 5.36, USG FLEX series firmware versions 5.00 through 5.36,  USG FLEX 50(W) series firmware versions 5.10 through 5.36, \n\nUSG20(W)-VPN series firmware versions 5.10 through 5.36, and VPN series firmware versions 5.00 through 5.36. An unauthenticated, LAN-based attacker could leverage the vulnerability to inject some operating system (OS) commands into the device configuration data on an affected device when the cloud management mode is enabled.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-28767
CVE-2023-33011A format string vulnerability in the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.10 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.10 through 5.36 Patch 2, and VPN series firmware versions 5.00 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands by using a crafted PPPoE configuration on an affected device when the cloud management mode is enabled.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-33011
CVE-2023-33012A command injection vulnerability in the configuration parser of the Zyxel ATP series firmware versions 5.10 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.10 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.10 through 5.36 Patch 2, and VPN series firmware versions 5.00 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands by using a crafted GRE configuration when the cloud management mode is enabled.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-33012
CVE-2023-34139A command injection vulnerability in the Free Time WiFi hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.36 Patch 2 and VPN series firmware versions 4.20 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-34139
CVE-2023-38404The XPRTLD web application in Veritas InfoScale Operations Manager (VIOM) before 8.0.0.410 allows an authenticated attacker to upload all types of files to the server. An authenticated attacker can then execute the malicious file to perform command execution on the remote server.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-38404
CVE-2023-3724If a TLS 1.3 client gets neither a PSK (pre shared key) extension nor a KSE (key share extension) when connecting to a malicious server, a default predictable buffer gets used for the IKM (Input Keying Material) value when generating the session master secret. Using a potentially known IKM value when generating the session master secret key compromises the key generated, allowing an eavesdropper to reconstruct it and potentially allowing access to or meddling with message contents in the session. This issue does not affect client validation of connected servers, nor expose private key information, but could result in an insecure TLS 1.3 session when not controlling both sides of the connection. wolfSSL recommends that TLS 1.3 client side users update the version of wolfSSL used. \n\n\n8.8https://nvd.nist.gov/vuln/detail/CVE-2023-3724
CVE-2023-3713The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'profile_magic_check_smtp_connection' function in versions up to, and including, 5.5.1. This makes it possible for authenticated attackers, with subscriber-level permissions or above to update the site options arbitrarily. This can be used by attackers to achieve privilege escalation.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-3713
CVE-2023-3714The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'edit_group' handler in versions up to, and including, 5.5.2. This makes it possible for authenticated attackers, with group ownership, to update group options, including the 'associate_role' parameter, which defines the member's role. This issue was partially patched in version 5.5.2 preventing privilege escalation, however, it was fully patched in 5.5.3.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-3714
CVE-2022-45828Cross-Site Request Forgery (CSRF) vulnerability in NooTheme Noo Timetable plugin <= 2.1.3 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-45828
CVE-2022-46857Cross-Site Request Forgery (CSRF) vulnerability in SiteAlert plugin <= 1.9.7 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-46857
CVE-2023-25473Cross-Site Request Forgery (CSRF) vulnerability in Miro Mannino Flickr Justified Gallery plugin <= 3.5 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-25473
CVE-2023-25475Cross-Site Request Forgery (CSRF) vulnerability in Vladimir Prelovac Smart YouTube PRO plugin <= 4.3 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-25475
CVE-2023-25482Cross-Site Request Forgery (CSRF) vulnerability in Mike Martel WP Tiles plugin <= 1.1.2 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-25482
CVE-2022-47169Cross-Site Request Forgery (CSRF) vulnerability in StaxWP Visibility Logic for Elementor plugin <= 2.3.4 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-47169
CVE-2023-23660Auth. (subscriber+) SQL Injection (SQLi) vulnerability in MainWP MainWP Maintenance Extension plugin <= 4.1.1 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-23660
CVE-2023-25036Cross-Site Request Forgery (CSRF) vulnerability in akhlesh-nagar, a.Ankit Social Media Icons Widget plugin <= 1.6 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-25036
CVE-2023-37386Cross-Site Request Forgery (CSRF) vulnerability in Media Library Helper plugin <= 1.2.0 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-37386
CVE-2023-37387Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme Classified Listing plugin <= 2.4.5 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-37387
CVE-2023-37889Cross-Site Request Forgery (CSRF) vulnerability in WPAdmin WPAdmin AWS CDN plugin <= 2.0.13 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-37889
CVE-2023-37892Cross-Site Request Forgery (CSRF) vulnerability in Kemal YAZICI - PluginPress Shortcode IMDB plugin <= 6.0.8 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-37892
CVE-2023-37973Cross-Site Request Forgery (CSRF) vulnerability in David Pokorny Replace Word plugin <= 2.1 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-37973
CVE-2022-26563An issue was discovered in Tildeslash Monit before 5.31.0, allows remote attackers to gain escilated privlidges due to improper PAM-authorization.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-26563
CVE-2022-34155Improper Authentication vulnerability in miniOrange OAuth Single Sign On – SSO (OAuth Client) plugin allows Authentication Bypass.This issue affects OAuth Single Sign On – SSO (OAuth Client): from n/a through 6.23.3.\n\n8.8https://nvd.nist.gov/vuln/detail/CVE-2022-34155
CVE-2023-33265In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, executor services don't check client permissions properly, allowing authenticated users to execute tasks on members without the required permissions granted.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-33265
CVE-2020-22159EVERTZ devices 3080IPX exe-guest-v1.2-r26125, 7801FC 1.3 Build 27, and 7890IXG V494 are vulnerable to Arbitrary File Upload, allowing an authenticated attacker to upload a webshell or overwrite any critical system files.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-22159
CVE-2023-28019Insufficient validation in Bigfix WebUI API App site version < 14 allows an authenticated WebUI user to issue SQL queries via an unparameterized SQL query.\n8.8https://nvd.nist.gov/vuln/detail/CVE-2023-28019
CVE-2023-34330\nAMI SPx contains a vulnerability in the BMC where a user may inject code which could be executed via a Dynamic Redfish Extension interface. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity, and availability. 8.8https://nvd.nist.gov/vuln/detail/CVE-2023-34330
CVE-2023-374771Panel is an open source Linux server operation and maintenance management panel. An OS command injection vulnerability exists in 1Panel firewall functionality. A specially-crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. 1Panel firewall functionality `/hosts/firewall/ip` endpoint read user input without validation, the attacker extends the default functionality of the application, which execute system commands. An attacker can execute arbitrary code on the target system, which can lead to a complete compromise of the system. This issue has been addressed in commit `e17b80cff49` which is included in release version `1.4.3`. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n8.8https://nvd.nist.gov/vuln/detail/CVE-2023-37477
CVE-2023-22505This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22505 was introduced in version 8.0.0 of Confluence Data Center & Server.\n\nThis RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and no user interaction.\n\nAtlassian recommends that you upgrade your instance to latest version. If you're unable to upgrade to latest, upgrade to one of these fixed versions: 8.3.2, 8.4.0. See the release notes ([https://confluence.atlassian.com/doc/confluence-release-notes-327.html).|https://confluence.atlassian.com/doc/confluence-release-notes-327.html).] You can download the latest version of Confluence Data Center & Server from the download center ([https://www.atlassian.com/software/confluence/download-archives).|https://www.atlassian.com/software/confluence/download-archives).] \n\nThis vulnerability was discovered by a private user and reported via our Bug Bounty program.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-22505
CVE-2023-37897Grav is a file-based Web-platform built in PHP. Grav is subject to a server side template injection (SSTI) vulnerability. The fix for another SSTI vulnerability using `|map`, `|filter` and `|reduce` twigs implemented in the commit `71bbed1` introduces bypass of the denylist due to incorrect return value from `isDangerousFunction()`, which allows to execute the payload prepending double backslash (`\\\\`). The `isDangerousFunction()` check in version 1.7.42 and onwards retuns `false` value instead of `true` when the `\\` symbol is found in the `$name`. This vulnerability can be exploited if the attacker has access to: 1. an Administrator account, or 2. a non-administrator, user account that has Admin panel access and Create/Update page permissions. A fix for this vulnerability has been introduced in commit `b4c6210` and is included in release version `1.7.42.2`. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n\n8.8https://nvd.nist.gov/vuln/detail/CVE-2023-37897
CVE-2023-22508This High severity RCE (Remote Code Execution) vulnerability known as CVE-2023-22508 was introduced in version 6.1.0 of Confluence Data Center & Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and no user interaction. Atlassian recommends that you upgrade your instance to avoid this bug using the following options: * Upgrade to a Confluence feature release greater than or equal to 8.2.0 (ie: 8.2, 8.2, 8.4, etc...) * Upgrade to a Confluence 7.19 LTS bugfix release greater than or equal to 7.19.8 (ie: 7.19.8, 7.19.9, 7.19.10, 7.19.11, etc...) * Upgrade to a Confluence 7.13 LTS bugfix release greater than or equal to 7.13.20 (Release available early August) See the release notes (https://confluence.atlassian.com/doc/confluence-release-notes-327.html ). You can download the latest version of Data Center & Server from the download center (https://www.atlassian.com/software/confluence/download-archives ). If you are unable to upgrade your instance please use the following guide to workaround the issue https://confluence.atlassian.com/confkb/how-to-disable-the-jmx-network-port-for-cve-2023-22508-1267761550.html This vulnerability was discovered by a private user and reported via our Bug Bounty program.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-22508
CVE-2023-22506This High severity Injection and RCE (Remote Code Execution) vulnerability known as CVE-2023-22506 was introduced in version 8.0.0 of Bamboo Data Center.\n \n\nThis Injection and RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.5, allows an authenticated attacker to\nmodify the actions taken by a system call and execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and no user interaction.\n \n \nAtlassian recommends that you upgrade your instance to latest version. If you're unable to upgrade to latest, upgrade to one of these fixed versions: 9.2.3 and 9.3.1. See the release notes ([https://confluence.atlassian.com/bambooreleases/bamboo-release-notes-1189793869.html|https://confluence.atlassian.com/bambooreleases/bamboo-release-notes-1189793869.html]). You can download the latest version of Bamboo Data Center and Bamboo Server from the download center ([https://www.atlassian.com/software/bamboo/download-archives|https://www.atlassian.com/software/bamboo/download-archives]).\n \n\nThis vulnerability was reported via our Penetration Testing program.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-22506
CVE-2023-28754Deserialization of Untrusted Data vulnerability in Apache ShardingSphere-Agent, which allows attackers to execute arbitrary code by constructing a special YAML configuration file.\n\nThe attacker needs to have permission to modify the ShardingSphere Agent YAML configuration file on the target machine, and the target machine can access the URL with the arbitrary code JAR.\nAn attacker can use SnakeYAML to deserialize java.net.URLClassLoader and make it load a JAR from a specified URL, and then deserialize javax.script.ScriptEngineManager to load code using that ClassLoader. When the ShardingSphere JVM process starts and uses the ShardingSphere-Agent, the arbitrary code specified by the attacker will be executed during the deserialization of the YAML configuration file by the Agent.\n\nThis issue affects ShardingSphere-Agent: through 5.3.2. This vulnerability is fixed in Apache ShardingSphere 5.4.0.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-28754
CVE-2023-27379A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 12.1.2.15332. By prematurely deleting objects associated with pages, a specially crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-27379
CVE-2023-28744A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.1.1.15289. A specially crafted PDF document can trigger the reuse of previously freed memory by manipulating form fields of a specific type. This can lead to memory corruption and arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-28744
CVE-2023-33866A use-after-free vulnerability exists in the JavaScript engine of Foxit Software’s PDF Reader, version 12.1.2.15332. By prematurely deleting objects associated with pages, a specially crafted PDF document can trigger the reuse of previously freed memory, which can lead to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-33866
CVE-2023-33876A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15332 handles destroying annotations. A specially-crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object which can lead to memory corruption and result in arbitrary code execution. A specially-crafted Javascript code inside a malicious PDF document can cause memory corruption and lead to remote code execution. Exploitation is also possible if a user visits a specially-crafted, malicious site if the browser plugin extension is enabled.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-33876
CVE-2023-26217The Data Exchange Add-on component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains an easily exploitable vulnerability that allows a low privileged user with import permissions and network access to the EBX server to execute arbitrary SQL statements on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 4.5.17 and below, versions 5.6.2 and below, version 6.1.0.\n\n8.8https://nvd.nist.gov/vuln/detail/CVE-2023-26217
CVE-2023-37362\n\n\nWeintek Weincloud v0.13.6\n\n \n\ncould allow an attacker to abuse the registration functionality to login with testing credentials to the official website.\n\n\n\n\n\n8.8https://nvd.nist.gov/vuln/detail/CVE-2023-37362
CVE-2023-31462An issue was discovered in SteelSeries GG 36.0.0. An attacker can change values in an unencrypted database that is writable for all users on the computer, in order to trigger code execution with higher privileges.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-31462
CVE-2023-37650A Cross-Site Request Forgery (CSRF) in the Admin portal of Cockpit CMS v2.5.2 allows attackers to execute arbitrary Administrator commands.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-37650
CVE-2023-3796A vulnerability, which was classified as problematic, has been found in Bug Finder Foody Friend 1.0. Affected by this issue is some unknown functionality of the file /user/profile of the component Profile Picture Handler. The manipulation of the argument profile_picture leads to unrestricted upload. The attack may be launched remotely. The identifier of this vulnerability is VDB-235064. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-3796
CVE-2023-3797A vulnerability, which was classified as critical, was found in Gen Technology Four Mountain Torrent Disaster Prevention and Control of Monitoring and Early Warning System up to 20230712. This affects an unknown part of the file /Duty/AjaxHandle/UploadFloodPlanFileUpdate.ashx. The manipulation of the argument Filedata leads to unrestricted upload. The exploit has been disclosed to the public and may be used. The identifier VDB-235065 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-3797
CVE-2023-3807A vulnerability has been found in Campcodes Beauty Salon Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file edit_product.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235075.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-3807
CVE-2023-3808A vulnerability was found in Hospital Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file patientforgotpassword.php. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235076.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-3808
CVE-2023-37917KubePi is an opensource kubernetes management panel. A normal user has permission to create/update users, they can become admin by editing the `isadmin` value in the request. As a result any user may take administrative control of KubePi. This issue has been addressed in version 1.6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-37917
CVE-2023-3841A vulnerability has been found in NxFilter 4.3.2.5 and classified as problematic. This vulnerability affects unknown code of the file user.jsp. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The identifier of this vulnerability is VDB-235192. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-3841
CVE-2023-38060Improper Input Validation vulnerability in the ContentType parameter for attachments on TicketCreate or TicketUpdate operations of the OTRS Generic Interface modules allows any authenticated attacker to to perform an host header injection for the ContentType header of the attachment. \n\n\nThis issue affects OTRS: from 7.0.X before 7.0.45, from 8.0.X before 8.0.35; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.\n\n8.8https://nvd.nist.gov/vuln/detail/CVE-2023-38060
CVE-2023-3321\nA vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted\nprograms to exploit the vulnerabilities by allowing them to run on the zenon installed hosts.\nThis issue affects ABB Ability™ zenon: from 11 build through 11 build 106404.\n\n8.8https://nvd.nist.gov/vuln/detail/CVE-2023-3321
CVE-2023-39173In JetBrains TeamCity before 2023.05.2 a token with limited permissions could be used to gain full account access8.8https://nvd.nist.gov/vuln/detail/CVE-2023-39173
CVE-2023-38594The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-38594
CVE-2023-38597The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5, Safari 16.6. Processing web content may lead to arbitrary code execution.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-38597
CVE-2023-32393The issue was addressed with improved memory handling. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. Processing web content may lead to arbitrary code execution.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-32393
CVE-2021-31977Windows Hyper-V Denial of Service Vulnerability8.6https://nvd.nist.gov/vuln/detail/CVE-2021-31977
CVE-2023-23530The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges.8.6https://nvd.nist.gov/vuln/detail/CVE-2023-23530
CVE-2023-23531The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges.8.6https://nvd.nist.gov/vuln/detail/CVE-2023-23531
CVE-2023-28206An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.6.5, iOS 16.4.1 and iPadOS 16.4.1, macOS Ventura 13.3.1, iOS 15.7.5 and iPadOS 15.7.5, macOS Big Sur 11.7.6. An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.8.6https://nvd.nist.gov/vuln/detail/CVE-2023-28206
CVE-2023-27944This issue was addressed with a new entitlement. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to break out of its sandbox.8.6https://nvd.nist.gov/vuln/detail/CVE-2023-27944
CVE-2023-27967The issue was addressed with improved memory handling. This issue is fixed in Xcode 14.3. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges.8.6https://nvd.nist.gov/vuln/detail/CVE-2023-27967
CVE-2023-32409The issue was addressed with improved bounds checks. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.8 and iPadOS 15.7.8, Safari 16.5, iOS 16.5 and iPadOS 16.5. A remote attacker may be able to break out of Web Content sandbox. Apple is aware of a report that this issue may have been actively exploited.8.6https://nvd.nist.gov/vuln/detail/CVE-2023-32409
CVE-2023-32414The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.4. An app may be able to break out of its sandbox.8.6https://nvd.nist.gov/vuln/detail/CVE-2023-32414
CVE-2023-32364A logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13.5. A sandboxed process may be able to circumvent sandbox restrictions.8.6https://nvd.nist.gov/vuln/detail/CVE-2023-32364
CVE-2023-22062Vulnerability in the Oracle Hyperion Financial Reporting product of Oracle Hyperion (component: Repository). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Financial Reporting. While the vulnerability is in Oracle Hyperion Financial Reporting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Financial Reporting accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Financial Reporting. CVSS 3.1 Base Score 8.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L).8.5https://nvd.nist.gov/vuln/detail/CVE-2023-22062
CVE-2021-33739Microsoft DWM Core Library Elevation of Privilege Vulnerability8.4https://nvd.nist.gov/vuln/detail/CVE-2021-33739
CVE-2023-22014Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where PeopleSoft Enterprise PeopleTools executes to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in takeover of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 8.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).8.4https://nvd.nist.gov/vuln/detail/CVE-2023-22014
CVE-2023-36884Microsoft is investigating reports of a series of remote code execution vulnerabilities impacting Windows and Office products. Microsoft is aware of targeted attacks that attempt to exploit these vulnerabilities by using specially-crafted Microsoft Office documents.\n\nAn attacker could create a specially crafted Microsoft Office document that enables them to perform remote code execution in the context of the victim. However, an attacker would have to convince the victim to open the malicious file.\n\nUpon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This might include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.\n\nPlease see the Microsoft Threat Intelligence Blog Entry https://aka.ms/Storm-0978 for important information about steps you can take to protect your system from this vulnerability.\n\nThis CVE will be updated with new information and links to security updates when they become available. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this CVE. See Microsoft Technical Security Notifications https://www.microsoft.com/en-us/msrc/technical-security-notifications .\n\n8.3https://nvd.nist.gov/vuln/detail/CVE-2023-36884
CVE-2021-33741Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability8.2https://nvd.nist.gov/vuln/detail/CVE-2021-33741
CVE-2023-3591Mattermost fails to invalidate previously generated password reset tokens when a new reset token was created.\n\n8.2https://nvd.nist.gov/vuln/detail/CVE-2023-3591
CVE-2023-34360A stored cross-site scripting (XSS) issue was discovered within the Custom User Icons functionality of ASUS RT-AX88U running firmware versions 3.0.0.4.388.23110 and prior.  After a remote attacker logging in device with regular user privilege, the remote attacker can perform a Stored Cross-site Scripting (XSS) attack by uploading image which containing JavaScript code.8.2https://nvd.nist.gov/vuln/detail/CVE-2023-34360
CVE-2021-40487Microsoft SharePoint Server Remote Code Execution Vulnerability8.1https://nvd.nist.gov/vuln/detail/CVE-2021-40487
CVE-2021-41344Microsoft SharePoint Server Remote Code Execution Vulnerability8.1https://nvd.nist.gov/vuln/detail/CVE-2021-41344
CVE-2023-2885Channel Accessible by Non-Endpoint vulnerability in CBOT Chatbot allows Adversary in the Middle (AiTM).This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.\n\n8.1https://nvd.nist.gov/vuln/detail/CVE-2023-2885
CVE-2023-33170ASP.NET and Visual Studio Security Feature Bypass Vulnerability8.1https://nvd.nist.gov/vuln/detail/CVE-2023-33170
CVE-2023-3581Mattermost fails to properly validate the origin of a websocket connection allowing a MITM attacker on Mattermost to access the websocket APIs.\n\n8.1https://nvd.nist.gov/vuln/detail/CVE-2023-3581
CVE-2023-3615Mattermost iOS app fails to properly validate the server certificate while initializing the TLS connection allowing a network attacker to intercept the WebSockets connection.\n\n8.1https://nvd.nist.gov/vuln/detail/CVE-2023-3615
CVE-2023-34143Improper Validation of Certificate with Host Mismatch vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Server, Device Manager Agent, Host Data Collector components) allows Man in the Middle Attack.This issue affects Hitachi Device Manager: before 8.8.5-02.\n\n8.1https://nvd.nist.gov/vuln/detail/CVE-2023-34143
CVE-2023-22018Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.46 and Prior to 7.0.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via RDP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).8.1https://nvd.nist.gov/vuln/detail/CVE-2023-22018
CVE-2022-28733Integer underflow in grub_net_recv_ip4_packets; A malicious crafted IP packet can lead to an integer underflow in grub_net_recv_ip4_packets() function on rsm->total_len value. Under certain circumstances the total_len value may end up wrapping around to a small integer number which will be used in memory allocation. If the attack succeeds in such way, subsequent operations can write past the end of the buffer.8.1https://nvd.nist.gov/vuln/detail/CVE-2022-28733
CVE-2023-34625ShowMojo MojoBox Digital Lockbox 1.4 is vulnerable to Authentication Bypass. The implementation of the lock opening mechanism via Bluetooth Low Energy (BLE) is vulnerable to replay attacks. A malicious user is able to intercept BLE requests and replicate them to open the lock at any time. Alternatively, an attacker with physical access to the device on which the Android app is installed, can obtain the latest BLE messages via the app logs and use them for opening the lock.8.1https://nvd.nist.gov/vuln/detail/CVE-2023-34625
CVE-2023-3322\nA vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted\nprograms to exploit the vulnerabilities by allowing them to run on the zenon installed hosts.\nThis issue affects ABB Ability™ zenon: from 11 build through 11 build 106404.\n\n\n\n8.1https://nvd.nist.gov/vuln/detail/CVE-2023-3322
CVE-2021-38672Windows Hyper-V Remote Code Execution Vulnerability8https://nvd.nist.gov/vuln/detail/CVE-2021-38672
CVE-2021-40461Windows Hyper-V Remote Code Execution Vulnerability8https://nvd.nist.gov/vuln/detail/CVE-2021-40461
CVE-2021-40464Windows Nearby Sharing Elevation of Privilege Vulnerability8https://nvd.nist.gov/vuln/detail/CVE-2021-40464
CVE-2021-41348Microsoft Exchange Server Elevation of Privilege Vulnerability8https://nvd.nist.gov/vuln/detail/CVE-2021-41348
CVE-2023-32761Cross Site Request Forgery (CSRF) vulnerability in Archer Platform before v.6.13 and fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to execute arbitrary code via a crafted request.8https://nvd.nist.gov/vuln/detail/CVE-2023-32761
CVE-2023-34138A command injection vulnerability in the hotspot management feature of the Zyxel ATP series firmware versions 4.60 through 5.36 Patch 2, USG FLEX series firmware versions 4.60 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 4.60 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 4.60 through 5.36 Patch 2, and VPN series firmware versions 4.60 through 5.36 Patch 2, could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device if the attacker could trick an authorized administrator to add their IP address to the list of trusted RADIUS clients in advance.8https://nvd.nist.gov/vuln/detail/CVE-2023-34138
CVE-2023-34141A command injection vulnerability in the access point (AP) management feature of the Zyxel ATP series firmware versions 5.00 through 5.36 Patch 2, USG FLEX series firmware versions 5.00 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 5.00 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 5.00 through 5.36 Patch 2, VPN series firmware versions 5.00 through 5.36 Patch 2, NXC2500 firmware versions 6.10(AAIG.0) through 6.10(AAIG.3), and NXC5500 firmware versions 6.10(AAOS.0) through 6.10(AAOS.4), could allow an unauthenticated, LAN-based attacker to execute some OS commands on an affected device if the attacker could trick an authorized administrator to add their IP address to the managed AP list in advance.8https://nvd.nist.gov/vuln/detail/CVE-2023-34141
CVE-2023-34329\nAMI MegaRAC SPx12 contains a vulnerability in BMC where a User may cause an authentication bypass by spoofing the HTTP header. A successful exploit of this vulnerability may lead to loss of confidentiality, integrity, and availability.\n\n8https://nvd.nist.gov/vuln/detail/CVE-2023-34329
CVE-2023-3467Privilege Escalation to root administrator (nsroot)\n8https://nvd.nist.gov/vuln/detail/CVE-2023-3467
CVE-2021-20226A use-after-free flaw was found in the io_uring in Linux kernel, where a local attacker with a user privilege could cause a denial of service problem on the system The issue results from the lack of validating the existence of an object prior to performing operations on the object by not incrementing the file reference counter while in use. The highest threat from this vulnerability is to data integrity, confidentiality and system availability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-20226
CVE-2020-27815A flaw was found in the JFS filesystem code in the Linux Kernel which allows a local attacker with the ability to set extended attributes to panic the system, causing memory corruption or escalating privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-27815
CVE-2021-1675Windows Print Spooler Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-1675
CVE-2021-31939Microsoft Excel Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31939
CVE-2021-31940Microsoft Office Graphics Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31940
CVE-2021-31941Microsoft Office Graphics Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31941
CVE-2021-319423D Viewer Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31942
CVE-2021-319433D Viewer Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31943
CVE-2021-31945Paint 3D Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31945
CVE-2021-31946Paint 3D Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31946
CVE-2021-31951Windows Kernel Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31951
CVE-2021-31952Windows Kernel-Mode Driver Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31952
CVE-2021-31953Windows Filter Manager Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31953
CVE-2021-31954Windows Common Log File System Driver Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31954
CVE-2021-31956Windows NTFS Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31956
CVE-2021-31967VP9 Video Extensions Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31967
CVE-2021-31969Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31969
CVE-2021-31973Windows GPSVC Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31973
CVE-2021-31983Paint 3D Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31983
CVE-2021-31985Microsoft Defender Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31985
CVE-2021-26441Storage Spaces Controller Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-26441
CVE-2021-40443Windows Common Log File System Driver Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-40443
CVE-2021-40449Win32k Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-40449
CVE-2021-40450Win32k Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-40450
CVE-2021-40462Windows Media Foundation Dolby Digital Atmos Decoders Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-40462
CVE-2021-40465Windows Text Shaping Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-40465
CVE-2021-40466Windows Common Log File System Driver Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-40466
CVE-2021-40467Windows Common Log File System Driver Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-40467
CVE-2021-40470DirectX Graphics Kernel Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-40470
CVE-2021-40471Microsoft Excel Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-40471
CVE-2021-40473Microsoft Excel Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-40473
CVE-2021-40474Microsoft Excel Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-40474
CVE-2021-40477Windows Event Tracing Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-40477
CVE-2021-40478Storage Spaces Controller Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-40478
CVE-2021-40479Microsoft Excel Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-40479
CVE-2021-40480Microsoft Office Visio Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-40480
CVE-2021-40485Microsoft Excel Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-40485
CVE-2021-40486Microsoft Word Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-40486
CVE-2021-40488Storage Spaces Controller Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-40488
CVE-2021-40489Storage Spaces Controller Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-40489
CVE-2021-41330Microsoft Windows Media Foundation Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-41330
CVE-2021-41331Windows Media Audio Decoder Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-41331
CVE-2021-41335Windows Kernel Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-41335
CVE-2021-41340Windows Graphics Component Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-41340
CVE-2021-41345Storage Spaces Controller Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-41345
CVE-2021-41347Windows AppX Deployment Service Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-41347
CVE-2021-41357Win32k Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-41357
CVE-2021-39820Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and earlier) is affected by an Out-of-bounds Write vulnerability due to insecure handling of a malicious TIFF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-39820
CVE-2021-43754Adobe Prelude version 22.1.1 (and earlier) is affected by an Out-of-bounds Write vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-43754
CVE-2021-43756Adobe Media Encoder versions 22.0, 15.4.2 (and earlier) are affected by an Out-of-bounds Write vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-43756
CVE-2021-43755Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an Out-of-bounds Write vulnerability due to insecure handling of a malicious file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-43755
CVE-2023-23497A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.3, macOS Ventura 13.2, macOS Monterey 12.6.3. An app may be able to gain root privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-23497
CVE-2023-23504The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, watchOS 9.3, iOS 15.7.3 and iPadOS 15.7.3, tvOS 16.3, iOS 16.3 and iPadOS 16.3. An app may be able to execute arbitrary code with kernel privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-23504
CVE-2023-23507The issue was addressed with improved bounds checks. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2. An app may be able to execute arbitrary code with kernel privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-23507
CVE-2023-23514A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, iOS 16.3.1 and iPadOS 16.3.1, macOS Ventura 13.2.1, macOS Big Sur 11.7.5. An app may be able to execute arbitrary code with kernel privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-23514
CVE-2023-2176A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-2176
CVE-2023-2007The specific flaw exists within the DPT I2O Controller driver. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the kernel.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-2007
CVE-2023-31436qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-31436
CVE-2023-23525This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5. An app may be able to gain root privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-23525
CVE-2023-23536The issue was addressed with improved bounds checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4. An app may be able to execute arbitrary code with kernel privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-23536
CVE-2023-23540The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5. An app may be able to execute arbitrary code with kernel privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-23540
CVE-2023-27936An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to cause unexpected system termination or write kernel memory.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-27936
CVE-2023-27937An integer overflow was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4. Parsing a maliciously crafted plist may lead to an unexpected app termination or arbitrary code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-27937
CVE-2023-27938An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in GarageBand for macOS 10.4.8. Parsing a maliciously crafted MIDI file may lead to an unexpected application termination or arbitrary code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-27938
CVE-2023-27946An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-27946
CVE-2023-27949An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, iOS 15.7.4 and iPadOS 15.7.4. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-27949
CVE-2023-27957A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-27957
CVE-2023-27959The issue was addressed with improved memory handling. This issue is fixed in iOS 16.4 and iPadOS 16.4. An app may be able to execute arbitrary code with kernel privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-27959
CVE-2023-27960This issue was addressed by removing the vulnerable code. This issue is fixed in GarageBand for macOS 10.4.8. An app may be able to gain elevated privileges during the installation of GarageBand.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-27960
CVE-2023-27965A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Studio Display Firmware Update 16.4. An app may be able to execute arbitrary code with kernel privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-27965
CVE-2023-27969A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4. An app may be able to execute arbitrary code with kernel privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-27969
CVE-2023-27970An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 16.4 and iPadOS 16.4. An app may be able to execute arbitrary code with kernel privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-27970
CVE-2023-28181The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Monterey 12.6.4, macOS Big Sur 11.7.7, tvOS 16.4, watchOS 9.4. An app may be able to execute arbitrary code with kernel privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-28181
CVE-2023-32233In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-32233
CVE-2023-3111A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag().7.8https://nvd.nist.gov/vuln/detail/CVE-2023-3111
CVE-2023-32012Windows Container Manager Service Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-32012
CVE-2023-0009A local privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows enables a local user to execute programs with elevated privileges.\n7.8https://nvd.nist.gov/vuln/detail/CVE-2023-0009
CVE-2023-35788An issue was discovered in fl_set_geneve_opt in net/sched/cls_flower.c in the Linux kernel before 6.3.7. It allows an out-of-bounds write in the flower classifier code via TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets. This may result in denial of service or privilege escalation.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-35788
CVE-2023-23516The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.3, macOS Ventura 13.2, macOS Monterey 12.6.3. An app may be able to execute arbitrary code with kernel privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-23516
CVE-2023-23539A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.2. Mounting a maliciously crafted Samba network share may lead to arbitrary code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-23539
CVE-2023-27930A type confusion issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to execute arbitrary code with kernel privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-27930
CVE-2023-32351A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.9 for Windows. An app may be able to gain elevated privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-32351
CVE-2023-32353A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.9 for Windows. An app may be able to elevate privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-32353
CVE-2023-32380An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. Processing a 3D model may lead to arbitrary code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-32380
CVE-2023-32384A buffer overflow was addressed with improved bounds checking. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. Processing an image may lead to arbitrary code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-32384
CVE-2023-32398A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to execute arbitrary code with kernel privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-32398
CVE-2023-32405A logic issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be able to gain root privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-32405
CVE-2023-32434An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.5.2, macOS Big Sur 11.7.8, iOS 15.7.7 and iPadOS 15.7.7, macOS Monterey 12.6.7, watchOS 8.8.1, iOS 16.5.1 and iPadOS 16.5.1, macOS Ventura 13.4.1. An app may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-32434
CVE-2023-3090A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation.\n\nThe out-of-bounds write is caused by missing skb->cb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled.\n\n\nWe recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e.\n\n7.8https://nvd.nist.gov/vuln/detail/CVE-2023-3090
CVE-2023-3389A use-after-free vulnerability in the Linux Kernel io_uring subsystem can be exploited to achieve local privilege escalation.\n\nRacing a io_uring cancel poll request with a linked timeout can cause a UAF in a hrtimer.\n\nWe recommend upgrading past commit ef7dfac51d8ed961b742218f526bd589f3900a59 (4716c73b188566865bdd79c3a6709696a224ac04 for 5.10 stable and 0e388fce7aec40992eadee654193cad345d62663 for 5.15 stable).\n\n7.8https://nvd.nist.gov/vuln/detail/CVE-2023-3389
CVE-2023-3390A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c.\n\nMishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue.\n\nWe recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-3390
CVE-2023-31248Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace7.8https://nvd.nist.gov/vuln/detail/CVE-2023-31248
CVE-2023-35001Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace7.8https://nvd.nist.gov/vuln/detail/CVE-2023-35001
CVE-2023-30431IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 db2set is vulnerable to a buffer overflow, caused by improper bounds checking. An attacker could overflow the buffer and execute arbitrary code. IBM X-Force ID: 252184.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-30431
CVE-2023-3269A vulnerability exists in the memory management subsystem of the Linux kernel. The lock handling for accessing and updating virtual memory areas (VMAs) is incorrect, leading to use-after-free problems. This issue can be successfully exploited to execute arbitrary kernel code, escalate containers, and gain root privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-3269
CVE-2023-32046Windows MSHTML Platform Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-32046
CVE-2023-37274Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. When Auto-GPT is executed directly on the host system via the provided run.sh or run.bat files, custom Python code execution is sandboxed using a temporary dedicated docker container which should not have access to any files outside of the Auto-GPT workspace directory.\nBefore v0.4.3, the `execute_python_code` command (introduced in v0.4.1) does not sanitize the `basename` arg before writing LLM-supplied code to a file with an LLM-supplied name. This allows for a path traversal attack that can overwrite any .py file outside the workspace directory by specifying a `basename` such as `../../../main.py`. This can further be abused to achieve arbitrary code execution on the host running Auto-GPT by e.g. overwriting autogpt/main.py which will be executed outside of the docker environment meant to sandbox custom python code execution the next time Auto-GPT is started. The issue has been patched in version 0.4.3. As a workaround, the risk introduced by this vulnerability can be remediated by running Auto-GPT in a virtual machine, or another environment in which damage to files or corruption of the program is not a critical problem.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-37274
CVE-2023-3513Improper Privilege Control in RazerCentralSerivce Named Pipe in Razer RazerCentral <=7.11.0.558 on Windows allows a malicious actor with local access to gain SYSTEM privilege via communicating with the named pipe as a low-privilege user and triggering an insecure .NET deserialization.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-3513
CVE-2023-3514Improper Privilege Control in RazerCentralSerivce Named Pipe in Razer RazerCentral <=7.11.0.558 on Windows allows a malicious actor with local access to gain SYSTEM privilege via communicating with the named pipe as a low-privilege user and calling "AddModule" or "UninstallModules" command to execute arbitrary executable file.\n\n7.8https://nvd.nist.gov/vuln/detail/CVE-2023-3514
CVE-2023-35692In getLocationCache of GeoLocation.java, there is a possible way to send a mock location during an emergency call due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n7.8https://nvd.nist.gov/vuln/detail/CVE-2023-35692
CVE-2023-36887Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-36887
CVE-2023-30988The IBM i 7.2, 7.3, 7.4, and 7.5 product Facsimile Support for i contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system. IBM X-Force ID: 254016.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-30988
CVE-2023-30989IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain all object access to the host operating system. IBM X-Force ID: 254017.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-30989
CVE-2023-37476OpenRefine is a free, open source tool for data processing. A carefully crafted malicious OpenRefine project tar file can be used to trigger arbitrary code execution in the context of the OpenRefine process if a user can be convinced to import it. The vulnerability exists in all versions of OpenRefine up to and including 3.7.3. Users should update to OpenRefine 3.7.4 as soon as possible. Users unable to upgrade should only import OpenRefine projects from trusted sources.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-37476
CVE-2020-36695Incorrect Default Permissions vulnerability in Hitachi Device Manager on Linux (Device Manager Server component), Hitachi Tiered Storage Manager on Linux, Hitachi Replication Manager on Linux, Hitachi Tuning Manager on Linux (Hitachi Tuning Manager server, Hitachi Tuning Manager - Agent for RAID, Hitachi Tuning Manager - Agent for NAS \n\ncomponents), Hitachi Compute Systems Manager on Linux allows File Manipulation.This issue affects Hitachi Device Manager: before 8.8.5-02; Hitachi Tiered Storage Manager: before 8.8.5-02; Hitachi Replication Manager: before 8.8.5-02; Hitachi Tuning Manager: before 8.8.5-02; Hitachi Compute Systems Manager: before 8.8.3-08.\n\n7.8https://nvd.nist.gov/vuln/detail/CVE-2020-36695
CVE-2021-34119A flaw was discovered in htmodoc 1.9.12 in function parse_paragraph in ps-pdf.cxx ,this flaw possibly allows possible code execution and a denial of service via a crafted file.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-34119
CVE-2021-34121An Out of Bounds flaw was discovered in htmodoc 1.9.12 in function parse_tree() in toc.cxx, this possibly leads to memory layout information leaking in the data. This might be used in a chain of vulnerability in order to reach code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-34121
CVE-2022-33064An off-by-one error in function wav_read_header in src/wav.c in Libsndfile 1.1.0, results in a write out of bound, which allows an attacker to execute arbitrary code, Denial of Service or other unspecified impacts.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-33064
CVE-2022-33065Multiple signed integers overflow in function au_read_header in src/au.c and in functions mat4_open and mat4_read_header in src/mat4.c in Libsndfile, allows an attacker to cause Denial of Service or other unspecified impacts.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-33065
CVE-2023-30906The vulnerability could be locally exploited to allow escalation of privilege.\n\n7.8https://nvd.nist.gov/vuln/detail/CVE-2023-30906
CVE-2023-22023Vulnerability in the Oracle Solaris product of Oracle Systems (component: Device Driver Interface). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. Note: CVE-2023-22023 is equivalent to CVE-2023-31284. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).7.8https://nvd.nist.gov/vuln/detail/CVE-2023-22023
CVE-2022-43910\nIBM Security Guardium 11.3 could allow a local user to escalate their privileges due to improper permission controls. IBM X-Force ID: 240908.\n\n7.8https://nvd.nist.gov/vuln/detail/CVE-2022-43910
CVE-2023-32664A type confusion vulnerability exists in the Javascript checkThisBox method as implemented in Foxit Reader 12.1.2.15332. A specially-crafted Javascript code inside a malicious PDF document can cause memory corruption and lead to remote code execution. User would need to open a malicious file to trigger the vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-32664
CVE-2023-34394\n\n\n\n\n\n\nIn Keysight Geolocation Server v2.4.2 and prior, an attacker could upload a specially crafted malicious file or delete any file or directory with SYSTEM privileges due to an improper path validation, which could result in local privilege escalation or a denial-of-service condition.\n\n\n\n\n\n\n\n\n\n\n\n\n\n7.8https://nvd.nist.gov/vuln/detail/CVE-2023-34394
CVE-2023-36853\n\n\n\n\n?In Keysight Geolocation Server v2.4.2 and prior, a low privileged attacker could create a local ZIP file containing a malicious script in any location. The attacker could abuse this to load a DLL with SYSTEM privileges.\n\n\n\n\n\n\n\n\n\n\n\n7.8https://nvd.nist.gov/vuln/detail/CVE-2023-36853
CVE-2022-28735The GRUB2's shim_lock verifier allows non-kernel files to be loaded on shim-powered secure boot systems. Allowing such files to be loaded may lead to unverified code and modules to be loaded in GRUB2 breaking the secure boot trust-chain.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-28735
CVE-2022-28736There's a use-after-free vulnerability in grub_cmd_chainloader() function; The chainloader command is used to boot up operating systems that doesn't support multiboot and do not have direct support from GRUB2. When executing chainloader more than once a use-after-free vulnerability is triggered. If an attacker can control the GRUB2's memory allocation pattern sensitive data may be exposed and arbitrary code execution can be achieved.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-28736
CVE-2022-28737There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables; The handle_image() function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memory. Arbitrary code execution is not discarded in such scenario.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-28737
CVE-2021-39822Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious BMP file.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-39822
CVE-2023-28728A stack-based buffer overflow in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-28728
CVE-2023-28729A type confusion vulnerability in Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-28729
CVE-2023-28730A memory corruption vulnerability Panasonic Control FPWIN Pro versions 7.6.0.3 and all previous versions may allow arbitrary code execution when opening specially crafted project files.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-28730
CVE-2022-37331An out-of-bounds write vulnerability exists in the Gaussian format orientation functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-37331
CVE-2022-41793An out-of-bounds write vulnerability exists in the CSR format title functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-41793
CVE-2022-42885A use of uninitialized pointer vulnerability exists in the GRO format res functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-42885
CVE-2022-43467An out-of-bounds write vulnerability exists in the PQS format coord_file functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-43467
CVE-2022-43607An out-of-bounds write vulnerability exists in the MOL2 format attribute and value functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-43607
CVE-2022-44451A use of uninitialized pointer vulnerability exists in the MSI format atom functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-44451
CVE-2022-46280A use of uninitialized pointer vulnerability exists in the PQS format pFormat functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-46280
CVE-2022-46289Multiple out-of-bounds write vulnerabilities exist in the ORCA format nAtoms functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.nAtoms calculation wrap-around, leading to a small buffer allocation7.8https://nvd.nist.gov/vuln/detail/CVE-2022-46289
CVE-2022-46290Multiple out-of-bounds write vulnerabilities exist in the ORCA format nAtoms functionality of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.The loop that stores the coordinates does not check its index against nAtoms7.8https://nvd.nist.gov/vuln/detail/CVE-2022-46290
CVE-2022-46291Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability affects the MSI file format7.8https://nvd.nist.gov/vuln/detail/CVE-2022-46291
CVE-2022-46292Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability affects the MOPAC file format, inside the Unit Cell Translation section7.8https://nvd.nist.gov/vuln/detail/CVE-2022-46292
CVE-2022-46293Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability affects the MOPAC file format, inside the Final Point and Derivatives section7.8https://nvd.nist.gov/vuln/detail/CVE-2022-46293
CVE-2022-46294Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability affects the MOPAC Cartesian file format7.8https://nvd.nist.gov/vuln/detail/CVE-2022-46294
CVE-2022-46295Multiple out-of-bounds write vulnerabilities exist in the translationVectors parsing functionality in multiple supported formats of Open Babel 3.1.1 and master commit 530dbfa3. A specially-crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.This vulnerability affects the Gaussian file format7.8https://nvd.nist.gov/vuln/detail/CVE-2022-46295
CVE-2023-3609A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation.\n\nIf tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.\n\nWe recommend upgrading past commit 04c55383fa5689357bcdd2c8036725a55ed632bc.\n\n7.8https://nvd.nist.gov/vuln/detail/CVE-2023-3609
CVE-2023-3610A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.\n\nFlaw in the error handling of bound chains causes a use-after-free in the abort path of NFT_MSG_NEWRULE. The vulnerability requires CAP_NET_ADMIN to be triggered.\n\nWe recommend upgrading past commit 4bedf9eee016286c835e3d8fa981ddece5338795.\n\n7.8https://nvd.nist.gov/vuln/detail/CVE-2023-3610
CVE-2023-3611An out-of-bounds write vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation.\n\nThe qfq_change_agg() function in net/sched/sch_qfq.c allows an out-of-bounds write because lmax is updated according to packet sizes without bounds checks.\n\nWe recommend upgrading past commit 3e337087c3b5805fe0b8a46ba622a962880b5d64.\n\n7.8https://nvd.nist.gov/vuln/detail/CVE-2023-3611
CVE-2023-3776A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation.\n\nIf tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.\n\nWe recommend upgrading past commit 0323bce598eea038714f941ce2b22541c46d488f.\n\n7.8https://nvd.nist.gov/vuln/detail/CVE-2023-3776
CVE-2023-3842A vulnerability was found in Pointware EasyInventory 1.0.12.0 and classified as critical. This issue affects some unknown processing of the file C:\\Program Files (x86)\\EasyInventory\\Easy2W.exe. The manipulation leads to unquoted search path. Attacking locally is a requirement. The identifier VDB-235193 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-3842
CVE-2023-28133Local privilege escalation in Check Point Endpoint Security Client (version E87.30) via crafted OpenSSL configuration file7.8https://nvd.nist.gov/vuln/detail/CVE-2023-28133
CVE-2023-1386A flaw was found in the 9p passthrough filesystem (9pfs) implementation in QEMU. When a local user in the guest writes an executable file with SUID or SGID, none of these privileged bits are correctly dropped. As a result, in rare circumstances, this flaw could be used by malicious users in the guest to elevate their privileges within the guest and help a host local user to elevate privileges on the host.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-1386
CVE-2023-26078Privilege escalation vulnerability was discovered in Atera Agent 1.8.4.4 and prior on Windows due to mishandling of privileged APIs.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-26078
CVE-2023-26077Atera Agent through 1.8.3.6 on Windows Creates a Temporary File in a Directory with Insecure Permissions.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-26077
CVE-2023-38410The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A user may be able to elevate privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-38410
CVE-2023-32418The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. Processing a file may lead to unexpected app termination or arbitrary code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-32418
CVE-2023-32441The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-32441
CVE-2021-40463Windows Network Address Translation (NAT) Denial of Service Vulnerability7.7https://nvd.nist.gov/vuln/detail/CVE-2021-40463
CVE-2021-31948Microsoft SharePoint Server Spoofing Vulnerability7.6https://nvd.nist.gov/vuln/detail/CVE-2021-31948
CVE-2021-31950Microsoft SharePoint Server Spoofing Vulnerability7.6https://nvd.nist.gov/vuln/detail/CVE-2021-31950
CVE-2021-31964Microsoft SharePoint Server Spoofing Vulnerability7.6https://nvd.nist.gov/vuln/detail/CVE-2021-31964
CVE-2021-40483Microsoft SharePoint Server Spoofing Vulnerability7.6https://nvd.nist.gov/vuln/detail/CVE-2021-40483
CVE-2021-40484Microsoft SharePoint Server Spoofing Vulnerability7.6https://nvd.nist.gov/vuln/detail/CVE-2021-40484
CVE-2023-2760An SQL injection vulnerability exists in TapHome core HandleMessageUpdateDevicePropertiesRequest function before version 2023.2, allowing low privileged users to inject arbitrary SQL directives into an SQL query and execute arbitrary SQL commands and get full reading access. This may also lead to limited write access and temporary Denial-of-Service.7.6https://nvd.nist.gov/vuln/detail/CVE-2023-2760
CVE-2023-22060Vulnerability in the Oracle Hyperion Workspace product of Oracle Hyperion (component: UI and Visualization). The supported version that is affected is 11.2.13.0.000. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hyperion Workspace. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hyperion Workspace accessible data as well as unauthorized access to critical data or complete access to all Oracle Hyperion Workspace accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hyperion Workspace. CVSS 3.1 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L).7.6https://nvd.nist.gov/vuln/detail/CVE-2023-22060
CVE-2021-31958Windows NTLM Elevation of Privilege Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2021-31958
CVE-2021-31968Windows Remote Desktop Services Denial of Service Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2021-31968
CVE-2021-31974Server for NFS Denial of Service Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2021-31974
CVE-2021-31975Server for NFS Information Disclosure Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2021-31975
CVE-2021-31976Server for NFS Information Disclosure Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2021-31976
CVE-2021-34453Microsoft Exchange Server Denial of Service Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2021-34453
CVE-2021-36953Windows TCP/IP Denial of Service Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2021-36953
CVE-2021-40476Windows AppContainer Elevation Of Privilege Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2021-40476
CVE-2022-24795yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of `yajl` contain an integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs. The reallocation logic at `yajl_buf.c#L64` may result in the `need` 32bit integer wrapping to 0 when `need` approaches a value of 0x80000000 (i.e. ~2GB of data), which results in a reallocation of buf->alloc into a small heap chunk. These integers are declared as `size_t` in the 2.x branch of `yajl`, which practically prevents the issue from triggering on 64bit platforms, however this does not preclude this issue triggering on 32bit builds on which `size_t` is a 32bit integer. Subsequent population of this under-allocated heap chunk is based on the original buffer size, leading to heap memory corruption. This vulnerability mostly impacts process availability. Maintainers believe exploitation for arbitrary code execution is unlikely. A patch is available and anticipated to be part of yajl-ruby version 1.4.2. As a workaround, avoid passing large inputs to YAJL.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-24795
CVE-2022-26026A denial of service vulnerability exists in the OAS Engine SecureConfigValues functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted network request can lead to loss of communications. An attacker can send a network request to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-26026
CVE-2022-26043An external config control vulnerability exists in the OAS Engine SecureAddSecurity functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation of a custom Security Group. An attacker can send a sequence of requests to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-26043
CVE-2022-26067An information disclosure vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to arbitrary file read. An attacker can send a sequence of requests to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-26067
CVE-2022-26077A cleartext transmission of sensitive information vulnerability exists in the OAS Engine configuration communications functionality of Open Automation Software OAS Platform V16.00.0112. A targeted network sniffing attack can lead to a disclosure of sensitive information. An attacker can sniff network traffic to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-26077
CVE-2022-26303An external config control vulnerability exists in the OAS Engine SecureAddUser functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted series of network requests can lead to the creation of an OAS user account. An attacker can send a sequence of requests to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-26303
CVE-2022-27169An information disclosure vulnerability exists in the OAS Engine SecureBrowseFile functionality of Open Automation Software OAS Platform V16.00.0112. A specially-crafted network request can lead to a disclosure of sensitive information. An attacker can send a network request to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-27169
CVE-2022-21952A Missing Authentication for Critical Function vulnerability in spacewalk-java of SUSE Manager Server 4.1, SUSE Manager Server 4.2 allows remote attackers to easily exhaust available disk resources leading to DoS. This issue affects: SUSE Manager Server 4.1 spacewalk-java versions prior to 4.1.46. SUSE Manager Server 4.2 spacewalk-java versions prior to 4.2.37.\n\n7.5https://nvd.nist.gov/vuln/detail/CVE-2022-21952
CVE-2023-23519A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. Processing an image may lead to a denial-of-service.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-23519
CVE-2023-23524A denial-of-service issue was addressed with improved input validation. This issue is fixed in tvOS 16.3.2, iOS 16.3.1 and iPadOS 16.3.1, watchOS 9.3.1, macOS Ventura 13.2.1. Processing a maliciously crafted certificate may lead to a denial-of-service.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-23524
CVE-2023-27963The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4. A shortcut may be able to use sensitive data with certain actions without prompting the user.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-27963
CVE-2023-2703Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Finex Media Competition Management System allows Retrieve Embedded Sensitive Data, Collect Data as Provided by Users.This issue affects Competition Management System: before 23.07.\n\n7.5https://nvd.nist.gov/vuln/detail/CVE-2023-2703
CVE-2023-24936.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2023-24936
CVE-2023-3312A vulnerability was found in drivers/cpufreq/qcom-cpufreq-hw.c in cpufreq subsystem in the Linux Kernel. This flaw, during device unbind will lead to double release problem leading to denial of service.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-3312
CVE-2023-32397A logic issue was addressed with improved state management. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be able to modify protected parts of the file system.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-32397
CVE-2022-29144Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2022-29144
CVE-2023-3338A null pointer dereference flaw was found in the Linux kernel's DECnet networking protocol. This issue could allow a remote user to crash the system.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-3338
CVE-2023-30442IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 federated server is vulnerable to a denial of service as the server may crash when using a specially crafted wrapper using certain options. IBM X-Force ID: 253202.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-30442
CVE-2023-30445\nIBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253357.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-30445
CVE-2023-30446IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: \n\n253361\n\n.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-30446
CVE-2023-30447IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253436.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-30447
CVE-2023-30448\nIBM DB2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query on certain tables. IBM X-Force ID: 253437.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-30448
CVE-2023-30449\nIBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query. IBM X-Force ID: 253439.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-30449
CVE-2023-3635GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to denial of service of the Okio client when handling a crafted GZIP archive, by using the GzipSource class.\n\n7.5https://nvd.nist.gov/vuln/detail/CVE-2023-3635
CVE-2023-38197An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-38197
CVE-2023-35069Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Bullwark allows Path Traversal.This issue affects Bullwark: before BLW-2016E-960H.\n\n7.5https://nvd.nist.gov/vuln/detail/CVE-2023-35069
CVE-2023-37599An issue in issabel-pbx v.4.0.0-6 allows a remote attacker to obtain sensitive information via the modules directory7.5https://nvd.nist.gov/vuln/detail/CVE-2023-37599
CVE-2023-38286Thymeleaf through 3.1.1.RELEASE, as used in spring-boot-admin (aka Spring Boot Admin) through 3.1.1 and other products, allows sandbox bypass via crafted HTML. This may be relevant for SSTI (Server Side Template Injection) and code execution in spring-boot-admin if MailNotifier is enabled and there is write access to environment variables via the UI.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-38286
CVE-2023-36831An Improper Check or Handling of Exceptional Conditions vulnerability in the UTM (Unified Threat Management) Web-Filtering feature of Juniper Networks Junos OS on SRX Series causes a jbuf memory leak to occur when accessing certain websites, eventually leading to a Denial of Service (DoS) condition. Service restoration is only possible by rebooting the system.\n\nThe jbuf memory leak only occurs in SSL Proxy and UTM Web-Filtering configurations. Other products, platforms, and configurations are not affected by this vulnerability.\n\nThis issue affects Juniper Networks Junos OS on SRX Series:\n22.2 versions prior to 22.2R3;\n22.3 versions prior to 22.3R2-S1, 22.3R3;\n22.4 versions prior to 22.4R1-S2, 22.4R2.\n\nThis issue does not affect Juniper Networks Junos OS versions prior to 22.2R2.\n7.5https://nvd.nist.gov/vuln/detail/CVE-2023-36831
CVE-2023-36832An Improper Handling of Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS on MX Series allows an unauthenticated network-based attacker to send specific packets to an Aggregated Multiservices (AMS) interface on the device, causing the packet forwarding engine (PFE) to crash, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.\n\nThis issue is only triggered by packets destined to a local-interface via a service-interface (AMS). AMS is only supported on the MS-MPC, MS-MIC, and MX-SPC3 cards. This issue is not experienced on other types of interfaces or configurations. Additionally, transit traffic does not trigger this issue.\n\nThis issue affects Juniper Networks Junos OS on MX Series:\nAll versions prior to 19.1R3-S10;\n19.2 versions prior to 19.2R3-S7;\n19.3 versions prior to 19.3R3-S8;\n19.4 versions prior to 19.4R3-S12;\n20.2 versions prior to 20.2R3-S8;\n20.4 versions prior to 20.4R3-S7;\n21.1 versions prior to 21.1R3-S5;\n21.2 versions prior to 21.2R3-S5;\n21.3 versions prior to 21.3R3-S4;\n21.4 versions prior to 21.4R3-S3;\n22.1 versions prior to 22.1R3-S2;\n22.2 versions prior to 22.2R3;\n22.3 versions prior to 22.3R2-S1, 22.3R3;\n22.4 versions prior to 22.4R1-S2, 22.4R2.\n7.5https://nvd.nist.gov/vuln/detail/CVE-2023-36832
CVE-2023-28985An Improper Validation of Syntactic Correctness of Input vulnerability in Intrusion Detection and Prevention (IDP) of Juniper Networks SRX Series and MX Series allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). Continued receipt of this specific packet will cause a sustained Denial of Service condition.\n\nOn all SRX Series and MX Series platforms, where IDP is enabled and a specific malformed SSL packet is received, the SSL detector crashes leading to an FPC core.\n\nThis issue affects Juniper Networks SRX Series and MX Series prior to SigPack 3598.\n\nIn order to identify the current SigPack version, following command can be used:\n\nuser@junos# show security idp security-package-version7.5https://nvd.nist.gov/vuln/detail/CVE-2023-28985
CVE-2023-36835An Improper Check for Unusual or Exceptional Conditions vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on QFX10000 Series allows a network based attacker to cause a Denial of Service (DoS).\n\nIf a specific valid IP packet is received and that packet needs to be routed over a VXLAN tunnel, this will result in a PFE wedge condition due to which traffic gets impacted. As this is not a crash and restart scenario, this condition will persist until the system is rebooted to recover.\n\nThis issue affects Juniper Networks Junos OS on QFX10000:\n20.3 version 20.3R1 and later versions;\n20.4 versions prior to 20.4R3-S5;\n21.1 versions prior to 21.1R3-S5;\n21.2 versions prior to 21.2R3-S5;\n21.3 versions prior to 21.3R3-S4;\n21.4 versions prior to 21.4R3-S1;\n22.1 versions prior to 22.1R3;\n22.2 versions prior to 22.2R2;\n22.3 versions prior to 22.3R1-S2, 22.3R2.\n7.5https://nvd.nist.gov/vuln/detail/CVE-2023-36835
CVE-2023-37474Copyparty is a portable file server. Versions prior to 1.8.2 are subject to a path traversal vulnerability detected in the `.cpr` subfolder. The Path Traversal attack technique allows an attacker access to files, directories, and commands that reside outside the web document root directory. This issue has been addressed in commit `043e3c7d` which has been included in release 1.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-37474
CVE-2023-38325The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-38325
CVE-2023-3633An out-of-bounds write vulnerability in Bitdefender Engines on Windows causes the engine to crash. This issue affects Bitdefender Engines version 7.94791 and lower.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-3633
CVE-2023-37464OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption (JOSE). The AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag provided in the JWE. The spec says that a fixed length of 16 octets must be applied. Therefore this bug allows an attacker to provide a truncated Authentication Tag and to modify the JWE accordingly. Users should upgrade to a version >= 0.6.2.2. Users unable to upgrade should avoid using AES GCM encryption and replace it with another encryption algorithm (e.g. AES CBC).7.5https://nvd.nist.gov/vuln/detail/CVE-2023-37464
CVE-2023-36818Discourse is an open source discussion platform. In affected versions a request to create or update custom sidebar section can cause a denial of service. This issue has been patched in commit `52b003d915`. Users are advised to upgrade. There are no known workarounds for this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-36818
CVE-2023-38337rswag before 2.10.1 allows remote attackers to read arbitrary JSON and YAML files via directory traversal, because rswag-api can expose a file that is not the OpenAPI (or Swagger) specification file of a project.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-38337
CVE-2023-2268Plane version 0.7.1 allows an unauthenticated attacker to view all stored server files of all users.\n7.5https://nvd.nist.gov/vuln/detail/CVE-2023-2268
CVE-2021-31294Redis before 6cbea7d allows a replica to cause an assertion failure in a primary server by sending a non-administrative command (specifically, a SET command). NOTE: this was fixed for Redis 6.2.x and 7.x in 2021. Versions before 6.2 were not intended to have safety guarantees related to this.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-31294
CVE-2023-38379The web interface on the RIGOL MSO5000 digital oscilloscope with firmware 00.01.03.00.03 allows remote attackers to change the admin password via a zero-length pass0 to the webcontrol changepwd.cgi application, i.e., the entered password only needs to match the first zero characters of the saved password.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-38379
CVE-2022-4952A vulnerability has been found in OmniSharp csharp-language-server-protocol up to 0.19.6 and classified as problematic. This vulnerability affects the function CreateSerializerSettings of the file src/JsonRpc/Serialization/SerializerBase.cs of the component JSON Serializer. The manipulation leads to resource consumption. Upgrading to version 0.19.7 is able to address this issue. The patch is identified as 7fd2219f194a9ef2a8901bb131c5fa12272305ce. It is recommended to upgrade the affected component. VDB-234238 is the identifier assigned to this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-4952
CVE-2023-2912Use After Free vulnerability in Secomea SiteManager Embedded allows Obstruction.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-2912
CVE-2023-2959Authentication Bypass by Primary Weakness vulnerability in Oliva Expertise Oliva Expertise EKS allows Collect Data as Provided by Users.This issue affects Oliva Expertise EKS: before 1.2.\n\n7.5https://nvd.nist.gov/vuln/detail/CVE-2023-2959
CVE-2023-3590Mattermost fails to delete card attachments in Boards, allowing an attacker to access deleted attachments.\n\n7.5https://nvd.nist.gov/vuln/detail/CVE-2023-3590
CVE-2021-37386Furukawa Electric LatAm 423-41W/AC before v1.1.4 and LD421-21W before v1.3.3 were discovered to contain an HTML injection vulnerability via the serial number update function.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-37386
CVE-2023-34669TOTOLINK CP300+ V5.2cu.7594 contains a Denial of Service vulnerability in function RebootSystem of the file lib/cste_modules/system which can reboot the system.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-34669
CVE-2023-37475Hamba avro is a go lang encoder/decoder implementation of the avro codec specification. In affected versions a well-crafted string passed to avro's `github.com/hamba/avro/v2.Unmarshal()` can throw a `fatal error: runtime: out of memory` which is unrecoverable and can cause denial of service of the consumer of avro. The root cause of the issue is that avro uses part of the input to `Unmarshal()` to determine the size when creating a new slice and hence an attacker may consume arbitrary amounts of memory which in turn may cause the application to crash. This issue has been addressed in commit `b4a402f4` which has been included in release version `2.13.0`. Users are advised to upgrade. There are no known workarounds for this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-37475
CVE-2023-38405On Crestron 3-Series Control Systems before 1.8001.0187, crafting and sending a specific BACnet packet can cause a crash.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-38405
CVE-2023-37479Open Enclave is a hardware-agnostic open source library for developing applications that utilize Hardware-based Trusted Execution Environments, also known as Enclaves. There are two issues that are mitigated in version 0.19.3. First, Open Enclave SDK does not properly sanitize the `MXCSR` register on enclave entry. This makes applications vulnerable to MXCSR Configuration Dependent Timing (MCDT) attacks, where incorrect `MXCSR` values can impact instruction retirement by at most one cycle, depending on the (secret) data operand value. Please find more details in the guidance from Intel in the references. Second, Open Enclave SDK does not sanitize x86's alignment check flag `RFLAGS.AC` on enclave entry. This opens up the possibility for a side-channel attacker to be notified for every unaligned memory access performed by the enclave. The issue has been addressed in version 0.19.3 and the current master branch. Users will need to recompile their applications against the patched libraries to be protected from this vulnerability. There are no known workarounds for this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-37479
CVE-2023-31998A heap overflow vulnerability found in EdgeRouters and Aircubes allows a malicious actor to interrupt UPnP service to said devices.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-31998
CVE-2023-34142Cleartext Transmission of Sensitive Information vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Server, Device Manager Agent, Host Data Collector components) allows Interception.This issue affects Hitachi Device Manager: before 8.8.5-02.\n\n7.5https://nvd.nist.gov/vuln/detail/CVE-2023-34142
CVE-2023-38434xHTTP 72f812d has a double free in close_connection in xhttp.c via a malformed HTTP request method.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-38434
CVE-2023-3743Ap Page Builder, in versions lower than 1.7.8.2, could allow a remote attacker to send a specially crafted SQL query to the product_one_img parameter to retrieve the information stored in the database.\n7.5https://nvd.nist.gov/vuln/detail/CVE-2023-3743
CVE-2022-41409Integer overflow vulnerability in pcre2test before 10.41 allows attackers to cause a denial of service or other unspecified impacts via negative input.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-41409
CVE-2023-2263\nThe Rockwell Automation Kinetix 5700 DC Bus Power Supply Series A is vulnerable to CIP fuzzing.  The new ENIP connections cannot be established if impacted by this vulnerability,  which prohibits operational capabilities of the device resulting in a denial-of-service attack.\n\n\n7.5https://nvd.nist.gov/vuln/detail/CVE-2023-2263
CVE-2021-4428A vulnerability has been found in what3words Autosuggest Plugin up to 4.0.0 on WordPress and classified as problematic. Affected by this vulnerability is the function enqueue_scripts of the file w3w-autosuggest/public/class-w3w-autosuggest-public.php of the component Setting Handler. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version 4.0.1 is able to address this issue. The patch is named dd59cbac5f86057d6a73b87007c08b8bfa0c32ac. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-234247.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-4428
CVE-2023-33871Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a directory traversal vulnerability that could allow an unauthenticated user to directly access any file outside the webroot.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-33871
CVE-2023-38257Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to an insecure direct object reference vulnerability that could allow an unauthenticated user to view profile information, including user login names and encrypted passwords.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-38257
CVE-2023-28021The BigFix WebUI uses weak cipher suites.\n7.5https://nvd.nist.gov/vuln/detail/CVE-2023-28021
CVE-2023-30383TP-LINK Archer C50v2 Archer C50(US)_V2_160801, TP-LINK Archer C20v1 Archer_C20_V1_150707, and TP-LINK Archer C2v1 Archer_C2_US__V1_170228 were discovered to contain a buffer overflow which may lead to a Denial of Service (DoS) when parsing crafted data.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-30383
CVE-2023-37758D-LINK DIR-815 v1.01 was discovered to contain a buffer overflow via the component /web/captcha.cgi.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-37758
CVE-2023-37788goproxy v1.1 was discovered to contain an issue which can lead to a Denial of service (DoS) via unspecified vectors.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-37788
CVE-2023-22047Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Portal). Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).7.5https://nvd.nist.gov/vuln/detail/CVE-2023-22047
CVE-2021-38933IBM Sterling Connect:Direct for UNIX 1.5 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 210574.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-38933
CVE-2023-26023Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes sensitive information in logs which could lead an attacker to exploit this vulnerability to conduct further attacks. IBM X-Force ID: 247896.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-26023
CVE-2023-26026Planning Analytics Cartridge for Cloud Pak for Data 4.0 exposes sensitive information in logs which could lead an attacker to exploit this vulnerability to conduct further attacks. IBM X-Force ID: 247896.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-26026
CVE-2023-27877IBM Planning Analytics Cartridge for Cloud Pak for Data 4.0 connects to a CouchDB server. An attacker can exploit an insecure password policy to the CouchDB server and collect sensitive information from the database. IBM X-Force ID: 247905.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-27877
CVE-2023-28513IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.3 CD and IBM MQ Appliance 9.2 LTS, 9.3 LTS, 9.2 CD, and 9.2 LTS, under certain configurations, is vulnerable to a denial of service attack caused by an error processing messages. IBM X-Force ID: 250397.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-28513
CVE-2023-3761A vulnerability was found in Intergard SGS 8.7.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Password Change Handler. The manipulation leads to cleartext transmission of sensitive information. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. VDB-234446 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-3761
CVE-2023-3762A vulnerability was found in Intergard SGS 8.7.0. It has been classified as problematic. This affects an unknown part. The manipulation leads to cleartext storage of sensitive information in memory. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-234447. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-3762
CVE-2023-3763A vulnerability was found in Intergard SGS 8.7.0. It has been declared as problematic. This vulnerability affects unknown code of the component SQL Query Handler. The manipulation leads to cleartext transmission of sensitive information. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-234448. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-3763
CVE-2023-25838\nThere is SQL injection vulnerability in Esri ArcGIS Insights 2022.1 for ArcGIS Enterprise and that may allow a remote, authorized attacker to execute arbitrary SQL commands against the back-end database. The effort required to generate the crafted input required to exploit this issue is complex and requires significant effort before a successful attack can be expected.\n\n7.5https://nvd.nist.gov/vuln/detail/CVE-2023-25838
CVE-2023-37276aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. aiohttp v3.8.4 and earlier are bundled with llhttp v6.0.6. Vulnerable code is used by aiohttp for its HTTP request parser when available which is the default case when installing from a wheel. This vulnerability only affects users of aiohttp as an HTTP server (ie `aiohttp.Application`), you are not affected by this vulnerability if you are using aiohttp as an HTTP client library (ie `aiohttp.ClientSession`). Sending a crafted HTTP request will cause the server to misinterpret one of the HTTP header values leading to HTTP request smuggling. This issue has been addressed in version 3.8.5. Users are advised to upgrade. Users unable to upgrade can reinstall aiohttp using `AIOHTTP_NO_EXTENSIONS=1` as an environment variable to disable the llhttp HTTP request parser implementation. The pure Python implementation isn't vulnerable.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-37276
CVE-2023-37899Feathersjs is a framework for creating web APIs and real-time applications with TypeScript or JavaScript. Feathers socket handler did not catch invalid string conversion errors like `const message = ${{ toString: '' }}` which would cause the NodeJS process to crash when sending an unexpected Socket.io message like `socket.emit('find', { toString: '' })`. A fix has been released in versions 5.0.8 and 4.5.18. Users are advised to upgrade. There is no known workaround for this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-37899
CVE-2023-32657\n\n\nWeintek Weincloud v0.13.6\n\n \n\ncould allow an attacker to efficiently develop a brute force attack on credentials with authentication hints from error message responses.\n\n\n\n\n\n\n\n7.5https://nvd.nist.gov/vuln/detail/CVE-2023-32657
CVE-2023-34429\n\n\nWeintek Weincloud v0.13.6\n\n \n\ncould allow an attacker to cause a denial-of-service condition for Weincloud by sending a forged JWT token.\n\n\n\n\n\n\n\n\n\n7.5https://nvd.nist.gov/vuln/detail/CVE-2023-34429
CVE-2023-37290\nInfoDoc Document On-line Submission and Approval System lacks sufficient restrictions on the available tags within its HTML to PDF conversion function, and allowing an unauthenticated attackers to load remote or local resources through HTML tags such as iframe. This vulnerability allows unauthenticated remote attackers to perform Server-Side Request Forgery (SSRF) attacks, gaining unauthorized access to arbitrary system files and uncovering the internal network topology.\n\n\n\n7.5https://nvd.nist.gov/vuln/detail/CVE-2023-37290
CVE-2022-2127An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c. When performing NTLM authentication, the client replies to cryptographic challenges back to the server. These replies have variable lengths, and Winbind fails to check the lan manager response length. When Winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in Winbind, possibly resulting in a crash.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-2127
CVE-2023-34966An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not validate a field in the network packet that contains the count of elements in an array-like structure. By passing 0 as the count value, the attacked function will run in an endless loop consuming 100% CPU. This flaw allows an attacker to issue a malformed RPC request, triggering an infinite loop, resulting in a denial of service condition.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-34966
CVE-2023-31461Attackers can exploit an open API listener on SteelSeries GG 36.0.0 to create a sub-application that will be executed automatically from a controlled location, because of a path traversal vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-31461
CVE-2023-37601Office Suite Premium v10.9.1.42602 was discovered to contain a local file inclusion (LFI) vulnerability via the component /etc/hosts.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-37601
CVE-2023-30200In the module “Image: WebP, Compress, Zoom, Lazy load, Alt & More” (ultimateimagetool) in versions up to 2.1.02 from Advanced Plugins for PrestaShop, a guest can download personal informations without restriction by performing a path traversal attack.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-30200
CVE-2023-37649Incorrect access control in the component /models/Content of Cockpit CMS v2.5.2 allows unauthorized attackers to access sensitive data.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-37649
CVE-2023-3813The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file downloads in versions up to, and including, 2.5.0. This makes it possible for unauthenticated attackers to download the contents of arbitrary files on the server, which can contain sensitive information. The requires the premium version of the plugin to be activated.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-3813
CVE-2023-36339An access control issue in WebBoss.io CMS v3.7.0.1 allows attackers to access the Website Backup Tool via a crafted GET request.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-36339
CVE-2023-35077An out-of-bounds write vulnerability on windows operating systems causes the Ivanti AntiVirus Product to crash. Update to Ivanti AV Product version 7.9.1.285 or above.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-35077
CVE-2023-37915OpenDDS is an open source C++ implementation of the Object Management Group (OMG) Data Distribution Service (DDS). OpenDDS crashes while parsing a malformed `PID_PROPERTY_LIST` in a DATA submessage during participant discovery. Attackers can remotely crash OpenDDS processes by sending a DATA submessage containing the malformed parameter to the known multicast port. This issue has been addressed in version 3.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-37915
CVE-2023-37916KubePi is an opensource kubernetes management panel. The endpoint /kubepi/api/v1/users/search?pageNum=1&&pageSize=10 leak password hash of any user (including admin). A sufficiently motivated attacker may be able to crack leaded password hashes. This issue has been addressed in version 1.6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-37916
CVE-2023-37918Dapr is a portable, event-driven, runtime for building distributed applications across cloud and edge. A vulnerability has been found in Dapr that allows bypassing API token authentication, which is used by the Dapr sidecar to authenticate calls coming from the application, with a well-crafted HTTP request. Users who leverage API token authentication are encouraged to upgrade Dapr to 1.10.9 or to 1.11.2. This vulnerability impacts Dapr users who have configured API token authentication. An attacker could craft a request that is always allowed by the Dapr sidecar over HTTP, even if the `dapr-api-token` in the request is invalid or missing. The issue has been fixed in Dapr 1.10.9 or to 1.11.2. There are no known workarounds for this vulnerability.\n7.5https://nvd.nist.gov/vuln/detail/CVE-2023-37918
CVE-2023-38633A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-38633
CVE-2023-3417Thunderbird allowed the Text Direction Override Unicode Character in filenames. An email attachment could be incorrectly shown as being a document file, while in fact it was an executable file. Newer versions of Thunderbird will strip the character and show the correct file extension. This vulnerability affects Thunderbird < 115.0.1 and Thunderbird < 102.13.1.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-3417
CVE-2023-38200A flaw was found in Keylime. Due to their blocking nature, the Keylime registrar is subject to a remote denial of service against its SSL connections. This flaw allows an attacker to exhaust all available connections.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-38200
CVE-2023-3324\nA vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted\nprograms to exploit the vulnerabilities by allowing them to run on the zenon installed hosts.\nThis issue affects ABB Ability™ zenon: from 11 build through 11 build 106404.\n\n\n\n7.5https://nvd.nist.gov/vuln/detail/CVE-2023-3324
CVE-2023-3871A vulnerability classified as critical has been found in Campcodes Beauty Salon Management System 1.0. This affects an unknown part of the file /admin/edit_category.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-235233 was assigned to this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-3871
CVE-2023-3872A vulnerability classified as critical was found in Campcodes Beauty Salon Management System 1.0. This vulnerability affects unknown code of the file /admin/edit-services.php. The manipulation of the argument editid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-235234 is the identifier assigned to this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-3872
CVE-2023-22363\nA stack-based buffer overflow in the Command Centre Server allows an attacker to cause a denial of service attack via assigning cardholders to an Access Group.\n\nThis issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 (MR2)\n\n7.5https://nvd.nist.gov/vuln/detail/CVE-2023-22363
CVE-2023-3873A vulnerability, which was classified as critical, has been found in Campcodes Beauty Salon Management System 1.0. This issue affects some unknown processing of the file /admin/index.php. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235235.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-3873
CVE-2023-3874A vulnerability, which was classified as critical, was found in Campcodes Beauty Salon Management System 1.0. Affected is an unknown function of the file /admin/admin-profile.php. The manipulation of the argument adminname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235236.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-3874
CVE-2023-3875A vulnerability has been found in Campcodes Beauty Salon Management System 0.1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/del_feedback.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-235237 was assigned to this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-3875
CVE-2023-3876A vulnerability was found in Campcodes Beauty Salon Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/search-appointment.php. The manipulation of the argument searchdata leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-235238 is the identifier assigned to this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-3876
CVE-2023-3877A vulnerability was found in Campcodes Beauty Salon Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/add-services.php. The manipulation of the argument cost leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235239.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-3877
CVE-2023-3878A vulnerability was found in Campcodes Beauty Salon Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/about-us.php. The manipulation of the argument pagedes leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235240.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-3878
CVE-2023-3879A vulnerability was found in Campcodes Beauty Salon Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/del_category.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-235241 was assigned to this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-3879
CVE-2023-3880A vulnerability classified as critical has been found in Campcodes Beauty Salon Management System 1.0. Affected is an unknown function of the file /admin/del_service.php. The manipulation of the argument editid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-235242 is the identifier assigned to this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-3880
CVE-2023-3881A vulnerability classified as critical was found in Campcodes Beauty Salon Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/forgot-password.php. The manipulation of the argument contactno leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235243.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-3881
CVE-2023-3882A vulnerability, which was classified as critical, has been found in Campcodes Beauty Salon Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/edit-accepted-appointment.php. The manipulation of the argument contactno leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235244.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-3882
CVE-2023-3486An authentication bypass exists in PaperCut NG versions 22.0.12 and prior that could allow a remote, unauthenticated attacker to upload arbitrary files to the PaperCut NG host’s file storage. This could exhaust system resources and prevent the service from operating as expected.\n7.5https://nvd.nist.gov/vuln/detail/CVE-2023-3486
CVE-2023-39174In JetBrains TeamCity before 2023.05.2 a ReDoS attack was possible via integration with issue trackers7.5https://nvd.nist.gov/vuln/detail/CVE-2023-39174
CVE-2022-46899An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Arbitrary File Upload. The BaseController class, that each of the service controllers derives from, allows for the upload of arbitrary files. If the HTTP request is a multipart/form-data POST request, any parameters with a filename entry will have their content written to a file in the Vocera upload-staging directory with the specified filename in the parameter.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-46899
CVE-2022-46901An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is an Access Control Violation for Database Operations. The Vocera Report Console contains a websocket interface that allows for the unauthenticated execution of various tasks and database functions. This includes system tasks, and backing up, loading, and clearing of the database.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-46901
CVE-2023-38670Null pointer dereference in paddle.flip in PaddlePaddle before 2.5.0. This resulted in a runtime crash and denial of service.\n7.5https://nvd.nist.gov/vuln/detail/CVE-2023-38670
CVE-2023-38672FPE in paddle.trace in PaddlePaddle before 2.5.0. This flaw can cause a runtime crash and a denial of service.\n7.5https://nvd.nist.gov/vuln/detail/CVE-2023-38672
CVE-2023-34358ASUS RT-AX88U's httpd is subject to an unauthenticated DoS condition. A remote attacker can send a specially crafted request to a device which contains a specific user agent, causing the httpd binary to crash during a string comparison performed within web.c, resulting in a DoS condition.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-34358
CVE-2023-34359ASUS RT-AX88U's httpd is subject to an unauthenticated DoS condition. A remote attacker can send a specially crafted request to the device which causes the httpd binary to crash within the "do_json_decode()" function of ej.c, resulting in a DoS condition.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-34359
CVE-2021-31949Microsoft Outlook Remote Code Execution Vulnerability7.3https://nvd.nist.gov/vuln/detail/CVE-2021-31949
CVE-2023-3670In CODESYS Development System 3.5.9.0 to 3.5.17.0 and CODESYS Scripting 4.0.0.0 to 4.1.0.0 unsafe directory permissions would allow an attacker with local access to the workstation to place potentially harmful and disguised scripts that could be executed by legitimate users.7.3https://nvd.nist.gov/vuln/detail/CVE-2023-3670
CVE-2021-31966Microsoft SharePoint Server Remote Code Execution Vulnerability7.2https://nvd.nist.gov/vuln/detail/CVE-2021-31966
CVE-2021-40469Windows DNS Server Remote Code Execution Vulnerability7.2https://nvd.nist.gov/vuln/detail/CVE-2021-40469
CVE-2023-3668Improper Encoding or Escaping of Output in GitHub repository froxlor/froxlor prior to 2.0.21.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-3668
CVE-2023-3673SQL Injection in GitHub repository pimcore/pimcore prior to 10.5.24.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-3673
CVE-2023-3692Unrestricted Upload of File with Dangerous Type in GitHub repository admidio/admidio prior to 4.2.10.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-3692
CVE-2023-3459The Export and Import Users and Customers plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'hf_update_customer' function called via an AJAX action in versions up to, and including, 2.4.1. This makes it possible for authenticated attackers, with shop manager-level permissions to change user passwords and potentially take over administrator accounts.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-3459
CVE-2023-30799MikroTik RouterOS stable before 6.49.7 and long-term through 6.48.6 are vulnerable to a privilege escalation issue. A remote and authenticated attacker can escalate privileges from admin to super-admin on the Winbox or HTTP interface. The attacker can abuse this vulnerability to execute arbitrary code on the system.\n\n7.2https://nvd.nist.gov/vuln/detail/CVE-2023-30799
CVE-2023-3820SQL Injection in GitHub repository pimcore/pimcore prior to 10.6.4.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-3820
CVE-2023-3839A vulnerability, which was classified as problematic, has been found in DedeBIZ 6.2.10. Affected by this issue is some unknown functionality of the file /admin/sys_sql_query.php. The manipulation of the argument sqlquery leads to sql injection. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. VDB-235190 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-3839
CVE-2023-3852A vulnerability was found in OpenRapid RapidCMS up to 1.3.1. It has been declared as critical. This vulnerability affects unknown code of the file /admin/upload.php. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 4dff387283060961c362d50105ff8da8ea40bcbe. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-235204.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-3852
CVE-2023-38056Improper Neutralization of commands allowed to be executed via OTRS System Configuration e.g. SchedulerCronTaskModule using UnitTests modules allows any authenticated attacker with admin privileges local execution of Code.This issue affects OTRS: from 7.0.X before 7.0.45, from 8.0.X before 8.0.35; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.\n\n7.2https://nvd.nist.gov/vuln/detail/CVE-2023-38056
CVE-2023-2761The User Activity Log WordPress plugin before 1.6.3 does not properly sanitise and escape the `txtsearch` parameter before using it in a SQL statement in some admin pages, leading to a SQL injection exploitable by high privilege users such as admin.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-2761
CVE-2023-23844The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-23844
CVE-2021-26420Microsoft SharePoint Server Remote Code Execution Vulnerability7.1https://nvd.nist.gov/vuln/detail/CVE-2021-26420
CVE-2021-31963Microsoft SharePoint Server Remote Code Execution Vulnerability7.1https://nvd.nist.gov/vuln/detail/CVE-2021-31963
CVE-2021-40481Microsoft Office Visio Remote Code Execution Vulnerability7.1https://nvd.nist.gov/vuln/detail/CVE-2021-40481
CVE-2023-1380A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. This issue could occur when assoc_info->req_len data is bigger than the size of the buffer, defined as WL_EXTRA_BUF_MAX, leading to a denial of service.7.1https://nvd.nist.gov/vuln/detail/CVE-2023-1380
CVE-2023-27968A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory.7.1https://nvd.nist.gov/vuln/detail/CVE-2023-27968
CVE-2023-3141A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak.7.1https://nvd.nist.gov/vuln/detail/CVE-2023-3141
CVE-2023-3268An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information.7.1https://nvd.nist.gov/vuln/detail/CVE-2023-3268
CVE-2023-34241OpenPrinting CUPS is a standards-based, open source printing system for Linux and other Unix-like operating systems. Starting in version 2.0.0 and prior to version 2.4.6, CUPS logs data of free memory to the logging service AFTER the connection has been closed, when it should have logged the data right before. This is a use-after-free bug that impacts the entire cupsd process.\n\nThe exact cause of this issue is the function `httpClose(con->http)` being called in `scheduler/client.c`. The problem is that httpClose always, provided its argument is not null, frees the pointer at the end of the call, only for cupsdLogClient to pass the pointer to httpGetHostname. This issue happens in function `cupsdAcceptClient` if LogLevel is warn or higher and in two scenarios: there is a double-lookup for the IP Address (HostNameLookups Double is set in `cupsd.conf`) which fails to resolve, or if CUPS is compiled with TCP wrappers and the connection is refused by rules from `/etc/hosts.allow` and `/etc/hosts.deny`.\n\nVersion 2.4.6 has a patch for this issue.7.1https://nvd.nist.gov/vuln/detail/CVE-2023-34241
CVE-2023-32357An authorization issue was addressed with improved state management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to retain access to system configuration files even after its permission is revoked.7.1https://nvd.nist.gov/vuln/detail/CVE-2023-32357
CVE-2023-32420An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to cause unexpected system termination or read kernel memory.7.1https://nvd.nist.gov/vuln/detail/CVE-2023-32420
CVE-2020-23909Heap-based buffer over-read in function png_convert_4 in file pngex.cc in AdvanceMAME through 2.1.7.1https://nvd.nist.gov/vuln/detail/CVE-2020-23909
CVE-2020-29369An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. There is a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe.7https://nvd.nist.gov/vuln/detail/CVE-2020-29369
CVE-2021-23133A race condition in Linux kernel SCTP sockets (net/sctp/socket.c) before 5.12-rc8 can lead to kernel privilege escalation from the context of a network service or an unprivileged process. If sctp_destroy_sock is called without sock_net(sk)->sctp.addr_wq_lock then an element is removed from the auto_asconf_splist list without any proper locking. This can be exploited by an attacker with network service privileges to escalate to root or from the context of an unprivileged user directly if a BPF_CGROUP_INET_SOCK_CREATE is attached which denies creation of some SCTP socket.7https://nvd.nist.gov/vuln/detail/CVE-2021-23133
CVE-2020-25668A flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op.7https://nvd.nist.gov/vuln/detail/CVE-2020-25668
CVE-2021-26442Windows HTTP.sys Elevation of Privilege Vulnerability7https://nvd.nist.gov/vuln/detail/CVE-2021-26442
CVE-2021-41334Windows Desktop Bridge Elevation of Privilege Vulnerability7https://nvd.nist.gov/vuln/detail/CVE-2021-41334
CVE-2023-35823An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c.7https://nvd.nist.gov/vuln/detail/CVE-2023-35823
CVE-2023-35824An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105_remove in drivers/media/pci/dm1105/dm1105.c.7https://nvd.nist.gov/vuln/detail/CVE-2023-35824
CVE-2023-35828An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c.7https://nvd.nist.gov/vuln/detail/CVE-2023-35828
CVE-2023-32413A race condition was addressed with improved state handling. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to gain root privileges.7https://nvd.nist.gov/vuln/detail/CVE-2023-32413
CVE-2023-1295A time-of-check to time-of-use issue exists in io_uring subsystem's IORING_OP_CLOSE operation in the Linux kernel's versions 5.6 - 5.11 (inclusive), which allows a local user to elevate their privileges to root. Introduced in b5dba59e0cf7e2cc4d3b3b1ac5fe81ddf21959eb, patched in 9eac1904d3364254d622bf2c771c4f85cd435fc2, backported to stable in 788d0824269bef539fe31a785b1517882eafed93.7https://nvd.nist.gov/vuln/detail/CVE-2023-1295
CVE-2023-25839\nThere is SQL injection vulnerability in Esri ArcGIS Insights Desktop for Mac and Windows version 2022.1 that may allow a local, authorized attacker to execute arbitrary SQL commands against the back-end database. The effort required to generate the crafted input required to exploit this issue is complex and requires significant effort before a successful attack can be expected.\n\n7https://nvd.nist.gov/vuln/detail/CVE-2023-25839
CVE-2022-21951A Cleartext Transmission of Sensitive Information vulnerability in SUSE Rancher, Rancher allows attackers on the network to read and change network data due to missing encryption of data transmitted via the network when a cluster is created from an RKE template with the CNI value overridden This issue affects: SUSE Rancher Rancher versions prior to 2.5.14; Rancher versions prior to 2.6.5.\n\n6.8https://nvd.nist.gov/vuln/detail/CVE-2022-21951
CVE-2023-2002A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hci_sock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth communication.6.8https://nvd.nist.gov/vuln/detail/CVE-2023-2002
CVE-2023-35818An issue was discovered on Espressif ESP32 3.0 (ESP32_rev300 ROM) devices. An EMFI attack on ECO3 provides the attacker with a capability to influence the PC value at the CPU context level, regardless of Secure Boot and Flash Encryption status. By using this capability, the attacker can exploit another behavior in the chip to gain unauthorized access to the ROM download mode. Access to ROM download mode may be further exploited to read the encrypted flash content in cleartext format or execute stub code.6.8https://nvd.nist.gov/vuln/detail/CVE-2023-35818
CVE-2023-3527A CSV injection vulnerability was found in the Avaya Call Management System (CMS) Supervisor web application which allows a user with administrative privileges to input crafted data which, when exported to a CSV file, may attempt arbitrary command execution on the system used to open the file by a spreadsheet software \n\nsuch as Microsoft Excel.\n\n \n\n6.8https://nvd.nist.gov/vuln/detail/CVE-2023-3527
CVE-2023-3786A vulnerability classified as problematic has been found in Aures Komet up to 20230509. This affects an unknown part of the component Kiosk Mode. The manipulation leads to improper access controls. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The identifier VDB-235053 was assigned to this vulnerability.6.8https://nvd.nist.gov/vuln/detail/CVE-2023-3786
CVE-2020-27777A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel.6.7https://nvd.nist.gov/vuln/detail/CVE-2020-27777
CVE-2020-36158mwifiex_cmd_802_11_ad_hoc_start in drivers/net/wireless/marvell/mwifiex/join.c in the Linux kernel through 5.10.4 might allow remote attackers to execute arbitrary code via a long SSID value, aka CID-5c455c5ab332.6.7https://nvd.nist.gov/vuln/detail/CVE-2020-36158
CVE-2020-35499A NULL pointer dereference flaw in Linux kernel versions prior to 5.11 may be seen if sco_sock_getsockopt function in net/bluetooth/sco.c do not have a sanity check for a socket connection, when using BT_SNDMTU/BT_RCVMTU for SCO sockets. This could allow a local attacker with a special user privilege to crash the system (DOS) or leak kernel internal information.6.7https://nvd.nist.gov/vuln/detail/CVE-2020-35499
CVE-2021-20292There is a flaw reported in the Linux kernel in versions before 5.9 in drivers/gpu/drm/nouveau/nouveau_sgdma.c in nouveau_sgdma_create_ttm in Nouveau DRM subsystem. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker with a local account with a root privilege, can leverage this vulnerability to escalate privileges and execute code in the context of the kernel.6.7https://nvd.nist.gov/vuln/detail/CVE-2021-20292
CVE-2023-27933The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4. An app with root privileges may be able to execute arbitrary code with kernel privileges.6.7https://nvd.nist.gov/vuln/detail/CVE-2023-27933
CVE-2023-35012IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 with a Federated configuration is vulnerable to a stack-based buffer overflow, caused by improper bounds checking. A local user with SYSADM privileges could overflow the buffer and execute arbitrary code on the system. IBM X-Force ID: 257763.6.7https://nvd.nist.gov/vuln/detail/CVE-2023-35012
CVE-2021-43072A buffer copy without checking size of input ('classic buffer overflow') in Fortinet FortiAnalyzer version 7.0.2 and below, version 6.4.7 and below, version 6.2.9 and below, version 6.0.11 and below, version 5.6.11 and below, FortiManager version 7.0.2 and below, version 6.4.7 and below, version 6.2.9 and below, version 6.0.11 and below, version 5.6.11 and below, FortiOS version 7.0.0 through 7.0.4, 6.4.0 through 6.4.8, 6.2.0 through 6.2.10, 6.0.x and FortiProxy version 7.0.0 through 7.0.3, 2.0.0 through 2.0.8, 1.2.x, 1.1.x and 1.0.x allows attacker to execute unauthorized code or commands via crafted CLI `execute restore image` and `execute certificate remote` operations with the tFTP protocol.6.7https://nvd.nist.gov/vuln/detail/CVE-2021-43072
CVE-2023-33144Visual Studio Code Spoofing Vulnerability6.6https://nvd.nist.gov/vuln/detail/CVE-2023-33144
CVE-2023-3800A vulnerability was found in EasyAdmin8 2.0.2.2. It has been classified as problematic. Affected is an unknown function of the file /admin/index/index.html#/admin/mall.goods/index.html of the component File Upload Module. The manipulation leads to unrestricted upload. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235068. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.6.6https://nvd.nist.gov/vuln/detail/CVE-2023-3800
CVE-2021-40460Windows Remote Procedure Call Runtime Security Feature Bypass Vulnerability6.5https://nvd.nist.gov/vuln/detail/CVE-2021-40460
CVE-2021-41332Windows Print Spooler Information Disclosure Vulnerability6.5https://nvd.nist.gov/vuln/detail/CVE-2021-41332
CVE-2021-41350Microsoft Exchange Server Spoofing Vulnerability6.5https://nvd.nist.gov/vuln/detail/CVE-2021-41350
CVE-2023-23512The issue was addressed with improved handling of caches. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. Visiting a website may lead to an app denial-of-service.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-23512
CVE-2023-30456An issue was discovered in arch/x86/kvm/vmx/nested.c in the Linux kernel before 6.2.8. nVMX on x86_64 lacks consistency checks for CR0 and CR4.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-30456
CVE-2023-23528An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in tvOS 16.4, iOS 16.4 and iPadOS 16.4. Processing a maliciously crafted Bluetooth packet may result in disclosure of process memory.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-23528
CVE-2023-27954The issue was addressed by removing origin information. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4. A website may be able to track sensitive user information.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-27954
CVE-2023-28180A denial-of-service issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. A user in a privileged network position may be able to cause a denial-of-service.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-28180
CVE-2023-28182The issue was addressed with improved authentication. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. A user in a privileged network position may be able to spoof a VPN server that is configured with EAP-only authentication on a device.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-28182
CVE-2023-2886Missing Origin Validation in WebSockets vulnerability in CBOT Chatbot allows Content Spoofing Via Application API Manipulation.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.\n\n6.5https://nvd.nist.gov/vuln/detail/CVE-2023-2886
CVE-2023-33460There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. which will cause out-of-memory in server and cause crash.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-33460
CVE-2023-3316A NULL pointer dereference in TIFFClose() is caused by a failure to open an output file (non-existent path or a path that requires permissions like /dev/null) while specifying zones.\n\n6.5https://nvd.nist.gov/vuln/detail/CVE-2023-3316
CVE-2023-28204An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information. Apple is aware of a report that this issue may have been actively exploited.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-28204
CVE-2023-32402An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-32402
CVE-2023-32423A buffer overflow issue was addressed with improved memory handling. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, Safari 16.5, iOS 16.5 and iPadOS 16.5. Processing web content may disclose sensitive information.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-32423
CVE-2023-29256IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to an information disclosure due to improper privilege management when certain federation features are used. IBM X-Force ID: 252046.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-29256
CVE-2023-36543Apache Airflow, versions before 2.6.3, has a vulnerability where an authenticated user can use crafted input to make the current request hang. It is recommended to upgrade to a version that is not affected6.5https://nvd.nist.gov/vuln/detail/CVE-2023-36543
CVE-2023-3618A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-3618
CVE-2023-37849A DLL hijacking vulnerability in Panda Security VPN for Windows prior to version v15.14.8 allows attackers to execute arbitrary code via placing a crafted DLL file in the same directory as PANDAVPN.exe.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-37849
CVE-2023-37836libjpeg commit db33a6e was discovered to contain a reachable assertion via BitMapHook::BitMapHook at bitmaphook.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-37836
CVE-2023-37837libjpeg commit db33a6e was discovered to contain a heap buffer overflow via LineBitmapRequester::EncodeRegion at linebitmaprequester.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted file.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-37837
CVE-2023-36833A Use After Free vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS Evolved on PTX10001-36MR, and PTX10004, PTX10008, PTX10016 with LC1201/1202 allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS).\n\nThe process 'aftman-bt' will crash after multiple flaps on a multicast-only fast reroute (MoFRR) enabled interface. This will cause the respective FPC to stop forwarding traffic and it needs to be rebooted to restore the service.\n\nAn indication that the system experienced this issue is the following log message:\n\n  <date> <hostname> evo-aftmand-bt[<pid>]: [Error] jexpr_fdb: sanity check failed, ... , app_name L3 Mcast Routes\n\n\n\n\nThis issue affects Juniper Networks Junos OS Evolved on PTX10001-36MR, PTX10004, PTX10008, PTX10016 with LC1201/1202:\n21.2 version 21.2R1-EVO and later versions;\n21.3 version 21.3R1-EVO and later versions;\n21.4 versions prior to 21.4R3-S3-EVO;\n22.1 version 22.1R1-EVO and later versions;\n22.2 versions prior to 22.2R3-S2-EVO;\n22.3 versions prior to 22.3R3-EVO;\n22.4 versions prior to 22.4R1-S2-EVO, 22.4R2-EVO.\n\n\n\n6.5https://nvd.nist.gov/vuln/detail/CVE-2023-36833
CVE-2023-32759An issue in Archer Platform before v.6.13 and fixed in 6.12.0.6 and 6.13.0 allows an authenticated attacker to obtain sensitive information via a crafted URL.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-32759
CVE-2023-32760An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to obtain sensitive information via API calls related to data feeds and data publication.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-32760
CVE-2023-36834An Incomplete Internal State Distinction vulnerability in the packet forwarding engine (PFE) of Juniper Networks Junos OS on SRX 4600 and SRX 5000 Series allows an adjacent attacker to cause a Denial of Service (DoS).\n\nIf an SRX is configured in L2 transparent mode the receipt of a specific genuine packet can cause a single Packet Processing Engines (PPE) component of the PFE to run into a loop, which in turn will render the PPE unavailable. Each packet will cause one PPE to get into a loop, leading to a gradual performance degradation until all PPEs are unavailable and all traffic processing stops. To recover the affected FPC need to be restarted.\n\nThis issue affects Juniper Networks Junos OS on SRX 4600 and SRX 5000 Series:\n20.1 version 20.1R1 and later versions;\n20.2 versions prior to 20.2R3-S7;\n20.3 version 20.3R1 and later versions;\n20.4 versions prior to 20.4R3-S7;\n21.1 versions prior to 21.1R3-S5;\n21.2 versions prior to 21.2R3-S3;\n21.3 versions prior to 21.3R3-S3;\n21.4 versions prior to 21.4R3-S1;\n22.1 versions prior to 22.1R3;\n22.2 versions prior to 22.2R2;\n22.3 versions prior to 22.3R1-S1, 22.3R2.\n6.5https://nvd.nist.gov/vuln/detail/CVE-2023-36834
CVE-2023-36848An Improper Handling of Undefined Values vulnerability in the periodic packet management daemon (PPMD) of Juniper Networks Junos OS on MX Series(except MPC10, MPC11 and LC9600) allows an unauthenticated adjacent attacker to cause a Denial of Service (DoS).\n\nWhen a malformed CFM packet is received, it leads to an FPC crash. Continued receipt of these packets causes a sustained denial of service. This vulnerability occurs only when CFM has been configured on the interface.\n\nThis issue affects Juniper Networks Junos OS:\nversions prior to 19.1R3-S10 on MX Series;\n19.2 versions prior to 19.2R3-S7 on MX Series;\n19.3 versions prior to 19.3R3-S8 on MX Series;\n19.4 versions prior to 19.4R3-S12 on MX Series;\n20.1 version 20.1R1 and later versions on MX Series;\n20.2 versions prior to 20.2R3-S8 on MX Series;\n20.3 version 20.3R1 and later versions on MX Series;\n20.4 versions prior to 20.4R3-S7 on MX Series;\n21.1 versions prior to 21.1R3-S5 on MX Series;\n21.2 versions prior to 21.2R3-S5 on MX Series;\n21.3 versions prior to 21.3R3-S4 on MX Series;\n21.4 versions prior to 21.4R3-S4 on MX Series;\n22.1 versions prior to 22.1R3-S3 on MX Series;\n22.2 versions prior to 22.2R3-S1 on MX Series;\n22.3 versions prior to 22.3R3 on MX Series;\n22.4 versions prior to 22.4R1-S2, 22.4R2 on MX Series.\n6.5https://nvd.nist.gov/vuln/detail/CVE-2023-36848
CVE-2023-36849An Improper Check or Handling of Exceptional Conditions vulnerability in the Layer-2 control protocols daemon (l2cpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker to cause a Denial of Service (DoS).\n\nWhen a malformed LLDP packet is received, l2cpd will crash and restart. The impact of the l2cpd crash is reinitialization of STP protocols (RSTP, MSTP or VSTP), and MVRP and ERP. Also, if any services depend on LLDP state (like PoE or VoIP device recognition), then these will also be affected. Continued receipt of such packets will lead to a sustained Denial of Service.\n\nThis issue affects:\nJuniper Networks Junos OS\n21.4 versions prior to 21.4R3-S3;\n22.1 versions prior to 22.1R3-S3;\n22.2 versions prior to 22.2R2-S1, 22.2R3;\n22.3 versions prior to 22.3R2.\n\nJuniper Networks Junos OS Evolved\n21.4-EVO versions prior to 21.4R3-S2-EVO;\n22.1-EVO versions prior to 22.1R3-S3-EVO;\n22.2-EVO versions prior to 22.2R2-S1-EVO, 22.2R3-EVO;\n22.3-EVO versions prior to 22.3R2-EVO.\n6.5https://nvd.nist.gov/vuln/detail/CVE-2023-36849
CVE-2023-36850An Improper Validation of Specified Index, Position, or Offset in Input vulnerability in the Connectivity Fault Management(CFM) module of Juniper Networks Junos OS on MX Series(except MPC10, MPC11 and LC9600) allows an adjacent attacker on the local broadcast domain to cause a Denial of Service(DoS).\n\nUpon receiving a malformed CFM packet, the MPC crashes. Continued receipt of these packets causes a sustained denial of service. This issue can only be triggered when CFM hasn't been configured.\n\nThis issue affects:\nJuniper Networks Junos OS\nAll versions prior to 19.1R3-S10 on MX Series;\n19.2 versions prior to 19.2R3-S7 on MX Series;\n19.3 versions prior to 19.3R3-S8 on MX Series;\n19.4 versions prior to 19.4R3-S12 on MX Series;\n20.1 version 20.1R1 and later versions on MX Series;\n20.2 versions prior to 20.2R3-S7 on MX Series;\n20.3 version 20.3R1 and later versions on MX Series;\n20.4 versions prior to 20.4R3-S7 on MX Series;\n21.1 versions prior to 21.1R3-S5 on MX Series;\n21.2 versions prior to 21.2R3-S4 on MX Series;\n21.3 versions prior to 21.3R3-S4 on MX Series;\n21.4 versions prior to 21.4R3-S3 on MX Series;\n22.1 versions prior to 22.1R3-S2 on MX Series;\n22.2 versions prior to 22.2R3 on MX Series;\n22.3 versions prior to 22.3R2, 22.3R3 on MX Series;\n22.4 versions prior to 22.4R2 on MX Series.\n6.5https://nvd.nist.gov/vuln/detail/CVE-2023-36850
CVE-2023-37472Knowage is an open source suite for business analytics. The application often use user supplied data to create HQL queries without prior sanitization. An attacker can create specially crafted HQL queries that will break subsequent SQL queries generated by the Hibernate engine. The endpoint `_/knowage/restful-services/2.0/documents/listDocument_` calls the `_countBIObjects_` method of the `_BIObjectDAOHibImpl_` object with the user supplied `_label_` parameter without prior sanitization. This can lead to SQL injection in the backing database. Other injections have been identified in the application as well. An authenticated attacker with low privileges could leverage this vulnerability in order to retrieve sensitive information from the database, such as account credentials or business information. This issue has been addressed in version 8.1.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-37472
CVE-2023-34236Weave GitOps Terraform Controller (aka Weave TF-controller) is a controller for Flux to reconcile Terraform resources in a GitOps way. A vulnerability has been identified in Weave GitOps Terraform Controller which could allow an authenticated remote attacker to view sensitive information. This vulnerability stems from Weave GitOps Terraform Runners (`tf-runner`), where sensitive data is inadvertently printed - potentially revealing sensitive user data in their pod logs. In particular, functions `tfexec.ShowPlan`, `tfexec.ShowPlanRaw`, and `tfexec.Output` are implicated when the `tfexec` object set its `Stdout` and `Stderr` to be `os.Stdout` and `os.Stderr`. An unauthorized remote attacker could exploit this vulnerability by accessing these prints of sensitive information, which may contain configurations or tokens that could be used to gain unauthorized control or access to resources managed by the Terraform controller. A successful exploit could allow the attacker to utilize this sensitive data, potentially leading to unauthorized access or control of the system. This vulnerability has been addressed in Weave GitOps Terraform Controller versions `v0.14.4` and `v0.15.0-rc.5`. Users are urged to upgrade to one of these versions to mitigate the vulnerability. As a temporary measure until the patch can be applied, users can add the environment variable `DISABLE_TF_LOGS` to the tf-runners via the runner pod template of the Terraform Custom Resource. This will prevent the logging of sensitive information and mitigate the risk of this vulnerability.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-34236
CVE-2023-3593Mattermost fails to properly validate markdown, allowing an attacker to crash the server via a specially crafted markdown input.\n\n6.5https://nvd.nist.gov/vuln/detail/CVE-2023-3593
CVE-2023-34140A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.36 Patch 2, USG FLEX series firmware versions 4.50 through 5.36 Patch 2, USG FLEX 50(W) series firmware versions 4.16 through 5.36 Patch 2, USG20(W)-VPN series firmware versions 4.16 through 5.36 Patch 2, VPN series firmware versions 4.30 through 5.36 Patch 2, NXC2500 firmware versions 6.10(AAIG.0) through 6.10(AAIG.3), and NXC5500 firmware versions 6.10(AAOS.0) through 6.10(AAOS.4), could allow an unauthenticated, LAN-based attacker to cause denial of service (DoS) conditions by sending a crafted request to the CAPWAP daemon.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-34140
CVE-2022-30858An issue was discovered in ngiflib 0.4. There is SEGV in SDL_LoadAnimatedGif when use SDLaffgif. poc : ./SDLaffgif CA_file2_06.5https://nvd.nist.gov/vuln/detail/CVE-2022-30858
CVE-2023-37769stress-test master commit e4c878 was discovered to contain a FPE vulnerability via the component combine_inner at /pixman-combine-float.c.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-37769
CVE-2023-37781An issue in the emqx_sn plugin of EMQX v4.3.8 allows attackers to execute a directory traversal via uploading a crafted .txt file.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-37781
CVE-2021-32256An issue was discovered in GNU libiberty, as distributed in GNU Binutils 2.36. It is a stack-overflow issue in demangle_type in rust-demangle.c.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-32256
CVE-2023-28023A cross site request forgery vulnerability in the BigFix WebUI Software Distribution interface site version 44 and before allows an NMO attacker to access files on server side systems (server machine and all the ones in its network). \n6.5https://nvd.nist.gov/vuln/detail/CVE-2023-28023
CVE-2023-2913\nAn executable used in Rockwell Automation ThinManager ThinServer can be configured to enable an API feature in the HTTPS Server Settings. This feature is disabled by default. When the API is enabled and handling requests, a path traversal vulnerability exists that allows a remote actor to leverage the privileges of the server’s file system and read arbitrary files stored in it. A malicious user could exploit this vulnerability by executing a path that contains manipulating variables.\n\n\n6.5https://nvd.nist.gov/vuln/detail/CVE-2023-2913
CVE-2023-21994Vulnerability in the Oracle Mobile Security Suite product of Oracle Fusion Middleware (component: Android Mobile Authenticator App). Supported versions that are affected are Prior to 11.1.2.3.1. Easily exploitable vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the hardware where the Oracle Mobile Security Suite executes to compromise Oracle Mobile Security Suite. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Mobile Security Suite accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).6.5https://nvd.nist.gov/vuln/detail/CVE-2023-21994
CVE-2023-22022Vulnerability in the Oracle Health Sciences Sciences Data Management Workbench product of Oracle Health Sciences Applications (component: Blinding Functionality). Supported versions that are affected are 3.1.0.2, 3.1.1.3 and 3.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Health Sciences Sciences Data Management Workbench. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Health Sciences Sciences Data Management Workbench accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).6.5https://nvd.nist.gov/vuln/detail/CVE-2023-22022
CVE-2023-22037Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: MS Excel Specific). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Web Applications Desktop Integrator, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Web Applications Desktop Integrator accessible data as well as unauthorized read access to a subset of Oracle Web Applications Desktop Integrator accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L).6.5https://nvd.nist.gov/vuln/detail/CVE-2023-22037
CVE-2023-22040Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H).6.5https://nvd.nist.gov/vuln/detail/CVE-2023-22040
CVE-2023-35898IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information due to an insecure security configuration in InfoSphere Data Flow Designer. IBM X-Force ID: 259352.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-35898
CVE-2022-43908\nIBM Security Guardium 11.3 could allow an authenticated user to cause a denial of service due to improper input validation. IBM X-Force ID: 240903.\n\n6.5https://nvd.nist.gov/vuln/detail/CVE-2022-43908
CVE-2023-3760A vulnerability has been found in Intergard SGS 8.7.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Change Password Handler. The manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-234445 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-3760
CVE-2023-32261\nA potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.\nSee the following Jenkins security advisory for details: * https://www.jenkins.io/security/advisory/2023-06-14/ https://www.jenkins.io/security/advisory/2023-06-14/ \n\n\n\n\n6.5https://nvd.nist.gov/vuln/detail/CVE-2023-32261
CVE-2023-32262\nA potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability allows attackers with Item/Configure permission to access and capture credentials they are not entitled to.\nSee the following Jenkins security advisory for details: * https://www.jenkins.io/security/advisory/2023-06-14/ https://www.jenkins.io/security/advisory/2023-06-14/ \n\n\n\n\n6.5https://nvd.nist.gov/vuln/detail/CVE-2023-32262
CVE-2023-32481\nWyse Management Suite versions prior to 4.0 contain a denial-of-service vulnerability. An authenticated malicious user can flood the configured SMTP server with numerous requests in order to deny access to the system.\n\n6.5https://nvd.nist.gov/vuln/detail/CVE-2023-32481
CVE-2023-32265\nA potential security vulnerability has been identified in the Enterprise Server Common Web Administration (ESCWA) component used in Enterprise Server, Enterprise Test Server, Enterprise Developer, Visual COBOL, and COBOL Server.\nAn attacker would need to be authenticated into ESCWA to attempt to exploit this vulnerability. As described in the hardening guide in the product documentation, other mitigations including restricting network access to ESCWA and restricting users’ permissions in the Micro Focus Directory Server also reduce the exposure to this issue.\n\nGiven the right conditions this vulnerability could be exploited to expose a service account password. The account corresponding to the exposed credentials usually has limited privileges and, in many cases would only be useful for extracting details of other user accounts and similar information.\n\n6.5https://nvd.nist.gov/vuln/detail/CVE-2023-32265
CVE-2023-38334Omnis Studio 10.22.00 has incorrect access control. It advertises an irreversible feature for locking classes within Omnis libraries: it should be no longer possible to delete, view, change, copy, rename, duplicate, or print a locked class. Due to implementation issues, locked classes in Omnis libraries can be unlocked, and thus further analyzed and modified by Omnis Studio. This allows for further analyzing and also deleting, viewing, changing, copying, renaming, duplicating, or printing previously locked Omnis classes. This violates the expected behavior of an "irreversible operation."6.5https://nvd.nist.gov/vuln/detail/CVE-2023-38334
CVE-2023-3792A vulnerability was found in Beijing Netcon NS-ASG 6.3. It has been classified as problematic. This affects an unknown part of the file /admin/test_status.php. The manipulation leads to direct request. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235059. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-3792
CVE-2020-24275A HTTP response header injection vulnerability in Swoole v4.5.2 allows attackers to execute arbitrary code via supplying a crafted URL.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-24275
CVE-2023-3484An issue has been discovered in GitLab EE affecting all versions starting from 12.8 before 15.11.11, all versions starting from 16.0 before 16.0.7, all versions starting from 16.1 before 16.1.2. An attacker could change the name or path of a public top-level group in certain situations.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-3484
CVE-2023-3819Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository pimcore/pimcore prior to 10.6.4.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-3819
CVE-2023-38187Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability6.5https://nvd.nist.gov/vuln/detail/CVE-2023-38187
CVE-2023-3603A missing allocation check in sftp server processing read requests may cause a NULL dereference on low-memory conditions. The malicious client can request up to 4GB SFTP reads, causing allocation of up to 4GB buffers, which was not being checked for failure. This will likely crash the authenticated user's sftp server connection (if implemented as forking as recommended). For thread-based servers, this might also cause DoS for legitimate users.\r\n\r\nGiven this code is not in any released versions, no security releases have been issued.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-3603
CVE-2023-22428\nImproper privilege validation in Command Centre Server allows authenticated operators to modify Division lineage.\n\nThis issue affects Command Centre: vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), vEL8.60 prior to vEL8.60.2347 (MR6), vEL8.50 prior to vEL8.50.2831(MR8), vEL8.40 and prior.\n\n6.5https://nvd.nist.gov/vuln/detail/CVE-2023-22428
CVE-2023-3637An uncontrolled resource consumption flaw was found in openstack-neutron. This flaw allows a remote authenticated user to query a list of security groups for an invalid project. This issue creates resources that are unconstrained by the user's quota. If a malicious user were to submit a significant number of requests, this could lead to a denial of service.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-3637
CVE-2022-46900An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Path Traversal in the Task Exec filename. The Vocera Report Console contains various jobs that are executed on the server at specified intervals, e.g., backup, etc. An authenticated user has the ability to modify these entries and set the executable path and parameters.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-46900
CVE-2023-37049emlog 2.1.9 is vulnerable to Arbitrary file deletion via admin\\template.php.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-37049
CVE-2023-39152Always-incorrect control flow implementation in Jenkins Gradle Plugin 2.8 may result in credentials not being masked (i.e., replaced with asterisks) in the build log in some circumstances.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-39152
CVE-2023-39154Incorrect permission checks in Jenkins Qualys Web App Scanning Connector Plugin 2.0.10 and earlier allow attackers with global Item/Configure permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-39154
CVE-2023-3414A cross-site request forgery vulnerability exists in versions of the Jenkins Plug-in for ServiceNow DevOps prior to 1.38.1 that, if exploited successfully, could cause the unwanted exposure of sensitive information. To address this issue, apply the 1.38.1 version of the Jenkins plug-in for ServiceNow DevOps on your Jenkins server. No changes are required on your instances of the Now Platform. \n6.5https://nvd.nist.gov/vuln/detail/CVE-2023-3414
CVE-2023-27945This issue was addressed with improved entitlements. This issue is fixed in Xcode 14.3, macOS Big Sur 11.7.7, macOS Monterey 12.6.6. A sandboxed app may be able to collect system logs.6.3https://nvd.nist.gov/vuln/detail/CVE-2023-27945
CVE-2023-27966The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3. An app may be able to break out of its sandbox.6.3https://nvd.nist.gov/vuln/detail/CVE-2023-27966
CVE-2023-27940The issue was addressed with additional permissions checks. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, macOS Monterey 12.6.6, macOS Ventura 13.4. A sandboxed app may be able to observe system-wide network connections.6.3https://nvd.nist.gov/vuln/detail/CVE-2023-27940
CVE-2023-32371The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. An app may be able to break out of its sandbox.6.3https://nvd.nist.gov/vuln/detail/CVE-2023-32371
CVE-2023-36888Microsoft Edge for Android (Chromium-based) Tampering Vulnerability6.3https://nvd.nist.gov/vuln/detail/CVE-2023-36888
CVE-2023-36675An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, and 1.39.x before 1.39.4. BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-36675
CVE-2023-2507CleverTap Cordova Plugin version 2.6.2 allows a remote attacker to execute JavaScript code in any application that is opened via a specially constructed deeplink by an attacker.\n\nThis is possible because the plugin does not correctly validate the data coming from the deeplinks before using them.\n\n6.1https://nvd.nist.gov/vuln/detail/CVE-2023-2507
CVE-2023-3691A vulnerability, which was classified as problematic, was found in layui up to v2.8.0-rc.16. This affects an unknown part of the component HTML Attribute Handler. The manipulation of the argument title leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 2.8.0 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-234237 was assigned to this vulnerability.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3691
CVE-2023-1893The Login Configurator WordPress plugin through 2.1 does not properly escape a URL parameter before outputting it to the page, leading to a reflected cross-site scripting vulnerability targeting site administrators.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-1893
CVE-2023-2701The Gravity Forms WordPress plugin before 2.7.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high-privileged users such as admin.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-2701
CVE-2023-2960Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Oliva Expertise Oliva Expertise EKS allows Cross-Site Scripting (XSS).This issue affects Oliva Expertise EKS: before 1.2.\n\n6.1https://nvd.nist.gov/vuln/detail/CVE-2023-2960
CVE-2023-31852Cudy LT400 1.13.4 is vulnerable to Cross Site Scripting (XSS) in cgi-bin/luci/admin/network/wireless/config via the iface parameter.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-31852
CVE-2023-3041The Autochat Automatic Conversation WordPress plugin through 1.1.7 does not sanitise and escape user input before outputting it back on the page, leading to a cross-site Scripting attack.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3041
CVE-2023-3182The Membership WordPress plugin before 3.2.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3182
CVE-2023-31851Cudy LT400 1.13.4 is has a cross-site scripting (XSS) vulnerability in /cgi-bin/luci/admin/network/wireless/status via the iface parameter.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-31851
CVE-2023-31853Cudy LT400 1.13.4 is vulnerable Cross Site Scripting (XSS) in /cgi-bin/luci/admin/network/bandwidth via the icon parameter.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-31853
CVE-2023-3708Several themes for WordPress by DeoThemes are vulnerable to Reflected Cross-Site Scripting via breadcrumbs in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3708
CVE-2023-32965Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CRUDLab Jazz Popups plugin <= 1.8.7 versions.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-32965
CVE-2023-36384Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CodePeople Booking Calendar Contact Form plugin <= 1.2.40 versions.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-36384
CVE-2023-33231XSS attack was possible in DPA 2023.2 due to insufficient input validation6.1https://nvd.nist.gov/vuln/detail/CVE-2023-33231
CVE-2023-33312Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wppal Easy Captcha plugin <= 1.0 versions.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-33312
CVE-2023-28020 URL redirection in Login page in HCL BigFix WebUI allows malicious user to redirect the client browser to an external site via redirect URL response header.\n6.1https://nvd.nist.gov/vuln/detail/CVE-2023-28020
CVE-2023-22035Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: iSurvey Module). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Scripting. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Scripting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Scripting accessible data as well as unauthorized read access to a subset of Oracle Scripting accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).6.1https://nvd.nist.gov/vuln/detail/CVE-2023-22035
CVE-2023-22042Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Diagnostics). Supported versions that are affected are 12.2.3-12.3.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data as well as unauthorized read access to a subset of Oracle Applications Framework accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).6.1https://nvd.nist.gov/vuln/detail/CVE-2023-22042
CVE-2023-22055Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are affected are Prior to 9.2.7.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in JD Edwards EnterpriseOne Tools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Tools accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).6.1https://nvd.nist.gov/vuln/detail/CVE-2023-22055
CVE-2023-3752A vulnerability was found in Creativeitem Academy LMS 5.15. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /home/courses. The manipulation of the argument sort_by leads to cross site scripting. The attack may be launched remotely. VDB-234422 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3752
CVE-2023-3753A vulnerability classified as problematic has been found in Creativeitem Mastery LMS 1.2. This affects an unknown part of the file /browse. The manipulation of the argument search/featured/recommended/skill leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-234423. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3753
CVE-2023-3754A vulnerability, which was classified as problematic, was found in Creativeitem Ekushey Project Manager CRM 5.0. Affected is an unknown function of the file /index.php/client/message/message_read/xxxxxxxx[random-msg-hash]. The manipulation of the argument message leads to cross site scripting. It is possible to launch the attack remotely. VDB-234426 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3754
CVE-2023-3755A vulnerability has been found in Creativeitem Atlas Business Directory Listing 2.13 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /home/filter_listings. The manipulation of the argument price-range leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-234427. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3755
CVE-2023-3756A vulnerability was found in Creativeitem Atlas Business Directory Listing 2.13 and classified as problematic. Affected by this issue is some unknown functionality of the file /home/search. The manipulation of the argument search_string leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-234428. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3756
CVE-2023-3757A vulnerability classified as problematic has been found in GZ Scripts Car Rental Script 1.8. Affected is an unknown function of the file /EventBookingCalendar/load.php?controller=GzFront/action=checkout/cid=1/layout=calendar/show_header=T/local=3. The manipulation of the argument first_name/second_name/phone/address_1/country leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-234432. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3757
CVE-2023-37733An arbitrary file upload vulnerability in tduck-platform v4.0 allows attackers to execute arbitrary code via a crafted HTML file.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-37733
CVE-2023-3466Reflected Cross-Site Scripting (XSS)\n6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3466
CVE-2023-3789A vulnerability, which was classified as problematic, was found in PaulPrinting CMS 2018. Affected is an unknown function of the file /account/delivery of the component Search. The manipulation of the argument s leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235056.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3789
CVE-2023-37728Icewarp Icearp v10.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the color parameter.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-37728
CVE-2023-37164Diafan CMS v6.0 was discovered to contain a reflected cross-site scripting via the cat_id parameter at /shop/?module=shop&action=search.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-37164
CVE-2023-37600Office Suite Premium Version v10.9.1.42602 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the id parameter at /api?path=profile.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-37600
CVE-2023-37602An arbitrary file upload vulnerability in the component /workplace#!explorer of Alkacon OpenCMS v15.0 allows attackers to execute arbitrary code via uploading a crafted PNG file.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-37602
CVE-2023-38617Office Suite Premium Version v10.9.1.42602 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the filter parameter at /api?path=files.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-38617
CVE-2021-39425SeedDMS v6.0.15 was discovered to contain an open redirect vulnerability. An attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-39425
CVE-2023-3794A vulnerability classified as problematic has been found in Bug Finder ChainCity Real Estate Investment Platform 1.0. Affected is an unknown function of the file /chaincity/user/ticket/create of the component New Ticket Handler. The manipulation of the argument subject leads to cross site scripting. It is possible to launch the attack remotely. VDB-235062 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3794
CVE-2023-3815A vulnerability, which was classified as problematic, has been found in y_project RuoYi up to 4.7.7. Affected by this issue is the function uploadFilesPath of the component File Upload. The manipulation of the argument originalFilenames leads to cross site scripting. The attack may be launched remotely. VDB-235118 is the identifier assigned to this vulnerability.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3815
CVE-2023-3822Cross-site Scripting (XSS) - Reflected in GitHub repository pimcore/pimcore prior to 10.6.4.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3822
CVE-2023-37742WebBoss.io CMS before v3.7.0.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-37742
CVE-2023-25841\nThere is a stored Cross-site Scripting vulnerability in Esri ArcGIS Server versions 10.8.1 – 11.0 on Windows and Linux platforms that may allow a remote, unauthenticated attacker to create crafted content which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.\n\nMitigation: Disable anonymous access to ArcGIS Feature services with edit capabilities.\n\n\n6.1https://nvd.nist.gov/vuln/detail/CVE-2023-25841
CVE-2023-37905ckeditor-wordcount-plugin is an open source WordCount Plugin for CKEditor. It has been discovered that the `ckeditor-wordcount-plugin` plugin for CKEditor4 is susceptible to cross-site scripting when switching to the source code mode. This issue has been addressed in version 1.17.12 of the `ckeditor-wordcount-plugin` plugin and users are advised to upgrade. There are no known workarounds for this vulnerability.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-37905
CVE-2023-3827A vulnerability was found in Bug Finder Listplace Directory Listing Platform 3.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /listplace/user/ticket/create of the component HTTP POST Request Handler. The manipulation of the argument message leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-235148. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3827
CVE-2023-3828A vulnerability was found in Bug Finder Listplace Directory Listing Platform 3.0. It has been classified as problematic. This affects an unknown part of the file /listplace/user/coverPhotoUpdate of the component Photo Handler. The manipulation of the argument user_cover_photo leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-235149 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3828
CVE-2023-3829A vulnerability was found in Bug Finder ICOGenie 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /user/ticket/create of the component Support Ticket Handler. The manipulation of the argument message leads to cross site scripting. The attack can be initiated remotely. VDB-235150 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3829
CVE-2023-3830A vulnerability was found in Bug Finder SASS BILLER 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /company/store. The manipulation of the argument name leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-235151. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3830
CVE-2023-3832A vulnerability was found in Bug Finder Wedding Wonders 1.0. It has been classified as problematic. Affected is an unknown function of the file /user/ticket/create of the component Ticket Handler. The manipulation of the argument message leads to cross site scripting. It is possible to launch the attack remotely. VDB-235158 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3832
CVE-2023-3833A vulnerability was found in Bug Finder Montage 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /user/ticket/create of the component Ticket Handler. The manipulation of the argument message leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-235159. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3833
CVE-2023-3834A vulnerability was found in Bug Finder EX-RATE 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /user/ticket/create of the component Ticket Handler. The manipulation of the argument message leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-235160. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3834
CVE-2023-3835A vulnerability classified as problematic has been found in Bug Finder MineStack 1.0. This affects an unknown part of the file /user/ticket/create of the component Ticket Handler. The manipulation of the argument message leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-235161 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3835
CVE-2023-3840A vulnerability, which was classified as problematic, was found in NxFilter 4.3.2.5. This affects an unknown part of the file /report,daily.jsp?stime=2023%2F07%2F12&timeOption=yesterday&. The manipulation of the argument user leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-235191. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3840
CVE-2023-3843A vulnerability was found in mooSocial mooDating 1.2. It has been classified as problematic. Affected is an unknown function of the file /matchmakings/question of the component URL Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. VDB-235194 is the identifier assigned to this vulnerability. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3843
CVE-2023-3844A vulnerability was found in mooSocial mooDating 1.2. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /friends of the component URL Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-235195. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3844
CVE-2023-3845A vulnerability was found in mooSocial mooDating 1.2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /friends/ajax_invite of the component URL Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-235196. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3845
CVE-2023-3846A vulnerability classified as problematic has been found in mooSocial mooDating 1.2. This affects an unknown part of the file /pages of the component URL Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-235197 was assigned to this vulnerability. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3846
CVE-2023-3847A vulnerability classified as problematic was found in mooSocial mooDating 1.2. This vulnerability affects unknown code of the file /users of the component URL Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. VDB-235198 is the identifier assigned to this vulnerability. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3847
CVE-2023-3848A vulnerability, which was classified as problematic, has been found in mooSocial mooDating 1.2. This issue affects some unknown processing of the file /users/view of the component URL Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-235199. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3848
CVE-2023-3849A vulnerability, which was classified as problematic, was found in mooSocial mooDating 1.2. Affected is an unknown function of the file /find-a-match of the component URL Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-235200. NOTE: We tried to contact the vendor early about the disclosure but the official mail address was not working properly.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3849
CVE-2023-3853A vulnerability was found in phpscriptpoint BloodBank 1.1. It has been rated as problematic. This issue affects some unknown processing of the file page.php. The manipulation leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-235205 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3853
CVE-2023-3855A vulnerability classified as problematic was found in phpscriptpoint JobSeeker 1.5. Affected by this vulnerability is an unknown functionality of the file /search-result.php. The manipulation of the argument kw/lc/ct/cp/p leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-235207. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3855
CVE-2023-3856A vulnerability, which was classified as problematic, has been found in phpscriptpoint Ecommerce 1.15. Affected by this issue is some unknown functionality of the file /blog-single.php. The manipulation of the argument slug leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-235208. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3856
CVE-2023-3857A vulnerability, which was classified as problematic, was found in phpscriptpoint Ecommerce 1.15. This affects an unknown part of the file /product.php. The manipulation of the argument id leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-235209 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3857
CVE-2023-3858A vulnerability has been found in phpscriptpoint Car Listing 1.6 and classified as problematic. This vulnerability affects unknown code of the file /search.php. The manipulation of the argument country/state/city leads to cross site scripting. The attack can be initiated remotely. VDB-235210 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3858
CVE-2023-3860A vulnerability was found in phpscriptpoint Insurance 1.2. It has been classified as problematic. Affected is an unknown function of the file /page.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-235212. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3860
CVE-2023-3861A vulnerability was found in phpscriptpoint Insurance 1.2. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /search.php. The manipulation leads to cross site scripting. The attack can be launched remotely. The identifier VDB-235213 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3861
CVE-2023-2309The wpForo Forum WordPress plugin before 2.1.9 does not escape some request parameters while in debug mode, leading to a Reflected Cross-Site Scripting vulnerability.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-2309
CVE-2023-37613A cross-site scripting (XSS) vulnerability in Assembly Software Trialworks v11.4 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the asset src parameter.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-37613
CVE-2021-39421A cross-site scripting (XSS) vulnerability in SeedDMS v6.0.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-39421
CVE-2023-3883A vulnerability, which was classified as problematic, was found in Campcodes Beauty Salon Management System 1.0. This affects an unknown part of the file /admin/add-category.php. The manipulation of the argument name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-235245 was assigned to this vulnerability.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3883
CVE-2023-3884A vulnerability has been found in Campcodes Beauty Salon Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/edit_product.php. The manipulation of the argument id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-235246 is the identifier assigned to this vulnerability.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3884
CVE-2023-3885A vulnerability was found in Campcodes Beauty Salon Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/edit_category.php. The manipulation of the argument id leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235247.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3885
CVE-2023-3886A vulnerability was found in Campcodes Beauty Salon Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/invoice.php. The manipulation of the argument inv_id leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235248.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3886
CVE-2023-3887A vulnerability was found in Campcodes Beauty Salon Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/search-appointment.php. The manipulation of the argument searchdata leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-235249 was assigned to this vulnerability.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3887
CVE-2023-3888A vulnerability was found in Campcodes Beauty Salon Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/admin-profile.php. The manipulation of the argument adminname leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-235250 is the identifier assigned to this vulnerability.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3888
CVE-2023-3890A vulnerability classified as problematic has been found in Campcodes Beauty Salon Management System 1.0. This affects an unknown part of the file /admin/edit-accepted-appointment.php. The manipulation of the argument id leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235251.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3890
CVE-2023-33925Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in PluginForage WooCommerce Product Categories Selection Widget plugin <= 2.0 versions.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-33925
CVE-2023-35043Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Neha Goel Recent Posts Slider plugin <= 1.1 versions.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-35043
CVE-2023-34017Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FiveStarPlugins Five Star Restaurant Reservations plugin <= 2.6.7 versions.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-34017
CVE-2023-36385Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in wpxpo PostX – Gutenberg Post Grid Blocks plugin <= 2.9.9 versions.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-36385
CVE-2023-36502Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cththemes Balkon plugin <= 1.3.2 versions.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-36502
CVE-2023-39175In JetBrains TeamCity before 2023.05.2 reflected XSS via GitHub integration was possible6.1https://nvd.nist.gov/vuln/detail/CVE-2023-39175
CVE-2023-3944A vulnerability was found in phpscriptpoint Lawyer 1.6 and classified as problematic. Affected by this issue is some unknown functionality of the file page.php. The manipulation leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-235400. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3944
CVE-2022-31456A cross-site scripting (XSS) vulnerability in Truedesk v1.2.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the team name parameter.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-31456
CVE-2022-31455* A cross-site scripting (XSS) vulnerability in Truedesk v1.2.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into a user chat box.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-31455
CVE-2023-32369A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be able to modify protected parts of the file system.6https://nvd.nist.gov/vuln/detail/CVE-2023-32369
CVE-2023-21961Vulnerability in the Oracle Hyperion Essbase Administration Services product of Oracle Essbase (component: EAS Administration and EAS Console). The supported version that is affected is 21.4.3.0.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Hyperion Essbase Administration Services executes to compromise Oracle Hyperion Essbase Administration Services. While the vulnerability is in Oracle Hyperion Essbase Administration Services, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hyperion Essbase Administration Services accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).6https://nvd.nist.gov/vuln/detail/CVE-2023-21961
CVE-2021-31957ASP.NET Denial of Service Vulnerability5.9https://nvd.nist.gov/vuln/detail/CVE-2021-31957
CVE-2022-28860An authentication downgrade in the server in Citilog 8.0 allows an attacker (in a man in the middle position between the server and its smart camera Axis M1125) to achieve HTTP access to the camera.5.9https://nvd.nist.gov/vuln/detail/CVE-2022-28860
CVE-2022-28861The server in Citilog 8.0 allows an attacker (in a man in the middle position between the server and its smart camera Axis M1125) to see FTP credentials in a cleartext HTTP traffic. These can be used for FTP access to the server.5.9https://nvd.nist.gov/vuln/detail/CVE-2022-28861
CVE-2023-23520A race condition was addressed with additional validation. This issue is fixed in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. A user may be able to read arbitrary files as root.5.9https://nvd.nist.gov/vuln/detail/CVE-2023-23520
CVE-2023-22043Vulnerability in Oracle Java SE (component: JavaFX). The supported version that is affected is Oracle Java SE: 8u371. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).5.9https://nvd.nist.gov/vuln/detail/CVE-2023-22043
CVE-2023-3782DoS of the OkHttp client when using a BrotliInterceptor and surfing to a malicious web server, or when an attacker can perform MitM to inject a Brotli zip-bomb into an HTTP response\n\n5.9https://nvd.nist.gov/vuln/detail/CVE-2023-3782
CVE-2023-35134\n\n\nWeintek Weincloud v0.13.6\n\n could allow an attacker to reset a password with the corresponding account’s JWT token only.\n\n\n\n5.9https://nvd.nist.gov/vuln/detail/CVE-2023-35134
CVE-2023-3347A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, such as a man-in-the-middle attack, by intercepting the network traffic and modifying the SMB2 messages between client and server, affecting the integrity of the data.5.9https://nvd.nist.gov/vuln/detail/CVE-2023-3347
CVE-2021-31965Microsoft SharePoint Server Information Disclosure Vulnerability5.7https://nvd.nist.gov/vuln/detail/CVE-2021-31965
CVE-2021-41355.NET Core and Visual Studio Information Disclosure Vulnerability5.7https://nvd.nist.gov/vuln/detail/CVE-2021-41355
CVE-2022-3563A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function read_50_controller_cap_complete of the file tools/mgmt-tester.c of the component BlueZ. The manipulation of the argument cap_len leads to null pointer dereference. It is recommended to apply a patch to fix this issue. VDB-211086 is the identifier assigned to this vulnerability.5.7https://nvd.nist.gov/vuln/detail/CVE-2022-3563
CVE-2023-28261Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability5.7https://nvd.nist.gov/vuln/detail/CVE-2023-28261
CVE-2023-32263\nA potential vulnerability has been identified in the Micro Focus Dimensions CM Plugin for Jenkins. The vulnerability could be exploited to retrieve a login certificate if an authenticated user is duped into using an attacker-controlled Dimensions CM server. This vulnerability only applies when the Jenkins plugin is configured to use login certificate credentials.\n\n\n https://www.jenkins.io/security/advisory/2023-06-14/ \n\n5.7https://nvd.nist.gov/vuln/detail/CVE-2023-32263
CVE-2020-29509The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.5.6https://nvd.nist.gov/vuln/detail/CVE-2020-29509
CVE-2020-29511The encoding/xml package in Go (all versions) does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.5.6https://nvd.nist.gov/vuln/detail/CVE-2020-29511
CVE-2021-42299Microsoft Surface Pro 3 Security Feature Bypass Vulnerability5.6https://nvd.nist.gov/vuln/detail/CVE-2021-42299
CVE-2023-32020Windows DNS Spoofing Vulnerability5.6https://nvd.nist.gov/vuln/detail/CVE-2023-32020
CVE-2023-21983Vulnerability in the Application Express Administration product of Oracle Application Express (component: None). Supported versions that are affected are Application Express Administration: 18.2-22.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Application Express Administration. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Application Express Administration accessible data as well as unauthorized read access to a subset of Application Express Administration accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Application Express Administration. CVSS 3.1 Base Score 5.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L).5.6https://nvd.nist.gov/vuln/detail/CVE-2023-21983
CVE-2021-31955Windows Kernel Information Disclosure Vulnerability5.5https://nvd.nist.gov/vuln/detail/CVE-2021-31955
CVE-2021-31960Windows Bind Filter Driver Information Disclosure Vulnerability5.5https://nvd.nist.gov/vuln/detail/CVE-2021-31960
CVE-2021-31970Windows TCP/IP Driver Security Feature Bypass Vulnerability5.5https://nvd.nist.gov/vuln/detail/CVE-2021-31970
CVE-2021-31972Event Tracing for Windows Information Disclosure Vulnerability5.5https://nvd.nist.gov/vuln/detail/CVE-2021-31972
CVE-2021-31978Microsoft Defender Denial of Service Vulnerability5.5https://nvd.nist.gov/vuln/detail/CVE-2021-31978
CVE-2021-38662Windows Fast FAT File System Driver Information Disclosure Vulnerability5.5https://nvd.nist.gov/vuln/detail/CVE-2021-38662
CVE-2021-38663Windows exFAT File System Information Disclosure Vulnerability5.5https://nvd.nist.gov/vuln/detail/CVE-2021-38663
CVE-2021-40454Rich Text Edit Control Information Disclosure Vulnerability5.5https://nvd.nist.gov/vuln/detail/CVE-2021-40454
CVE-2021-40455Windows Installer Spoofing Vulnerability5.5https://nvd.nist.gov/vuln/detail/CVE-2021-40455
CVE-2021-40468Windows Bind Filter Driver Information Disclosure Vulnerability5.5https://nvd.nist.gov/vuln/detail/CVE-2021-40468
CVE-2021-40472Microsoft Excel Information Disclosure Vulnerability5.5https://nvd.nist.gov/vuln/detail/CVE-2021-40472
CVE-2021-40475Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability5.5https://nvd.nist.gov/vuln/detail/CVE-2021-40475
CVE-2021-41336Windows Kernel Information Disclosure Vulnerability5.5https://nvd.nist.gov/vuln/detail/CVE-2021-41336
CVE-2021-41338Windows AppContainer Firewall Rules Security Feature Bypass Vulnerability5.5https://nvd.nist.gov/vuln/detail/CVE-2021-41338
CVE-2021-41343Windows Fast FAT File System Driver Information Disclosure Vulnerability5.5https://nvd.nist.gov/vuln/detail/CVE-2021-41343
CVE-2022-3637A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function jlink_init of the file monitor/jlink.c of the component BlueZ. The manipulation leads to denial of service. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211936.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-3637
CVE-2023-0597A flaw possibility of memory leak in the Linux kernel cpu_entry_area mapping of X86 CPU data to memory was found in the way user can guess location of exception stack(s) or other important data. A local user could use this flaw to get access to some important data with expected location in memory.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-0597
CVE-2023-23499This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, watchOS 9.3, macOS Big Sur 11.7.3, tvOS 16.3, iOS 16.3 and iPadOS 16.3. An app may be able to access user-sensitive data.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-23499
CVE-2023-23500The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3, iOS 15.7.3 and iPadOS 15.7.3, tvOS 16.3, watchOS 9.3. An app may be able to leak sensitive kernel state.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-23500
CVE-2023-23501The issue was addressed with improved memory handling This issue is fixed in macOS Ventura 13.2. An app may be able to disclose kernel memory.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-23501
CVE-2023-23502An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3, tvOS 16.3, watchOS 9.3. An app may be able to determine kernel memory layout.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-23502
CVE-2023-23503A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3, iOS 15.7.3 and iPadOS 15.7.3, tvOS 16.3, watchOS 9.3. An app may be able to bypass Privacy preferences.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-23503
CVE-2023-23506A permissions issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.2. An app may be able to access user-sensitive data.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-23506
CVE-2023-23508The issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.7.3, macOS Ventura 13.2, macOS Monterey 12.6.3. An app may be able to bypass Privacy preferences.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-23508
CVE-2023-23510A permissions issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.2. An app may be able to access a user’s Safari history.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-23510
CVE-2023-23511The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3, tvOS 16.3, watchOS 9.3. An app may be able to bypass Privacy preferences.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-23511
CVE-2023-23522A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Ventura 13.2.1. An app may be able to observe unprotected user data.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-23522
CVE-2023-1055A flaw was found in RHDS 11 and RHDS 12. While browsing entries LDAP tries to decode the userPassword attribute instead of the userCertificate attribute which could lead into sensitive information leaked. An attacker with a local account where the cockpit-389-ds is running can list the processes and display the hashed passwords. The highest threat from this vulnerability is to data confidentiality.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-1055
CVE-2023-31084An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel 6.2. There is a blocking operation when a task is in !TASK_RUNNING. In dvb_frontend_get_event, wait_event_interruptible is called; the condition is dvb_frontend_test_event(fepriv,events). In dvb_frontend_test_event, down(&fepriv->sem) is called. However, wait_event_interruptible would put the process to sleep, and down(&fepriv->sem) may block the process.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-31084
CVE-2023-23527The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4. A user may gain access to protected parts of the file system.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-23527
CVE-2023-23533A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4. An app may be able to modify protected parts of the file system.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-23533
CVE-2023-23534The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Big Sur 11.7.5. Processing a maliciously crafted image may result in disclosure of process memory.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-23534
CVE-2023-23535The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.6, tvOS 16.4, watchOS 9.4. Processing a maliciously crafted image may result in disclosure of process memory.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-23535
CVE-2023-23537A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, watchOS 9.4, macOS Big Sur 11.7.5. An app may be able to read sensitive location information.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-23537
CVE-2023-23538A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4. An app may be able to modify protected parts of the file system.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-23538
CVE-2023-23542A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to access user-sensitive data.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-23542
CVE-2023-27929An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.3, tvOS 16.4, iOS 16.4 and iPadOS 16.4, watchOS 9.4. Processing a maliciously crafted image may result in disclosure of process memory.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-27929
CVE-2023-27931This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.3, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.3, tvOS 16.4, watchOS 9.4. An app may be able to access user-sensitive data.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-27931
CVE-2023-27932This issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.3, Safari 16.4, iOS 16.4 and iPadOS 16.4, tvOS 16.4, watchOS 9.4. Processing maliciously crafted web content may bypass Same Origin Policy.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-27932
CVE-2023-27941A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to disclose kernel memory.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-27941
CVE-2023-27942The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4. An app may be able to access user-sensitive data.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-27942
CVE-2023-27943This issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. Files downloaded from the internet may not have the quarantine flag applied.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-27943
CVE-2023-27951The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An archive may be able to bypass Gatekeeper.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-27951
CVE-2023-27955The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Monterey 12.6.4, tvOS 16.4, macOS Big Sur 11.7.5. An app may be able to read arbitrary files.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-27955
CVE-2023-27956The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4. Processing a maliciously crafted image may result in disclosure of process memory.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-27956
CVE-2023-27961Multiple validation issues were addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, watchOS 9.4, macOS Big Sur 11.7.5. Importing a maliciously crafted calendar invitation may exfiltrate user information.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-27961
CVE-2023-27962A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to modify protected parts of the file system.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-27962
CVE-2023-28178A logic issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, macOS Monterey 12.6.4, tvOS 16.4, watchOS 9.4. An app may be able to bypass Privacy preferences.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-28178
CVE-2023-28189The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to view sensitive information.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-28189
CVE-2023-28190A privacy issue was addressed by moving sensitive data to a more secure location. This issue is fixed in macOS Ventura 13.3. An app may be able to access user-sensitive data.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-28190
CVE-2023-28192A permissions issue was addressed with improved validation. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to read sensitive location information.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-28192
CVE-2023-28200A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An app may be able to disclose kernel memory.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-28200
CVE-2023-26965loadImage() in tools/tiffcrop.c in LibTIFF through 4.5.0 has a heap-based use after free via a crafted TIFF image.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-26965
CVE-2023-28191This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to bypass Privacy preferences.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-28191
CVE-2023-28202This issue was addressed with improved state management. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app firewall setting may not take effect after exiting the Settings app.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-28202
CVE-2023-32352A logic issue was addressed with improved checks. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may bypass Gatekeeper checks.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-32352
CVE-2023-32354An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, iOS 16.5 and iPadOS 16.5. An app may be able to disclose kernel memory.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-32354
CVE-2023-32355A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be able to modify protected parts of the file system.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-32355
CVE-2023-32360An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An unauthenticated user may be able to access recently printed documents.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-32360
CVE-2023-32363A permissions issue was addressed by removing vulnerable code and adding additional checks. This issue is fixed in macOS Ventura 13.4. An app may be able to bypass Privacy preferences.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-32363
CVE-2023-32367This issue was addressed with improved entitlements. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. An app may be able to access user-sensitive data.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-32367
CVE-2023-32368An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. Processing a 3D model may result in disclosure of process memory.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-32368
CVE-2023-32372An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. Processing an image may result in disclosure of process memory.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-32372
CVE-2023-32375An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Monterey 12.6.6, macOS Ventura 13.4. Processing a 3D model may result in disclosure of process memory.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-32375
CVE-2023-32376This issue was addressed with improved entitlements. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to modify protected parts of the file system.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-32376
CVE-2023-32382An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. Processing a 3D model may result in disclosure of process memory.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-32382
CVE-2023-32385A denial-of-service issue was addressed with improved memory handling. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. Opening a PDF file may lead to unexpected app termination.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-32385
CVE-2023-32388A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to bypass Privacy preferences.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-32388
CVE-2023-32389This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to disclose kernel memory.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-32389
CVE-2023-32392A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to read sensitive location information.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-32392
CVE-2023-32395A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be able to modify protected parts of the file system.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-32395
CVE-2023-32399The issue was addressed with improved handling of caches. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to read sensitive location information.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-32399
CVE-2023-32400This issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, macOS Ventura 13.4. Entitlements and privacy permissions granted to this app may be used by a malicious app.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-32400
CVE-2023-32403This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to read sensitive location information.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-32403
CVE-2023-32404This issue was addressed with improved entitlements. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, macOS Ventura 13.4. An app may be able to bypass Privacy preferences.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-32404
CVE-2023-32407A logic issue was addressed with improved state management. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to bypass Privacy preferences.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-32407
CVE-2023-32408The issue was addressed with improved handling of caches. This issue is fixed in watchOS 9.5, tvOS 16.5, macOS Ventura 13.4, iOS 15.7.6 and iPadOS 15.7.6, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to read sensitive location information.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-32408
CVE-2023-32410An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be able to leak sensitive kernel state.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-32410
CVE-2023-32411This issue was addressed with improved entitlements. This issue is fixed in tvOS 16.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS Monterey 12.6.6, iOS 16.5 and iPadOS 16.5. An app may be able to bypass Privacy preferences.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-32411
CVE-2023-32415This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 16.5 and iPadOS 16.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to read sensitive location information.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-32415
CVE-2023-32422This issue was addressed by adding additional SQLite logging restrictions. This issue is fixed in iOS 16.5 and iPadOS 16.5, tvOS 16.5, macOS Ventura 13.4. An app may be able to bypass Privacy preferences.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-32422
CVE-2015-20109end_pattern (called from internal_fnmatch) in the GNU C Library (aka glibc or libc6) before 2.22 might allow context-dependent attackers to cause a denial of service (application crash), as demonstrated by use of the fnmatch library function with the **(!() pattern. NOTE: this is not the same as CVE-2015-8984; also, some Linux distributions have fixed CVE-2015-8984 but have not fixed this additional fnmatch issue.5.5https://nvd.nist.gov/vuln/detail/CVE-2015-20109
CVE-2023-25433libtiff 4.5.0 is vulnerable to Buffer Overflow via /libtiff/tools/tiffcrop.c:8499. Incorrect updating of buffer size after rotateImage() in tiffcrop cause heap-buffer-overflow and SEGV.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-25433
CVE-2023-26966libtiff 4.5.0 is vulnerable to Buffer Overflow in uv_encode() when libtiff reads a corrupted little-endian TIFF file and specifies the output to be big-endian.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-26966
CVE-2023-35946Gradle is a build tool with a focus on build automation and support for multi-language development. When Gradle writes a dependency into its dependency cache, it uses the dependency's coordinates to compute a file location. With specially crafted dependency coordinates, Gradle can be made to write files into an unintended location. The file may be written outside the dependency cache or over another file in the dependency cache. This vulnerability could be used to poison the dependency cache or overwrite important files elsewhere on the filesystem where the Gradle process has write permissions. Exploiting this vulnerability requires an attacker to have control over a dependency repository used by the Gradle build or have the ability to modify the build's configuration. It is unlikely that this would go unnoticed. A fix has been released in Gradle 7.6.2 and 8.2 to protect against this vulnerability. Gradle will refuse to cache dependencies that have path traversal elements in their dependency coordinates. It is recommended that users upgrade to a patched version. If you are unable to upgrade to Gradle 7.6.2 or 8.2, `dependency verification` will make this vulnerability more difficult to exploit.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-35946
CVE-2023-2908A null pointer dereference issue was found in Libtiff's tif_dir.c file. This issue may allow an attacker to pass a crafted TIFF image file to the tiffcp utility which triggers a runtime error that causes undefined behavior. This will result in an application crash, eventually leading to a denial of service.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-2908
CVE-2023-3433The "nickname" field within Savoir-faire Linux's Jami application is susceptible to a failed state when a user inserts special characters into the field. When present, these special characters, make it so the application cannot create the signature for the user and results in a local denial of service to the application. 5.5https://nvd.nist.gov/vuln/detail/CVE-2023-3433
CVE-2023-36838An Out-of-bounds Read vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX Series allows a local, authenticated attacker with low privileges, to cause a Denial of Service (DoS).\n\nIf a low privileged user executes a specific CLI command, flowd which is responsible for traffic forwarding in SRX crashes and generates a core dump. This will cause temporary traffic interruption until the flowd process is restarted automatically. Continued execution of this command will lead to a sustained DoS.\n\nThis issue affects Juniper Networks Junos OS on SRX Series:\nAll versions prior to 20.2R3-S7;\n20.3 version 20.3R1 and later versions;\n20.4 versions prior to 20.4R3-S6;\n21.1 versions prior to 21.1R3-S5;\n21.2 versions prior to 21.2R3-S4;\n21.3 versions prior to 21.3R3-S4;\n21.4 versions prior to 21.4R3-S3;\n22.1 versions prior to 22.1R3-S1;\n22.2 versions prior to 22.2R3;\n22.3 versions prior to 22.3R2;\n22.4 versions prior to 22.4R1-S1, 22.4R2.\n5.5https://nvd.nist.gov/vuln/detail/CVE-2023-36838
CVE-2023-36840A Reachable Assertion vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a locally-based, low-privileged attacker to cause a Denial of Service (DoS).\n\nOn all Junos OS and Junos OS Evolved, when a specific L2VPN command is run, RPD will crash and restart. Continued execution of this specific command will create a sustained Denial of Service (DoS) condition.\n\nThis issue affects:\nJuniper Networks Junos OS\nAll versions prior to 19.3R3-S10;\n20.1 versions prior to 20.1R3-S4;\n20.2 versions prior to 20.2R3-S6;\n20.3 versions prior to 20.3R3-S6;\n20.4 versions prior to 20.4R3-S5;\n21.1 versions prior to 21.1R3-S4;\n21.2 versions prior to 21.2R3-S3;\n21.3 versions prior to 21.3R3-S2;\n21.4 versions prior to 21.4R3;\n22.1 versions prior to 22.1R3;\n22.2 versions prior to 22.2R2;\n22.3 versions prior to 22.3R2;\n\nJuniper Networks Junos OS Evolved\nAll versions prior to 20.4R3-S7-EVO;\n21.1 versions prior to 21.1R3-S3-EVO;\n21.2 versions prior to 21.2R3-S5-EVO;\n21.3 versions prior to 21.3R3-S4-EVO;\n21.4 versions prior to 21.4R3-EVO;\n22.1 versions prior to 22.1R3-EVO;\n22.2 versions prior to 22.2R2-EVO;\n22.3 versions prior to 22.3R2-EVO;\n5.5https://nvd.nist.gov/vuln/detail/CVE-2023-36840
CVE-2023-37224An issue in Archer Platform before v.6.13 fixed in v.6.12.0.6 and v.6.13.0 allows an authenticated attacker to obtain sensitive information via the log files.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-37224
CVE-2023-38252An out-of-bounds read flaw was found in w3m, in the Strnew_size function in Str.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-38252
CVE-2023-38253An out-of-bounds read flaw was found in w3m, in the growbuf_to_Str function in indep.c. This issue may allow an attacker to cause a denial of service through a crafted HTML file.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-38253
CVE-2023-28864Progress Chef Infra Server before 15.7 allows a local attacker to exploit a /var/opt/opscode/local-mode-cache/backup world-readable temporary backup path to access sensitive information, resulting in the disclosure of all indexed node data, because OpenSearch credentials are exposed. (The data typically includes credentials for additional systems.) The attacker must wait for an admin to run the "chef-server-ctl reconfigure" command.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-28864
CVE-2023-37770faust commit ee39a19 was discovered to contain a stack overflow via the component boxppShared::print() at /boxes/ppbox.cpp.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-37770
CVE-2023-38403iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-38403
CVE-2023-38409An issue was discovered in set_con2fb_map in drivers/video/fbdev/core/fbcon.c in the Linux kernel before 6.2.12. Because an assignment occurs only for the first vc, the fbcon_registered_fb and fbcon_display arrays can be desynchronized in fbcon_mode_deleted (the con2fb_map points at the old fb_info).5.5https://nvd.nist.gov/vuln/detail/CVE-2023-38409
CVE-2020-23910Stack-based buffer overflow vulnerability in asn1c through v0.9.28 via function genhash_get in genhash.c.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-23910
CVE-2020-23911An issue was discovered in asn1c through v0.9.28. A NULL pointer dereference exists in the function _default_error_logger() located in asn1fix.c. It allows an attacker to cause Denial of Service.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-23911
CVE-2021-33294In elfutils 0.183, an infinite loop was found in the function handle_symtab in readelf.c .Which allows attackers to cause a denial of service (infinite loop) via crafted file.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-33294
CVE-2023-31441In NATO Communications and Information Agency anet (aka Advisor Network) through 3.3.0, an attacker can provide a crafted JSON file to sanitizeJson and cause an exception. This is related to the U+FFFD Unicode replacement character. A for loop does not consider that a data structure is being modified during loop execution.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-31441
CVE-2023-0160A deadlock flaw was found in the Linux kernel’s BPF subsystem. This flaw allows a local user to potentially crash the system.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-0160
CVE-2023-35763Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to a cryptographic vulnerability that could allow an unauthenticated user to decrypt encrypted passwords into plaintext.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-35763
CVE-2023-37139ChakraCore branch master cbb9b was discovered to contain a stack overflow vulnerability via the function Js::ScopeSlots::IsDebuggerScopeSlotArray().5.5https://nvd.nist.gov/vuln/detail/CVE-2023-37139
CVE-2023-37140ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function Js::DiagScopeVariablesWalker::GetChildrenCount().5.5https://nvd.nist.gov/vuln/detail/CVE-2023-37140
CVE-2023-37141ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function Js::ProfilingHelpers::ProfiledNewScArray().5.5https://nvd.nist.gov/vuln/detail/CVE-2023-37141
CVE-2023-37142ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function Js::EntryPointInfo::HasInlinees().5.5https://nvd.nist.gov/vuln/detail/CVE-2023-37142
CVE-2023-37143ChakraCore branch master cbb9b was discovered to contain a segmentation violation via the function BackwardPass::IsEmptyLoopAfterMemOp().5.5https://nvd.nist.gov/vuln/detail/CVE-2023-37143
CVE-2023-22017Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.46 and Prior to 7.0.10. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. Note: This vulnerability applies to Windows VMs only. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).5.5https://nvd.nist.gov/vuln/detail/CVE-2023-22017
CVE-2023-32635XBRL data create application version 7.0 and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XBRL file, arbitrary files on the system may be read by an attacker.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-32635
CVE-2022-40896A ReDoS issue was discovered in pygments/lexers/smithy.py in pygments through 2.15.0 via SmithyLexer.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-40896
CVE-2023-37748ngiflib commit 5e7292 was discovered to contain an infinite loop via the function DecodeGifImg at ngiflib.c.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-37748
CVE-2023-32446\nDell Wyse ThinOS versions prior to 2303 (9.4.1141) contain a sensitive information disclosure vulnerability. An unauthenticated malicious user with local access to the device could exploit this vulnerability to read sensitive information written to the log files.\n\n5.5https://nvd.nist.gov/vuln/detail/CVE-2023-32446
CVE-2023-32447\nDell Wyse ThinOS versions prior to 2306 (9.4.2103) contain a sensitive information disclosure vulnerability. A malicious user with local access to the device could exploit this vulnerability to read sensitive information written to the log files.\n\n5.5https://nvd.nist.gov/vuln/detail/CVE-2023-32447
CVE-2023-32455\nDell Wyse ThinOS versions prior to 2208 (9.3.2102) contain a sensitive information disclosure vulnerability. An unauthenticated malicious user with local access to the device could exploit this vulnerability to read sensitive information written to the log files.\n\n5.5https://nvd.nist.gov/vuln/detail/CVE-2023-32455
CVE-2023-32476\nDell Hybrid Client version 2.0 contains a Sensitive Data Exposure vulnerability. An unauthenticated malicious user on the device can access hard coded secrets in javascript files.\n\n5.5https://nvd.nist.gov/vuln/detail/CVE-2023-32476
CVE-2023-2430A vulnerability was found due to missing lock for IOPOLL flaw in io_cqring_event_overflow() in io_uring.c in Linux Kernel. This flaw allows a local attacker with user privilege to trigger a Denial of Service threat.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-2430
CVE-2023-20593\nAn issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.\n\n\n\n\n\n\n5.5https://nvd.nist.gov/vuln/detail/CVE-2023-20593
CVE-2023-32639Applicant Programme Ver.7.06 and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-32639
CVE-2023-33802A buffer overflow in SumatraPDF Reader v3.4.6 allows attackers to cause a Denial of Service (DoS) via a crafted text file.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-33802
CVE-2023-38606This issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to modify sensitive kernel state. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-38606
CVE-2023-32416A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5, watchOS 9.6. An app may be able to read sensitive location information.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-32416
CVE-2023-32429The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. An app may be able to bypass Privacy preferences.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-32429
CVE-2023-32442An access issue was addressed with improved access restrictions. This issue is fixed in macOS Ventura 13.5, macOS Monterey 12.6.8. A shortcut may be able to modify sensitive Shortcuts app settings.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-32442
CVE-2021-41353Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability5.4https://nvd.nist.gov/vuln/detail/CVE-2021-41353
CVE-2021-41354Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability5.4https://nvd.nist.gov/vuln/detail/CVE-2021-41354
CVE-2021-41361Active Directory Federation Server Spoofing Vulnerability5.4https://nvd.nist.gov/vuln/detail/CVE-2021-41361
CVE-2022-36404Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in David Cole Simple SEO (WordPress plugin) plugin <= 1.8.12 versions.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-36404
CVE-2021-34506Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability5.4https://nvd.nist.gov/vuln/detail/CVE-2021-34506
CVE-2023-3319Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iDisplay PlatPlay DS allows Stored XSS.This issue affects PlatPlay DS: before 3.14.\n\n5.4https://nvd.nist.gov/vuln/detail/CVE-2023-3319
CVE-2023-37272JS7 is an Open Source Job Scheduler. Users specify file names when uploading files holding user-generated documentation for JOC Cockpit. Specifically crafted file names allow an XSS attack to inject code that is executed with the browser. Risk of the vulnerability is considered high for branch 1.13 of JobScheduler (JS1). The vulnerability does not affect branch 2.x of JobScheduler (JS7) for releases after 2.1.0. The vulnerability is resolved with release 1.13.19.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-37272
CVE-2023-2082The "Buy Me a Coffee – Button and Widget Plugin" plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 3.6 due to insufficient sanitization and escaping on the 'text value set via the bmc_post_reception action. This makes it possible for authenticated attackers, with subscriber-level permissions, and above to inject arbitrary web scripts into pages that execute whenever a victim accesses a page with the injected scripts.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-2082
CVE-2023-3434Improper Input Validation in the hyperlink interpretation in Savoir-faire Linux's Jami (version 20222284) on Windows. \n\nThis allows an attacker to send a custom HTML anchor tag to pass a string value to the Windows QRC Handler through the Jami messenger.\n\n5.4https://nvd.nist.gov/vuln/detail/CVE-2023-3434
CVE-2023-24896Dynamics 365 Finance Spoofing Vulnerability5.4https://nvd.nist.gov/vuln/detail/CVE-2023-24896
CVE-2023-37223Cross Site Scripting (XSS) vulnerability in Archer Platform before v.6.13 and fixed in v.6.12.0.6 and v.6.13.0 allows a remote authenticated attacker to execute arbitrary code via a crafted malicious script.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-37223
CVE-2023-38350PNP4Nagios through 81ebfc5 has stored XSS in the AJAX controller via the basket API and filters. This affects 0.6.26.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-38350
CVE-2023-0439The NEX-Forms WordPress plugin before 8.4.4 does not escape its form name, which could lead to Stored Cross-Site Scripting issues. By default only SuperAdmins (in multisite) / admins (in single site) can create forms, however there is a settings allowing them to give lower roles access to such feature.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-0439
CVE-2023-2143The Enable SVG, WebP & ICO Upload WordPress plugin through 1.0.3 does not sanitize SVG file contents, leading to a Cross-Site Scripting vulnerability.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-2143
CVE-2023-2579The InventoryPress WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow users with the role of author and above to perform Stored Cross-Site Scripting attacks.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-2579
CVE-2023-3418The Querlo Chatbot WordPress plugin through 1.2.4 does not escape or sanitize chat messages, leading to a stored Cross-Site Scripting vulnerability.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-3418
CVE-2023-36656Cross Site Scripting (XSS) vulnerability in Jaegertracing Jaeger UI before v.1.31.0 allows a remote attacker to execute arbitrary code via the KeyValuesTable component.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-36656
CVE-2023-3586Mattermost fails to disable public Boards after the "Enable Publicly-Shared Boards" configuration option is disabled, resulting in previously-shared public Boards to remain accessible.\n\n5.4https://nvd.nist.gov/vuln/detail/CVE-2023-3586
CVE-2023-2433The YARPP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'className' parameter in versions up to, and including, 5.30.3 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-2433
CVE-2023-36383Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce plugin <= 3.9.5 versions.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-36383
CVE-2023-37259matrix-react-sdk is a react-based SDK for inserting a Matrix chat/voip client into a web page. The Export Chat feature includes certain attacker-controlled elements in the generated document without sufficient escaping, leading to stored Cross site scripting (XSS). Since the Export Chat feature generates a separate document, an attacker can only inject code run from the `null` origin, restricting the impact. However, the attacker can still potentially use the XSS to leak message contents. A malicious homeserver is a potential attacker since the affected inputs are controllable server-side. This issue has been addressed in commit `22fcd34c60` which is included in release version 3.76.0. Users are advised to upgrade. The only known workaround for this issue is to disable or to not use the Export Chat feature.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-37259
CVE-2023-22011Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 5.4 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L).5.4https://nvd.nist.gov/vuln/detail/CVE-2023-22011
CVE-2023-22020Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).5.4https://nvd.nist.gov/vuln/detail/CVE-2023-22020
CVE-2023-22039Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: WebClient). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Agile PLM, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Agile PLM accessible data as well as unauthorized read access to a subset of Oracle Agile PLM accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).5.4https://nvd.nist.gov/vuln/detail/CVE-2023-22039
CVE-2023-22050Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security). Supported versions that are affected are Prior to 9.2.7.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of JD Edwards EnterpriseOne Orchestrator accessible data as well as unauthorized read access to a subset of JD Edwards EnterpriseOne Orchestrator accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).5.4https://nvd.nist.gov/vuln/detail/CVE-2023-22050
CVE-2023-22061Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Visual Analyzer). The supported version that is affected is 6.4.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).5.4https://nvd.nist.gov/vuln/detail/CVE-2023-22061
CVE-2023-30433IBM Security Verify Access 10.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. This could allow the attacker to obtain highly sensitive information or conduct further attacks against the victim. IBM X-Force ID: 252186.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-30433
CVE-2023-29260IBM Sterling Connect:Express for UNIX 1.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 252135.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-29260
CVE-2023-3783A vulnerability was found in Webile 1.0.1. It has been classified as problematic. Affected is an unknown function of the component HTTP POST Request Handler. The manipulation of the argument new_file_name/c leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-235050 is the identifier assigned to this vulnerability.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-3783
CVE-2023-3784A vulnerability was found in Dooblou WiFi File Explorer 1.13.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument search/order/download/mode leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235051.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-3784
CVE-2023-3785A vulnerability was found in PaulPrinting CMS 2018. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument firstname/lastname/address/city/state leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235052.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-3785
CVE-2023-3787A vulnerability classified as problematic was found in Codecanyon Tiva Events Calender 1.4. This vulnerability affects unknown code. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-235054 is the identifier assigned to this vulnerability.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-3787
CVE-2023-3788A vulnerability, which was classified as problematic, has been found in ActiveITzone Active Super Shop CMS 2.5. This issue affects some unknown processing of the component Manage Details Page. The manipulation of the argument name/phone/address leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235055.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-3788
CVE-2023-3790A vulnerability has been found in Boom CMS 8.0.7 and classified as problematic. Affected by this vulnerability is the function add of the component assets-manager. The manipulation of the argument title/description leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-235057 was assigned to this vulnerability.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-3790
CVE-2023-25837\nThere is a Cross-site Scripting vulnerability in Esri Portal Sites in versions 10.8.1 – 10.9 that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victims browser.  The privileges required to execute this attack are high.\n\n\n\n5.4https://nvd.nist.gov/vuln/detail/CVE-2023-25837
CVE-2023-3821Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.6.4.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-3821
CVE-2023-37901Indico is an open source a general-purpose, web based event management tool. There is a Cross-Site-Scripting vulnerability in confirmation prompts commonly used when deleting content from Indico. Exploitation requires someone with at least submission privileges (such as a speaker) and then someone else to attempt to delete this content. Considering that event organizers may want to delete suspicious-looking content when spotting it, there is a non-negligible risk of such an attack to succeed. The risk of this could be further increased when combined with some some social engineering pointing the victim towards this content. Users need to update to Indico 3.2.6 as soon as possible. See the docs for instructions on how to update. Users who cannot upgrade should only let trustworthy users manage categories, create events or upload materials ("submission" privileges on a contribution/event). This should already be the case in a properly-configured setup when it comes to category/event management. Note that a conference doing a Call for Abstracts actively invites external speakers (who the organizers may not know and thus cannot fully trust) to submit content, hence the need to update to a a fixed version ASAP in particular when using such workflows.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-37901
CVE-2023-25929IBM Cognos Analytics 11.1 and 11.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 247861.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-25929
CVE-2023-28530IBM Cognos Analytics 11.1 and 11.2 is vulnerable to stored cross-site scripting, caused by improper validation of SVG Files in Custom Visualizations. A remote attacker could exploit this vulnerability to execute scripts in a victim's Web browser within the security context of the hosting Web site. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IBM X-Force ID: 251214.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-28530
CVE-2023-3831A vulnerability was found in Bug Finder Finounce 1.0 and classified as problematic. This issue affects some unknown processing of the file /user/ticket/create of the component Ticket Handler. The manipulation of the argument message leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-235157 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-3831
CVE-2023-38057An improper input validation vulnerability in OTRS Survey modules allows any attacker with a link to a valid and unanswered survey request to inject javascript code in free text answers. This allows a cross site scripting attack while reading the replies as authenticated agent.\nThis issue affects OTRS Survey module from 7.0.X before 7.0.32, from 8.0.X before 8.0.13 and ((OTRS)) Community Edition Survey module from 6.0.X through 6.0.22.\n\n5.4https://nvd.nist.gov/vuln/detail/CVE-2023-38057
CVE-2023-3323\nA vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted\nprograms to exploit the vulnerabilities by allowing them to run on the zenon installed hosts.\nThis issue affects ABB Ability™ zenon: from 11 build through 11 build 106404.\n\n\n\n5.4https://nvd.nist.gov/vuln/detail/CVE-2023-3323
CVE-2023-25074\nImproper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Competencies.\n\n\n\n\n\n\nThis issue affects Command Centre: vEL8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2), vEL8.70 prior to vEL8.70.2185 (MR4), \n\nvEL8.60 prior to vEL8.60.2347 (MR6),\n\nvEL8.50 prior to vEL8.50.2831 (MR8), all versions vEL8.40 and prior.\n\n\n5.4https://nvd.nist.gov/vuln/detail/CVE-2023-25074
CVE-2023-23568\nImproper privilege validation in Command Centre Server allows authenticated unprivileged operators to modify and view Personal Data Fields.\n\nThis issue affects Command Centre: vEL\n\n8.90 prior to vEL8.90.1318 (MR1), vEL8.80 prior to vEL8.80.1192 (MR2), \n\nvEL8.70 prior to \n\nvEL8.70.2185 (MR4), \n\nvEL8.60 prior to \n\nvEL8.60.2347 (MR6), \n\nvEL8.50 prior to \n\nvEL8.50.2831 (MR8), all versions \n\nvEL8.40 and prior\n\n\n\n5.4https://nvd.nist.gov/vuln/detail/CVE-2023-23568
CVE-2023-23833Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Steven Henty Drop Shadow Boxes plugin <= 1.7.10 versions.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-23833
CVE-2023-36503Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Max Foundry WordPress Button Plugin MaxButtons plugin <= 9.5.3 versions.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-36503
CVE-2023-37257DataEase is an open source data visualization analysis tool. Prior to version 1.18.9, the DataEase panel and dataset have a stored cross-site scripting vulnerability. The vulnerability has been fixed in v1.18.9. There are no known workarounds.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-37257
CVE-2023-39153A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Authentication Plugin 1.17.1 and earlier allows attackers to trick users into logging in to the attacker's account.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-39153
CVE-2021-40456Windows AD FS Security Feature Bypass Vulnerability5.3https://nvd.nist.gov/vuln/detail/CVE-2021-40456
CVE-2021-40482Microsoft SharePoint Server Information Disclosure Vulnerability5.3https://nvd.nist.gov/vuln/detail/CVE-2021-40482
CVE-2021-41346Console Window Host Security Feature Bypass Vulnerability5.3https://nvd.nist.gov/vuln/detail/CVE-2021-41346
CVE-2022-28666Broken Access Control vulnerability in YIKES Inc. Custom Product Tabs for WooCommerce plugin <= 1.7.7 at WordPress leading to &yikes-the-content-toggle option update.\n\n5.3https://nvd.nist.gov/vuln/detail/CVE-2022-28666
CVE-2022-40258AMI Megarac Weak password hashes for\nRedfish & API \n\n\n\n5.3https://nvd.nist.gov/vuln/detail/CVE-2022-40258
CVE-2023-23494A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 16.4 and iPadOS 16.4. A user in a privileged network position may be able to cause a denial-of-service.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-23494
CVE-2023-32013Windows Hyper-V Denial of Service Vulnerability5.3https://nvd.nist.gov/vuln/detail/CVE-2023-32013
CVE-2023-2975Issue summary: The AES-SIV cipher implementation contains a bug that causes\nit to ignore empty associated data entries which are unauthenticated as\na consequence.\n\nImpact summary: Applications that use the AES-SIV algorithm and want to\nauthenticate empty data entries as associated data can be mislead by removing\nadding or reordering such empty entries as these are ignored by the OpenSSL\nimplementation. We are currently unaware of any such applications.\n\nThe AES-SIV algorithm allows for authentication of multiple associated\ndata entries along with the encryption. To authenticate empty data the\napplication has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with\nNULL pointer as the output buffer and 0 as the input buffer length.\nThe AES-SIV implementation in OpenSSL just returns success for such a call\ninstead of performing the associated data authentication operation.\nThe empty data thus will not be authenticated.\n\nAs this issue does not affect non-empty associated data authentication and\nwe expect it to be rare for an application to use empty associated data\nentries this is qualified as Low severity issue.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-2975
CVE-2023-33857IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain system information using a specially crafted query that could aid in further attacks against the system. IBM X-Force ID: 257695.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-33857
CVE-2023-35901IBM Robotic Process Automation 21.0.0 through 21.0.7.6 and 23.0.0 through 23.0.6 is vulnerable to client side validation bypass which could allow invalid changes or values in some fields. IBM X-Force ID: 259380.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-35901
CVE-2022-4023The 3DPrint WordPress plugin before 3.5.6.9 does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious request that will create an archive of any files or directories on the target server by tricking a logged in admin into submitting a form. Furthermore the created archive has a predictable location and name, allowing the attacker to download the file if they know the time at which the form was submitted, making it possible to leak sensitive files like the WordPress configuration containing database credentials and secrets.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-4023
CVE-2023-3709The Royal Elementor Addons plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 1.3.70 due to the plugin adding the API key to the source code of any page running the MailChimp block. This makes it possible for unauthenticated attackers to obtain a site's MailChimp API key. We recommend resetting any MailChimp API keys if running a vulnerable version of this plugin with the MailChimp block enabled as the API key may have been compromised.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-3709
CVE-2023-34035Spring Security versions 5.8 prior to 5.8.5, 6.0 prior to 6.0.5, and 6.1 prior to 6.1.2 could be susceptible to authorization rule misconfiguration if the application uses requestMatchers(String) and multiple servlets, one of them being Spring MVC’s DispatcherServlet. (DispatcherServlet is a Spring MVC component that maps HTTP endpoints to methods on @Controller-annotated classes.)\n\nSpecifically, an application is vulnerable when all of the following are true:\n\n * Spring MVC is on the classpath\n * Spring Security is securing more than one servlet in a single application (one of them being Spring MVC’s DispatcherServlet)\n * The application uses requestMatchers(String) to refer to endpoints that are not Spring MVC endpoints\n\n\nAn application is not vulnerable if any of the following is true:\n\n * The application does not have Spring MVC on the classpath\n * The application secures no servlets other than Spring MVC’s DispatcherServlet\n * The application uses requestMatchers(String) only for Spring MVC endpoints\n\n\n\n5.3https://nvd.nist.gov/vuln/detail/CVE-2023-34035
CVE-2023-35900IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.4 and 23.0.0 through 23.0.5 is vulnerable to disclosing server version information which may be used to determine software vulnerabilities at the operating system level. IBM X-Force ID: 259368.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-35900
CVE-2023-29259IBM Sterling Connect:Express for UNIX 1.5 browser UI is vulnerable to attacks that rely on the use of cookies without the SameSite attribute. IBM X-Force ID: 252055.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-29259
CVE-2023-3446Issue summary: Checking excessively long DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_check(), DH_check_ex()\nor EVP_PKEY_param_check() to check a DH key or DH parameters may experience long\ndelays. Where the key or parameters that are being checked have been obtained\nfrom an untrusted source this may lead to a Denial of Service.\n\nThe function DH_check() performs various checks on DH parameters. One of those\nchecks confirms that the modulus ('p' parameter) is not too large. Trying to use\na very large modulus is slow and OpenSSL will not normally use a modulus which\nis over 10,000 bits in length.\n\nHowever the DH_check() function checks numerous aspects of the key or parameters\nthat have been supplied. Some of those checks use the supplied modulus value\neven if it has already been found to be too large.\n\nAn application that calls DH_check() and supplies a key or parameters obtained\nfrom an untrusted source could be vulernable to a Denial of Service attack.\n\nThe function DH_check() is itself called by a number of other OpenSSL functions.\nAn application calling any of those other functions may similarly be affected.\nThe other functions affected by this are DH_check_ex() and\nEVP_PKEY_param_check().\n\nAlso vulnerable are the OpenSSL dhparam and pkeyparam command line applications\nwhen using the '-check' option.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-3446
CVE-2023-3300HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. Fixed in 1.6.0, 1.5.7, and 1.4.1.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-3300
CVE-2023-3779The Essential Addons For Elementor plugin for WordPress is vulnerable to unauthenticated API key disclosure in versions up to, and including, 5.8.1 due to the plugin adding the API key to the source code of any page running the MailChimp block. This makes it possible for unauthenticated attackers to obtain a site's MailChimp API key. We recommend resetting any MailChimp API keys if running a vulnerable version of this plugin with the MailChimp block enabled as the API key may have been compromised. This only affects sites running the premium version of the plugin and that have the Mailchimp block enabled on a page.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-3779
CVE-2023-34967A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the mdssvc protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a caller may trigger a crash in talloc_get_size() when talloc detects that the passed-in pointer is not a valid talloc pointer. With an RPC worker process shared among multiple client connections, a malicious client or attacker can trigger a process crash in a shared RPC mdssvc worker process, affecting all other clients this worker serves.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-34967
CVE-2023-34968A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search queries. This flaw allows a malicious client or an attacker with a targeted RPC request to view the information that is part of the disclosed path.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-34968
CVE-2023-38335Omnis Studio 10.22.00 has incorrect access control. It advertises a feature for making Omnis libraries "always private" - this is supposed to be an irreversible operation. However, due to implementation issues, "always private" Omnis libraries can be opened by the Omnis Studio browser by bypassing specific checks. This violates the expected behavior of an "irreversible operation".5.3https://nvd.nist.gov/vuln/detail/CVE-2023-38335
CVE-2023-38523The web interface on multiple Samsung Harman AMX N-Series devices allows directory listing for the /tmp/ directory, without authentication, exposing sensitive information such as the command history and screenshot of the file being processed. This affects N-Series N1115 Wallplate Video Encoder before 1.15.61, N-Series N1x22A Video Encoder/Decoder before 1.15.61, N-Series N1x33A Video Encoder/Decoder before 1.15.61, N-Series N1x33 Video Encoder/Decoder before 1.15.61, N-Series N2x35 Video Encoder/Decoder before 1.15.61, N-Series N2x35A Video Encoder/Decoder before 1.15.61, N-Series N2xx2 Video Encoder/Decoder before 1.15.61, N-Series N2xx2A Video Encoder/Decoder before 1.15.61, N-Series N3000 Video Encoder/Decoder before 2.12.105, and N-Series N4321 Audio Transceiver before 1.00.06.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-38523
CVE-2023-37645eyoucms v1.6.3 was discovered to contain an information disclosure vulnerability via the component /custom_model_path/recruit.filelist.txt.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-37645
CVE-2023-3102A sensitive information leak issue has been discovered in GitLab EE affecting all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1, which allows access to titles of private issue and MR.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-3102
CVE-2023-33777An issue in /functions/fbaorder.php of Prestashop amazon before v5.2.24 allows attackers to execute a directory traversal attack.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-33777
CVE-2023-39155Jenkins Chef Identity Plugin 2.0.3 and earlier does not mask the user.pem key form field, increasing the potential for attackers to observe and capture it.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-39155
CVE-2023-39156A cross-site request forgery (CSRF) vulnerability in Jenkins Bazaar Plugin 1.22 and earlier allows attackers to delete previously created Bazaar SCM tags.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-39156
CVE-2021-31199Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability5.2https://nvd.nist.gov/vuln/detail/CVE-2021-31199
CVE-2021-31201Microsoft Enhanced Cryptographic Provider Elevation of Privilege Vulnerability5.2https://nvd.nist.gov/vuln/detail/CVE-2021-31201
CVE-2023-22041Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK executes to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).5.1https://nvd.nist.gov/vuln/detail/CVE-2023-22041
CVE-2021-319443D Viewer Information Disclosure Vulnerability5https://nvd.nist.gov/vuln/detail/CVE-2021-31944
CVE-2021-41337Active Directory Security Feature Bypass Vulnerability4.9https://nvd.nist.gov/vuln/detail/CVE-2021-41337
CVE-2023-37480Fides is an open-source privacy engineering platform for managing data privacy requests and privacy regulations. The Fides webserver is vulnerable to a type of Denial of Service (DoS) attack. Attackers can exploit a weakness in the connector template upload feature to upload a malicious zip bomb file, resulting in resource exhaustion and service unavailability for all users of the Fides webserver. This vulnerability affects Fides versions `2.11.0` through `2.15.1`. Exploitation is limited to users with elevated privileges with the `CONNECTOR_TEMPLATE_REGISTER` scope, which includes root users and users with the owner role. The vulnerability has been patched in Fides version `2.16.0`. Users are advised to upgrade to this version or later to secure their systems against this threat. There is no known workaround to remediate this vulnerability without upgrading. If an attack occurs, the impact can be mitigated by manually or automatically restarting the affected container.\n4.9https://nvd.nist.gov/vuln/detail/CVE-2023-37480
CVE-2023-37481Fides is an open-source privacy engineering platform for managing data privacy requests and privacy regulations. The Fides webserver is vulnerable to a type of Denial of Service (DoS) attack. Attackers can exploit this vulnerability to upload zip files containing malicious SVG bombs (similar to a billion laughs attack), causing resource exhaustion in Admin UI browser tabs and creating a persistent denial of service of the 'new connector' page (`datastore-connection/new`). This vulnerability affects Fides versions `2.11.0` through `2.15.1`. Exploitation is limited to users with elevated privileges with the `CONNECTOR_TEMPLATE_REGISTER` scope, which includes root users and users with the owner role. The vulnerability has been patched in Fides version `2.16.0`. Users are advised to upgrade to this version or later to secure their systems against this threat. There is no known workaround to remediate this vulnerability without upgrading.4.9https://nvd.nist.gov/vuln/detail/CVE-2023-37481
CVE-2023-22034Vulnerability in the Unified Audit component of Oracle Database Server. Supported versions that are affected are 19.3-19.19 and 21.3-21.10. Easily exploitable vulnerability allows high privileged attacker having SYSDBA privilege with network access via Oracle Net to compromise Unified Audit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Unified Audit accessible data. CVSS 3.1 Base Score 4.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N).4.9https://nvd.nist.gov/vuln/detail/CVE-2023-22034
CVE-2023-32482\nWyse Management Suite versions prior to 4.0 contain an improper authorization vulnerability. An authenticated malicious user with privileged access can push policies to unauthorized tenant group.\n\n4.9https://nvd.nist.gov/vuln/detail/CVE-2023-32482
CVE-2023-32478\nDell PowerStore versions prior to 3.5.0.1 contain an insertion of sensitive information into log file vulnerability. A high privileged malicious user could potentially exploit this vulnerability, leading to sensitive information disclosure.\n\n4.9https://nvd.nist.gov/vuln/detail/CVE-2023-32478
CVE-2023-38195Datalust Seq before 2023.2.9489 allows insertion of sensitive information into an externally accessible file or directory. This is exploitable only when external (SQL Server or PostgreSQL) metadata storage is used. Exploitation can only occur from a high-privileged user account.4.9https://nvd.nist.gov/vuln/detail/CVE-2023-38195
CVE-2021-26414Windows DCOM Server Security Feature Bypass4.8https://nvd.nist.gov/vuln/detail/CVE-2021-26414
CVE-2023-2029The PrePost SEO WordPress plugin through 3.0 does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)4.8https://nvd.nist.gov/vuln/detail/CVE-2023-2029
CVE-2023-3245The Floating Chat Widget WordPress plugin before 3.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)4.8https://nvd.nist.gov/vuln/detail/CVE-2023-3245
CVE-2022-47421Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Repute InfoSystems ARMember (free), Repute InfoSystems ARMember (premium) plugins.4.8https://nvd.nist.gov/vuln/detail/CVE-2022-47421
CVE-2023-24390Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WeSecur Security plugin <= 1.2.1 versions.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-24390
CVE-2023-33329Auth. (admin+) Reflected Cross-Site Scripting (XSS) vulnerability in Hijiri Custom Post Type Generator plugin <= 2.4.2 versions.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-33329
CVE-2023-25835\nThere is a Cross-site Scripting vulnerability in Esri Portal Sites in versions 10.8.1 – 11.1 that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victims browser.  The privileges required to execute this attack are high.\n\n\n\n4.8https://nvd.nist.gov/vuln/detail/CVE-2023-25835
CVE-2023-3837A vulnerability classified as problematic has been found in DedeBIZ 6.2.10. Affected is an unknown function of the file /admin/sys_sql_query.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235188. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-3837
CVE-2023-3838A vulnerability classified as problematic was found in DedeBIZ 6.2.10. Affected by this vulnerability is an unknown functionality of the file /admin/vote_edit.php. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-235189 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-3838
CVE-2023-3248The All-in-one Floating Contact Form WordPress plugin before 2.1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)4.8https://nvd.nist.gov/vuln/detail/CVE-2023-3248
CVE-2023-3344The Auto Location for WP Job Manager via Google WordPress plugin before 1.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)4.8https://nvd.nist.gov/vuln/detail/CVE-2023-3344
CVE-2023-34369Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GrandSlambert Login Configurator plugin <= 2.1 versions.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-34369
CVE-2021-41339Microsoft DWM Core Library Elevation of Privilege Vulnerability4.7https://nvd.nist.gov/vuln/detail/CVE-2021-41339
CVE-2023-27952A race condition was addressed with improved locking. This issue is fixed in macOS Ventura 13.3. An app may bypass Gatekeeper checks.4.7https://nvd.nist.gov/vuln/detail/CVE-2023-27952
CVE-2023-36836A Use of an Uninitialized Resource vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with low privileges to cause a Denial of Service (DoS).\n\nOn all Junos OS and Junos OS Evolved platforms, in a Multicast only Fast Reroute (MoFRR) scenario, the rpd process can crash when a a specific low privileged CLI command is executed. The rpd crash will impact all routing protocols until the process has automatically been restarted. As the operational state which makes this issue exploitable is outside the attackers control, this issue is considered difficult to exploit. Continued execution of this command will lead to a sustained DoS.\n\nThis issue affects:\nJuniper Networks Junos OS\n19.4 version 19.4R3-S5 and later versions prior to 19.4R3-S9;\n20.1 version 20.1R2 and later versions;\n20.2 versions prior to 20.2R3-S7;\n20.3 versions prior to 20.3R3-S5;\n20.4 versions prior to 20.4R3-S6;\n21.1 versions prior to 21.1R3-S4;\n21.2 versions prior to 21.2R3-S2;\n21.3 versions prior to 21.3R3-S1;\n21.4 versions prior to 21.4R3;\n22.1 versions prior to 22.1R1-S2, 22.1R2;\n22.2 versions prior to 22.2R2.\n\nJuniper Networks Junos OS Evolved\nAll versions prior to 20.4R3-S6-EVO;\n21.1-EVO version 21.1R1-EVO and later versions;\n21.2-EVO version 21.2R1-EVO and later versions;\n21.3-EVO versions prior to 21.3R3-S1-EVO;\n21.4-EVO versions prior to 21.4R3-EVO;\n22.1-EVO versions prior to 22.1R1-S2-EVO, 22.1R2-EVO;\n22.2-EVO versions prior to 22.2R2-EVO.\n4.7https://nvd.nist.gov/vuln/detail/CVE-2023-36836
CVE-2023-33832IBM Spectrum Protect 8.1.0.0 through 8.1.17.0 could allow a local user to cause a denial of service due to due to improper time-of-check to time-of-use functionality. IBM X-Force ID: 256012.4.7https://nvd.nist.gov/vuln/detail/CVE-2023-33832
CVE-2023-35392Microsoft Edge (Chromium-based) Spoofing Vulnerability4.7https://nvd.nist.gov/vuln/detail/CVE-2023-35392
CVE-2023-3862A vulnerability was found in Travelmate Travelable Trek Management Solution 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Comment Box Handler. The manipulation of the argument comment leads to cross site scripting. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. VDB-235214 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.4.7https://nvd.nist.gov/vuln/detail/CVE-2023-3862
CVE-2023-32391The issue was addressed with improved checks. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, watchOS 9.5, iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. A shortcut may be able to use sensitive data with certain actions without prompting the user.4.6https://nvd.nist.gov/vuln/detail/CVE-2023-32391
CVE-2023-3497Out of bounds read in Google Security Processor firmware in Google Chrome on Chrome OS prior to 114.0.5735.90 allowed a local attacker to perform denial of service via physical access to the device. (Chromium security severity: Medium)4.6https://nvd.nist.gov/vuln/detail/CVE-2023-3497
CVE-2023-30791Plane version 0.7.1-dev allows an attacker to change the avatar of his profile, which allows uploading files with HTML extension that interprets both HTML and JavaScript.\n4.6https://nvd.nist.gov/vuln/detail/CVE-2023-30791
CVE-2023-2269A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component.4.4https://nvd.nist.gov/vuln/detail/CVE-2023-2269
CVE-2023-22031Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 14.1.1.0.0 and 12.2.1.4.0. Difficult to exploit vulnerability allows high privileged attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).4.4https://nvd.nist.gov/vuln/detail/CVE-2023-22031
CVE-2023-32483\nWyse Management Suite versions prior to 4.0 contain a sensitive information disclosure vulnerability. An authenticated malicious user having local access to the system running the application could exploit this vulnerability to read sensitive information written to log files.\n\n4.4https://nvd.nist.gov/vuln/detail/CVE-2023-32483
CVE-2021-42307Microsoft Edge (Chromium-based) Information Disclosure Vulnerability4.3https://nvd.nist.gov/vuln/detail/CVE-2021-42307
CVE-2023-23487IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to insufficient audit logging. IBM X-Force ID: 245918.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-23487
CVE-2023-37275Auto-GPT is an experimental open-source application showcasing the capabilities of the GPT-4 language model. The Auto-GPT command line UI makes heavy use of color-coded print statements to signify different types of system messages to the user, including messages that are crucial for the user to review and control which commands should be executed. Before v0.4.3, it was possible for a malicious external resource (such as a website browsed by Auto-GPT) to cause misleading messages to be printed to the console by getting the LLM to regurgitate JSON encoded ANSI escape sequences (`\\u001b[`). These escape sequences were JSON decoded and printed to the console as part of the model's "thinking process". The issue has been patched in release version 0.4.3.\n4.3https://nvd.nist.gov/vuln/detail/CVE-2023-37275
CVE-2023-36883Microsoft Edge for iOS Spoofing Vulnerability4.3https://nvd.nist.gov/vuln/detail/CVE-2023-36883
CVE-2023-36466Discourse is an open source discussion platform. When editing a topic, there is a vulnerability that enables a user to bypass the topic title validations for things like title length, number of emojis in title and blank topic titles. The issue is patched in the latest stable, beta and tests-passed version of Discourse.\n4.3https://nvd.nist.gov/vuln/detail/CVE-2023-36466
CVE-2023-3700Improper Access Control in GitHub repository alextselegidis/easyappointments prior to 1.5.0.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-3700
CVE-2023-3577Mattermost fails to properly restrict requests to localhost/intranet during the interactive dialog, which could allow an attacker to perform a limited blind SSRF.\n\n4.3https://nvd.nist.gov/vuln/detail/CVE-2023-3577
CVE-2023-3582Mattermost fails to verify channel membership when linking a board to a channel allowing a low-privileged authenticated user to link a Board to a private channel they don't have access to, \n\n4.3https://nvd.nist.gov/vuln/detail/CVE-2023-3582
CVE-2023-3585Mattermost Boards fail to properly validate a board link, allowing an attacker to crash a channel by posting a specially crafted boards link.\n\n4.3https://nvd.nist.gov/vuln/detail/CVE-2023-3585
CVE-2023-3403The ProfileGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pm_upload_csv' function in versions up to, and including, 5.5.1. This makes it possible for authenticated attackers, with subscriber-level permissions or above to import new users and update existing users.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-3403
CVE-2023-22004Vulnerability in the Oracle Applications Technology product of Oracle E-Business Suite (component: Reports Configuration). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Technology accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).4.3https://nvd.nist.gov/vuln/detail/CVE-2023-22004
CVE-2023-22009Vulnerability in the Oracle Self-Service Human Resources product of Oracle E-Business Suite (component: Workforce Management). Supported versions that are affected are 12.2.3-12.2.12. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Self-Service Human Resources. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Self-Service Human Resources accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).4.3https://nvd.nist.gov/vuln/detail/CVE-2023-22009
CVE-2023-22012Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). The supported version that is affected is 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).4.3https://nvd.nist.gov/vuln/detail/CVE-2023-22012
CVE-2023-22013Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).4.3https://nvd.nist.gov/vuln/detail/CVE-2023-22013
CVE-2023-22021Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).4.3https://nvd.nist.gov/vuln/detail/CVE-2023-22021
CVE-2023-22027Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Server). The supported version that is affected is 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Business Intelligence Enterprise Edition. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L).4.3https://nvd.nist.gov/vuln/detail/CVE-2023-22027
CVE-2023-38173Microsoft Edge for Android Spoofing Vulnerability4.3https://nvd.nist.gov/vuln/detail/CVE-2023-38173
CVE-2023-3247In PHP versions 8.0.* before 8.0.29, 8.1.* before 8.1.20, 8.2.* before 8.2.7 when using SOAP HTTP Digest Authentication, random value generator was not checked for failure, and was using narrower range of values than it should have. In case of random generator failure, it could lead to a disclosure of 31 bits of uninitialized memory from the client to the server, and it also made easier to a malicious server to guess the client's nonce. \n\n4.3https://nvd.nist.gov/vuln/detail/CVE-2023-3247
CVE-2023-38058An improper privilege check in the OTRS ticket move action in the agent interface allows any as agent authenticated attacker to to perform a move of an ticket without the needed permission.\nThis issue affects OTRS: from 8.0.X before 8.0.35.\n\n4.3https://nvd.nist.gov/vuln/detail/CVE-2023-38058
CVE-2023-3957The ACF Photo Gallery Field plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient restriction on the 'apg_profile_update' function in versions up to, and including, 1.9. This makes it possible for authenticated attackers, with subscriber-level permissions or above, to update the user metas arbitrarily. The meta value can only be a string.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-3957
CVE-2023-0958Several plugins for WordPress by Inisev are vulnerable to unauthorized installation of plugins due to a missing capability check on the handle_installation function that is called via the inisev_installation AJAX aciton in various versions. This makes it possible for authenticated attackers with minimal permissions, such as subscribers, to install select plugins from Inisev on vulnerable sites. CVE-2023-38514 appears to be a duplicate of this vulnerability.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-0958
CVE-2023-3977Several plugins for WordPress by Inisev are vulnerable to Cross-Site Request Forgery to unauthorized installation of plugins due to a missing nonce check on the handle_installation function that is called via the inisev_installation AJAX aciton in various versions. This makes it possible for unauthenticated attackers to install plugins from the limited list via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-3977
CVE-2023-22016Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.46 and Prior to 7.0.10. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 4.2 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H).4.2https://nvd.nist.gov/vuln/detail/CVE-2023-22016
CVE-2023-3863A use-after-free flaw was found in nfc_llcp_find_local in net/nfc/llcp_core.c in NFC in the Linux kernel. This flaw allows a local user with special privileges to impact a kernel information leak issue.4.1https://nvd.nist.gov/vuln/detail/CVE-2023-3863
CVE-2023-3072HashiCorp Nomad and Nomad Enterprise 0.7.0 up to 1.5.6 and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11.3.8https://nvd.nist.gov/vuln/detail/CVE-2023-3072
CVE-2023-21949Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 19.3-19.19 and 21.3-21.10. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Advanced Networking Option accessible data. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).3.7https://nvd.nist.gov/vuln/detail/CVE-2023-21949
CVE-2023-22036Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Utility). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).3.7https://nvd.nist.gov/vuln/detail/CVE-2023-22036
CVE-2023-22044Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371-perf, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).3.7https://nvd.nist.gov/vuln/detail/CVE-2023-22044
CVE-2023-22045Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).3.7https://nvd.nist.gov/vuln/detail/CVE-2023-22045
CVE-2023-22049Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).3.7https://nvd.nist.gov/vuln/detail/CVE-2023-22049
CVE-2023-22051Vulnerability in the Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: GraalVM Compiler). Supported versions that are affected are Oracle GraalVM Enterprise Edition: 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).3.7https://nvd.nist.gov/vuln/detail/CVE-2023-22051
CVE-2023-3803A vulnerability classified as problematic has been found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. This affects an unknown part of the file /Service/ImageStationDataService.asmx of the component File Name Handler. The manipulation leads to insufficiently random values. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235071. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.3.7https://nvd.nist.gov/vuln/detail/CVE-2023-3803
CVE-2023-3947The Video Conferencing with Zoom plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'vczapi_encrypt_decrypt' function in versions up to, and including, 4.2.1. This makes it possible for unauthenticated attackers to decrypt and view the meeting id and password.3.7https://nvd.nist.gov/vuln/detail/CVE-2023-3947
CVE-2023-23543The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in macOS Ventura 13.3, iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4, watchOS 9.4. A sandboxed app may be able to determine which app is currently using the camera.3.6https://nvd.nist.gov/vuln/detail/CVE-2023-23543
CVE-2023-3613Mattermost WelcomeBot plugin fails to to validate the membership status when inviting or adding users to channels allowing guest accounts to be added or invited to channels by default. \n\n3.5https://nvd.nist.gov/vuln/detail/CVE-2023-3613
CVE-2023-25840\nThere is a Cross-site Scripting vulnerability in ArcGIS Server in versions 10.8.1 – 11.1 that may allow a remote, authenticated attacker to create a crafted link which onmouseover wont execute but could potentially render an image in the victims browser.  The privileges required to execute this attack are high.\n\n\n\n3.4https://nvd.nist.gov/vuln/detail/CVE-2023-25840
CVE-2023-23498A logic issue was addressed with improved state management. This issue is fixed in iOS 15.7.3 and iPadOS 15.7.3, macOS Ventura 13.2, iOS 16.3 and iPadOS 16.3. The quoted original message may be selected from the wrong email when forwarding an email from an Exchange account.3.3https://nvd.nist.gov/vuln/detail/CVE-2023-23498
CVE-2023-23505A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Monterey 12.6.3, macOS Ventura 13.2, watchOS 9.3, macOS Big Sur 11.7.3, iOS 15.7.3 and iPadOS 15.7.3, iOS 16.3 and iPadOS 16.3. An app may be able to access information about a user’s contacts.3.3https://nvd.nist.gov/vuln/detail/CVE-2023-23505
CVE-2023-23523A logic issue was addressed with improved restrictions. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4. Photos belonging to the Hidden Photos Album could be viewed without authentication through Visual Lookup.3.3https://nvd.nist.gov/vuln/detail/CVE-2023-23523
CVE-2023-23541A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.4 and iPadOS 16.4. An app may be able to access information about a user’s contacts.3.3https://nvd.nist.gov/vuln/detail/CVE-2023-23541
CVE-2023-27928A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 and iPadOS 15.7.4, tvOS 16.4, watchOS 9.4, macOS Big Sur 11.7.5. An app may be able to access information about a user’s contacts.3.3https://nvd.nist.gov/vuln/detail/CVE-2023-27928
CVE-2023-28194The issue was addressed with improved checks. This issue is fixed in iOS 16.4 and iPadOS 16.4. An app may be able to unexpectedly create a bookmark on the Home Screen.3.3https://nvd.nist.gov/vuln/detail/CVE-2023-28194
CVE-2023-32386A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An app may be able to observe unprotected user data.3.3https://nvd.nist.gov/vuln/detail/CVE-2023-32386
CVE-2023-3614Mattermost fails to properly validate a gif image file, allowing an attacker to consume a significant amount of server resources, making the server unresponsive for an extended period of time by linking to specially crafted image file.\n\n3.3https://nvd.nist.gov/vuln/detail/CVE-2023-3614
CVE-2023-32712In Splunk Enterprise versions below 9.1.0.2, 9.0.5.1, and 8.2.11.2, a malicious actor can inject American National Standards Institute (ANSI) escape codes into Splunk log files that, when a vulnerable terminal application reads them, can potentially result in possible code execution in the vulnerable application. This attack requires a user to use a terminal application that supports the translation of ANSI escape codes, to read the malicious log file locally in the vulnerable terminal, and to perform additional user interaction to exploit.  The vulnerability does not affect Splunk Cloud Platform instances. The vulnerability does not directly affect Splunk Enterprise. The indirect impact on the Splunk Enterprise instance can vary significantly depending on the permissions in the vulnerable terminal application and where and how the user reads the malicious log file. For example, users can copy the malicious file from the Splunk Enterprise instance and read it on their local machine.3.1https://nvd.nist.gov/vuln/detail/CVE-2023-32712
CVE-2023-3584Mattermost fails to properly check the authorization of POST /api/v4/teams when passing a team override scheme ID in the request, allowing an authenticated attacker with knowledge of a Team Override Scheme ID to create a new team with said team override scheme.\n\n3.1https://nvd.nist.gov/vuln/detail/CVE-2023-3584
CVE-2023-22006Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).3.1https://nvd.nist.gov/vuln/detail/CVE-2023-22006
CVE-2023-22052Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.19 and 21.3-21.10. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java VM accessible data. CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N).3.1https://nvd.nist.gov/vuln/detail/CVE-2023-22052
CVE-2023-3674A flaw was found in the keylime attestation verifier, which fails to flag a device's submitted TPM quote as faulty when the quote's signature does not validate for some reason. Instead, it will only emit an error in the log without flagging the device as untrusted.2.8https://nvd.nist.gov/vuln/detail/CVE-2023-3674
CVE-2023-3587Mattermost fails to properly show information in the UI, allowing a system admin to modify a board state allowing any user with a valid sharing link to join the board with editor access, without the UI showing the updated permissions.\n\n2.7https://nvd.nist.gov/vuln/detail/CVE-2023-3587
CVE-2023-3299\n\n\nHashiCorp Nomad Enterprise 1.2.11 up to 1.5.6, and 1.4.10 ACL policies using a block without a label generates unexpected results. Fixed in 1.6.0, 1.5.7, and 1.4.11.\n\n\n2.7https://nvd.nist.gov/vuln/detail/CVE-2023-3299
CVE-2023-37361REDCap 12.0.26 LTS and 12.3.2 Standard allows SQL Injection via scheduling, repeatforms, purpose, app_title, or randomization.2.7https://nvd.nist.gov/vuln/detail/CVE-2023-37361
CVE-2023-32365The issue was addressed with improved checks. This issue is fixed in iOS 15.7.6 and iPadOS 15.7.6, iOS 16.5 and iPadOS 16.5. Shake-to-undo may allow a deleted photo to be re-surfaced without authentication.2.4https://nvd.nist.gov/vuln/detail/CVE-2023-32365
CVE-2023-32390The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, macOS Ventura 13.4. Photos belonging to the Hidden Photos Album could be viewed without authentication through Visual Lookup.2.4https://nvd.nist.gov/vuln/detail/CVE-2023-32390
CVE-2023-32394The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. A person with physical access to a device may be able to view contact information from the lock screen.2.4https://nvd.nist.gov/vuln/detail/CVE-2023-32394
CVE-2023-32417This issue was addressed by restricting options offered on a locked device. This issue is fixed in watchOS 9.5. An attacker with physical access to a locked Apple Watch may be able to view user photos or contacts via accessibility features.2.4https://nvd.nist.gov/vuln/detail/CVE-2023-32417
CVE-2023-22010Vulnerability in Oracle Essbase (component: Security and Provisioning). The supported version that is affected is 21.4.3.0.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Essbase. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Essbase accessible data. CVSS 3.1 Base Score 2.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N).2.2https://nvd.nist.gov/vuln/detail/CVE-2023-22010
CVE-2008-1145Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash (\\) path separators or case-insensitive file names, allows remote attackers to access arbitrary files via (1) "..%5c" (encoded backslash) sequences or (2) filenames that match patterns in the :NondisclosureName option.https://nvd.nist.gov/vuln/detail/CVE-2008-1145
CVE-2008-2383CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \\n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071.https://nvd.nist.gov/vuln/detail/CVE-2008-2383
CVE-2009-4492WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through patchlevel 248, 1.8.8dev, 1.9.1 through patchlevel 376, and 1.9.2dev writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator.https://nvd.nist.gov/vuln/detail/CVE-2009-4492
CVE-2011-4077Buffer overflow in the xfs_readlink function in fs/xfs/xfs_vnodeops.c in XFS in the Linux kernel 2.6, when CONFIG_XFS_DEBUG is disabled, allows local users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via an XFS image containing a symbolic link with a long pathname.https://nvd.nist.gov/vuln/detail/CVE-2011-4077
CVE-2012-0056The mem_write function in the Linux kernel before 3.2.2, when ASLR is disabled, does not properly check permissions when writing to /proc/<pid>/mem, which allows local users to gain privileges by modifying process memory, as demonstrated by Mempodipper.https://nvd.nist.gov/vuln/detail/CVE-2012-0056
CVE-2023-34434Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. \n\nThe attacker could bypass the current logic and achieve arbitrary file reading. To solve it, users are advised to upgrade to Apache InLong's 1.8.0 or cherry-pick https://github.com/apache/inlong/pull/8130 .\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-34434
CVE-2023-35088Improper Neutralization of Special Elements Used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. \nIn the toAuditCkSql method, the groupId, streamId, auditId, and dt are directly concatenated into the SQL query statement, which may lead to SQL injection attacks.\nUsers are advised to upgrade to Apache InLong's 1.8.0 or cherry-pick [1] to solve it.\n\n[1] https://github.com/apache/inlong/pull/8198 \n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-35088
CVE-2023-37895Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows attacker to remotely execute code via RMIVersions up to (including) 2.20.10 (stable branch) and 2.21.17 (unstable branch) use the component "commons-beanutils", which contains a class that can be used for remote code execution over RMI.\n\nUsers are advised to immediately update to versions 2.20.11 or 2.21.18. Note that earlier stable branches (1.0.x .. 2.18.x) have been EOLd already and do not receive updates anymore.\n\nIn general, RMI support can expose vulnerabilities by the mere presence of an exploitable class on the classpath. Even if Jackrabbit itself does not contain any code known to be exploitable anymore, adding other components to your server can expose the same type of problem. We therefore recommend to disable RMI access altogether (see further below), and will discuss deprecating RMI support in future Jackrabbit releases.\n\nHow to check whether RMI support is enabledRMI support can be over an RMI-specific TCP port, and over an HTTP binding. Both are by default enabled in Jackrabbit webapp/standalone.\n\nThe native RMI protocol by default uses port 1099. To check whether it is enabled, tools like "netstat" can be used to check.\n\nRMI-over-HTTP in Jackrabbit by default uses the path "/rmi". So when running standalone on port 8080, check whether an HTTP GET request on localhost:8080/rmi returns 404 (not enabled) or 200 (enabled). Note that the HTTP path may be different when the webapp is deployed in a container as non-root context, in which case the prefix is under the user's control.\n\nTurning off RMIFind web.xml (either in JAR/WAR file or in unpacked web application folder), and remove the declaration and the mapping definition for the RemoteBindingServlet:\n\n        <servlet>\n            <servlet-name>RMI</servlet-name>\n            <servlet-class>org.apache.jackrabbit.servlet.remote.RemoteBindingServlet</servlet-class>\n        </servlet>\n\n        <servlet-mapping>\n            <servlet-name>RMI</servlet-name>\n            <url-pattern>/rmi</url-pattern>\n        </servlet-mapping>\n\nFind the bootstrap.properties file (in $REPOSITORY_HOME), and set\n\n        rmi.enabled=false\n\n    and also remove\n\n        rmi.host\n        rmi.port\n        rmi.url-pattern\n\n If there is no file named bootstrap.properties in $REPOSITORY_HOME, it is located somewhere in the classpath. In this case, place a copy in $REPOSITORY_HOME and modify it as explained.\n\n \n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-37895
CVE-2023-38435\nAn improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Apache Felix Healthcheck Webconsole Plugin version 2.0.2 and prior may allow an attacker to perform a reflected cross-site scripting (XSS) attack.\n\nUpgrade to Apache Felix Healthcheck Webconsole Plugin 2.1.0 or higher.https://nvd.nist.gov/vuln/detail/CVE-2023-38435
CVE-2023-2626There exists an authentication bypass vulnerability in OpenThread border router devices and implementations. This issue allows unauthenticated nodes to craft radio frames using “Key ID Mode 2”: a special mode using a static encryption key to bypass security checks, resulting in arbitrary IP packets being allowed on the Thread network.\n This provides a pathway for an attacker to send/receive arbitrary IPv6 packets to devices on the LAN, potentially exploiting them if they lack additional authentication or contain any network vulnerabilities that would normally be mitigated by the home router’s NAT firewall. Effected devices have been mitigated through an automatic update beyond the affected range.\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-2626
CVE-2023-34235Strapi is an open-source headless content management system. Prior to version 4.10.8, it is possible to leak private fields if one is using the `t(number)` prefix. Knex query allows users to change the default prefix. For example, if someone changes the prefix to be the same as it was before or to another table they want to query, the query changes from `password` to `t1.password`. `password` is protected by filtering protections but `t1.password` is not protected. This can lead to filtering attacks on everything related to the object again, including admin passwords and reset-tokens. Version 4.10.8 fixes this issue.https://nvd.nist.gov/vuln/detail/CVE-2023-34235
CVE-2023-35929Tuleap is a free and open source suite to improve management of software development and collaboration. Prior to version 14.10.99.4 of Tuleap Community Edition and prior to versions 14.10-2 and 14.9-5 of Tuleap Enterprise Edition, content displayed in the "card fields" (visible in the kanban and PV2 apps) is not properly escaped. A malicious user with the capability to create an artifact or to edit a field used as a card field could force victim to execute uncontrolled code. Tuleap Community Edition 14.10.99.4, Tuleap Enterprise Edition 14.10-2, and Tuleap Enterprise Edition 14.9-5 contain a fix.https://nvd.nist.gov/vuln/detail/CVE-2023-35929
CVE-2023-35941Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, a malicious client is able to construct credentials with permanent validity in some specific scenarios. This is caused by the some rare scenarios in which HMAC payload can be always valid in OAuth2 filter's check. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, avoid wildcards/prefix domain wildcards in the host's domain configuration.https://nvd.nist.gov/vuln/detail/CVE-2023-35941
CVE-2023-35942Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, gRPC access loggers using listener's global scope can cause a `use-after-free` crash when the listener is drained. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, disable gRPC access log or stop listener update.https://nvd.nist.gov/vuln/detail/CVE-2023-35942
CVE-2023-35943Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, the CORS filter will segfault and crash Envoy when the `origin` header is removed and deleted between `decodeHeaders`and `encodeHeaders`. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, do not remove the `origin` header in the Envoy configuration.https://nvd.nist.gov/vuln/detail/CVE-2023-35943
CVE-2023-35944Envoy is an open source edge and service proxy designed for cloud-native applications. Envoy allows mixed-case schemes in HTTP/2, however, some internal scheme checks are case-sensitive. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, this can lead to the rejection of requests with mixed-case schemes such as `htTp` or `htTps`, or the bypassing of some requests such as `https` in unencrypted connections. With a fix in versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, Envoy will now lowercase scheme values by default, and change the internal scheme checks that were case-sensitive to be case-insensitive. There are no known workarounds for this issue.https://nvd.nist.gov/vuln/detail/CVE-2023-35944
CVE-2023-35980There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.https://nvd.nist.gov/vuln/detail/CVE-2023-35980
CVE-2023-35981There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.https://nvd.nist.gov/vuln/detail/CVE-2023-35981
CVE-2023-35982There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.https://nvd.nist.gov/vuln/detail/CVE-2023-35982
CVE-2023-36806Contao is an open source content management system. Starting in version 4.0.0 and prior to versions 4.9.42, 4.13.28, and 5.1.10, it is possible for untrusted backend users to inject malicious code into headline fields in the back end, which will be executed both in the element preview (back end) and on the website (front end). Installations are only affected if there are untrusted back end users who have the rights to modify headline fields, or other fields using the input unit widget. Contao 4.9.42, 4.13.28, and 5.1.10 have a patch for this issue. As a workaround, disable the login for all untrusted back end users.https://nvd.nist.gov/vuln/detail/CVE-2023-36806
CVE-2023-36826Sentry is an error tracking and performance monitoring platform. Starting in version 8.21.0 and prior to version 23.5.2, an authenticated user can download a debug or artifact bundle from arbitrary organizations and projects with a known bundle ID. The user does not need to be a member of the organization or have permissions on the project. A patch was issued in version 23.5.2 to ensure authorization checks are properly scoped on requests to retrieve debug or artifact bundles. Authenticated users who do not have the necessary permissions on the particular project are no longer able to download them. Sentry SaaS users do not need to take any action. Self-Hosted Sentry users should upgrade to version 23.5.2 or higher.https://nvd.nist.gov/vuln/detail/CVE-2023-36826
CVE-2023-39128GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a stack overflow via the function ada_decode at /gdb/ada-lang.c.https://nvd.nist.gov/vuln/detail/CVE-2023-39128
CVE-2023-39129GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap use after free via the function add_pe_exported_sym() at /gdb/coff-pe-read.c.https://nvd.nist.gov/vuln/detail/CVE-2023-39129
CVE-2023-39130GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap buffer overflow via the function pe_as16() at /gdb/coff-pe-read.c.https://nvd.nist.gov/vuln/detail/CVE-2023-39130
CVE-2020-35698Thinkific Thinkific Online Course Creation Platform 1.0 is affected by: Cross Site Scripting (XSS). The impact is: execute arbitrary code (remote). The component is: Affected Source code of the website CMS which is been used by many to host their online courses using the Thinkific Platform. The attack vector is: To exploit the vulnerability any user has to just visit the link - https://hacktify.thinkific.com/account/billing?success=%E2%80%AA%3Cscript%3Ealert(1)%3C/script%3E. ¶¶ Thinkific is a Website based Learning Platform Product which is used by thousands of users worldwide. There is a Cross Site Scripting (XSS) based vulnerability in the code of the CMS where any attacker can execute a XSS attack. Proof of Concept & Steps to Reproduce: Step1 : Go to Google.com Step 2 : Search for this Dork site:thinkific.com -www Step 3 : You will get a list of websites which are running on the thinkific domains. Step 4 : Create account and signin in any of the website Step 5 : Add this endpoint at the end of the domain and you will see that there is a XSS Alert /account/billing?success=%E2%80%AA--redacted-- Step 6 : Choose any domains from google for any website this exploit will work on all the websites as it is a code based flaw in the CMS Step 7 : Thousands of websites are vulnerable due to this vulnerable code in the CMS itself which is giving rise to the XSS attackhttps://nvd.nist.gov/vuln/detail/CVE-2020-35698
CVE-2022-31458RTX TRAP v1.0 was discovered to be vulnerable to host header poisoning.https://nvd.nist.gov/vuln/detail/CVE-2022-31458
CVE-2022-46902An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is a Path Traversal for an Unzip operation. The Vocera Report Console contains a websocket function that allows for the restoration of the database from a ZIP archive that expects a SQL import file. During the unzip operation, the code takes file paths from the ZIP archive and writes them to a Vocera temporary directory. Unfortunately, the code does not properly check if the file paths include directory traversal payloads that would escape the intended destination.https://nvd.nist.gov/vuln/detail/CVE-2022-46902
CVE-2023-37460Plexis Archiver is a collection of Plexus components to create archives or extract archives to a directory with a unified `Archiver`/`UnArchiver` API. Prior to version 4.8.0, using AbstractUnArchiver for extracting an archive might lead to an arbitrary file creation and possibly remote code execution. When extracting an archive with an entry that already exists in the destination directory as a symbolic link whose target does not exist - the `resolveFile()` function will return the symlink's source instead of its target, which will pass the verification that ensures the file will not be extracted outside of the destination directory. Later `Files.newOutputStream()`, that follows symlinks by default, will actually write the entry's content to the symlink's target. Whoever uses plexus archiver to extract an untrusted archive is vulnerable to an arbitrary file creation and possibly remote code execution. Version 4.8.0 contains a patch for this issue.https://nvd.nist.gov/vuln/detail/CVE-2023-37460
CVE-2023-37677Pligg CMS v2.0.2 (also known as Kliqqi) was discovered to contain a remote code execution (RCE) vulnerability in the component admin_editor.php.https://nvd.nist.gov/vuln/detail/CVE-2023-37677
CVE-2023-37902Vyper is a Pythonic programming language that targets the Ethereum Virtual Machine (EVM). Prior to version 0.3.10, the ecrecover precompile does not fill the output buffer if the signature does not verify. However, the ecrecover builtin will still return whatever is at memory location 0. This means that the if the compiler has been convinced to write to the 0 memory location with specially crafted data (generally, this can happen with a hashmap access or immutable read) just before the ecrecover, a signature check might pass on an invalid signature. Version 0.3.10 contains a patch for this issue.https://nvd.nist.gov/vuln/detail/CVE-2023-37902
CVE-2023-37907Cryptomator is data encryption software for users who store their files in the cloud. Prior to version 1.9.2, the MSI installer provided on the homepage allows local privilege escalation (LPE) for low privileged users, if already installed. The problem occurs as the repair function of the MSI spawns two administrative CMDs. A simple LPE is possible via a breakout. Version 1.9.2 fixes this issue.https://nvd.nist.gov/vuln/detail/CVE-2023-37907
CVE-2023-37919Cal.com is open-source scheduling software. A vulnerability allows active sessions associated with an account to remain active even after enabling 2FA. When activating 2FA on a Cal.com account that is logged in on two or more devices, the account stays logged in on the other device(s) stays logged in without having to verify the account owner's identity. As of time of publication, no known patches or workarounds exist.https://nvd.nist.gov/vuln/detail/CVE-2023-37919
CVE-2023-37920Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store.https://nvd.nist.gov/vuln/detail/CVE-2023-37920
CVE-2023-38493Armeria is a microservice framework Spring supports Matrix variables. When Spring integration is used, Armeria calls Spring controllers via `TomcatService` or `JettyService` with the path that may contain matrix variables. Prior to version 1.24.3, the Armeria decorators might not invoked because of the matrix variables. If an attacker sends a specially crafted request, the request may bypass the authorizer. Version 1.24.3 contains a patch for this issue.https://nvd.nist.gov/vuln/detail/CVE-2023-38493
CVE-2023-38499TYPO3 is an open source PHP based web content management system. Starting in version 9.4.0 and prior to versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, and 12.4.4, in multi-site scenarios, enumerating the HTTP query parameters `id` and `L` allowed out-of-scope access to rendered content in the website frontend. For instance, this allowed visitors to access content of an internal site by adding handcrafted query parameters to the URL of a site that was publicly available. TYPO3 versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, 12.4.4 fix the problem.https://nvd.nist.gov/vuln/detail/CVE-2023-38499
CVE-2023-38500TYPO3 HTML Sanitizer is an HTML sanitizer, written in PHP, aiming to provide cross-site-scripting-safe markup based on explicitly allowed tags, attributes and values. Starting in version 1.0.0 and prior to versions 1.5.1 and 2.1.2, due to an encoding issue in the serialization layer, malicious markup nested in a `noscript` element was not encoded correctly. `noscript` is disabled in the default configuration, but might have been enabled in custom scenarios. This allows bypassing the cross-site scripting mechanism of TYPO3 HTML Sanitizer. Versions 1.5.1 and 2.1.2 fix the problem.https://nvd.nist.gov/vuln/detail/CVE-2023-38500
CVE-2022-31457RTX TRAP v1.0 allows attackers to perform a directory traversal via a crafted request sent to the endpoint /data/.https://nvd.nist.gov/vuln/detail/CVE-2022-31457
CVE-2023-38496Apptainer is an open source container platform. Version 1.2.0-rc.2 introduced an ineffective privilege drop when requesting container network setup, therefore subsequent functions are called with root privileges, the attack surface is rather limited for users but an attacker could possibly craft a starter config to delete any directory on the host filesystems. A security fix has been included in Apptainer 1.2.1. There is no known workaround outside of upgrading to Apptainer 1.2.1.https://nvd.nist.gov/vuln/detail/CVE-2023-38496
CVE-2023-38501copyparty is file server software. Prior to version 1.8.7, the application contains a reflected cross-site scripting via URL-parameter `?k304=...` and `?setck=...`. The worst-case outcome of this is being able to move or delete existing files on the server, or upload new files, using the account of the person who clicks the malicious link. It is recommended to change the passwords of one's copyparty accounts, unless one have inspected one's logs and found no trace of attacks. Version 1.8.7 contains a patch for the issue.https://nvd.nist.gov/vuln/detail/CVE-2023-38501
CVE-2023-38502TDengine is an open source, time-series database optimized for Internet of Things devices. Prior to version 3.0.7.1, TDengine DataBase crashes on UDF nested query. This issue affects TDengine Databases which let users connect and run arbitrary queries. Version 3.0.7.1 has a patch for this issue.https://nvd.nist.gov/vuln/detail/CVE-2023-38502
CVE-2023-3945A vulnerability was found in phpscriptpoint Lawyer 1.6. It has been classified as problematic. This affects an unknown part of the file search.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-235401 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.https://nvd.nist.gov/vuln/detail/CVE-2023-3945
CVE-2023-38503Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 10.3.0 and prior to version 10.5.0, the permission filters (i.e. `user_created IS $CURRENT_USER`) are not properly checked when using GraphQL subscription resulting in unauthorized users getting event on their subscription which they should not be receiving according to the permissions. This can be any collection but out-of-the box the `directus_users` collection is configured with such a permissions filter allowing you to get updates for other users when changes happen. Version 10.5.0 contains a patch. As a workaround, disable GraphQL subscriptions.https://nvd.nist.gov/vuln/detail/CVE-2023-38503
CVE-2023-2640On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs", an unprivileged user may set privileged extended attributes on the mounted files, leading them to be set on the upper files without the appropriate security checks.https://nvd.nist.gov/vuln/detail/CVE-2023-2640
CVE-2023-32629Local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovl_copy_up_meta_inode_data skip permission checks when calling ovl_do_setxattr on Ubuntu kernelshttps://nvd.nist.gov/vuln/detail/CVE-2023-32629
CVE-2022-2502A vulnerability exists in the HCI IEC 60870-5-104 function included in certain versions of the RTU500 series product. The vulnerability can only be exploited, if the HCI 60870-5-104 is configured with support for IEC 62351-5 and the CMU contains the license feature ‘Advanced security’ which must be ordered separately. If these preconditions are fulfilled, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500, causing the targeted RTU500 CMU to reboot. The vulnerability is caused by a missing input data validation which eventually if exploited causes an internal buffer to overflow in the HCI IEC 60870-5-104 function.https://nvd.nist.gov/vuln/detail/CVE-2022-2502
CVE-2022-4608A vulnerability exists in HCI IEC 60870-5-104 function included in certain versions of the RTU500 series product. The vulnerability can only be exploited, if the HCI 60870-5-104 is configured with support for IEC 62351-3. After session resumption interval is expired an RTU500 initiated update of session parameters causes an unexpected restart due to a stack overflow.https://nvd.nist.gov/vuln/detail/CVE-2022-4608
CVE-2023-20891The VMware Tanzu Application Service for VMs and Isolation Segment contain an information disclosure vulnerability due to the logging of credentials in hex encoding in platform system audit logs. A malicious non-admin user who has access to the platform system audit logs can access hex encoded CF API admin credentials and can push new malicious versions of an application. In a default deployment non-admin users do not have access to the platform system audit logs.https://nvd.nist.gov/vuln/detail/CVE-2023-20891
CVE-2023-3946\nA reflected cross-site scripting (XSS) vulnerability in ePO prior to 5.10 SP1 Update 1allows a remote unauthenticated attacker to potentially obtain access to an ePO administrator's session by convincing the authenticated ePO administrator to click on a carefully crafted link. This would lead to limited access to sensitive information and limited ability to alter some information in ePO.\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-3946
CVE-2023-1401An issue has been discovered in GitLab DAST scanner affecting all versions starting from 3.0.29 before 4.0.5, in which the DAST scanner leak cross site cookies on redirect during authorization.https://nvd.nist.gov/vuln/detail/CVE-2023-1401
CVE-2023-32468\nDell ECS Streamer, versions prior to 2.0.7.1, contain an insertion of sensitive information in log files vulnerability. A remote malicious high-privileged user could potentially exploit this vulnerability leading to exposure of this sensitive data.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-32468
CVE-2023-38433Fujitsu Real-time Video Transmission Gear "IP series" use hard-coded credentials, which may allow a remote unauthenticated attacker to initialize or reboot the products, and as a result, terminate the video transmission. Affected products and versions are as follows: IP-HE950E firmware versions V01L001 to V01L053, IP-HE950D firmware versions V01L001 to V01L053, IP-HE900E firmware versions V01L001 to V01L010, IP-HE900D firmware versions V01L001 to V01L004, IP-900E / IP-920E firmware versions V01L001 to V02L061, IP-900D / IP-900?D / IP-920D firmware versions V01L001 to V02L061, IP-90 firmware versions V01L001 to V01L013, and IP-9610 firmware versions V01L001 to V02L007.https://nvd.nist.gov/vuln/detail/CVE-2023-38433
CVE-2023-38555Authentication bypass vulnerability in Fujitsu network devices Si-R series and SR-M series allows a network-adjacent unauthenticated attacker to obtain, change, and/or reset configuration settings of the affected products. Affected products and versions are as follows: Si-R 30B all versions, Si-R 130B all versions, Si-R 90brin all versions, Si-R570B all versions, Si-R370B all versions, Si-R220D all versions, Si-R G100 V02.54 and earlier, Si-R G200 V02.54 and earlier, Si-R G100B V04.12 and earlier, Si-R G110B V04.12 and earlier, Si-R G200B V04.12 and earlier, Si-R G210 V20.52 and earlier, Si-R G211 V20.52 and earlier, Si-R G120 V20.52 and earlier, Si-R G121 V20.52 and earlier, and SR-M 50AP1 all versions.https://nvd.nist.gov/vuln/detail/CVE-2023-38555
CVE-2023-38647An attacker can use SnakeYAML to deserialize java.net.URLClassLoader and make it load a JAR from a specified URL, and then deserialize javax.script.ScriptEngineManager to load code using that ClassLoader. This unbounded deserialization can likely lead to remote code execution. The code can be run in Helix REST start and Workflow creation.\n\nAffect all the versions lower and include 1.2.0.\n\nAffected products: helix-core, helix-rest\n\nMitigation: Short term, stop using any YAML based configuration and workflow creation.\n                  Long term, all Helix version bumping up to 1.3.0 \n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-38647
CVE-2023-28130Local user may lead to privilege escalation using Gaia Portal hostnames page.https://nvd.nist.gov/vuln/detail/CVE-2023-28130
CVE-2023-39261In JetBrains IntelliJ IDEA before 2023.2 plugin for Space was requesting excessive permissionshttps://nvd.nist.gov/vuln/detail/CVE-2023-39261
CVE-2022-43710Interactive Forms (IAF) in GX Software XperienCentral versions 10.31.0 until 10.33.0 was vulnerable to cross site request forgery (CSRF) because the unique token could be deduced using the names of all input fields.https://nvd.nist.gov/vuln/detail/CVE-2022-43710
CVE-2022-43711Interactive Forms (IAF) in GX Software XperienCentral versions 10.29.1 until 10.33.0 was vulnerable to cross site scripting attacks (XSS) because the CSP header uses eval() in the script-src.https://nvd.nist.gov/vuln/detail/CVE-2022-43711
CVE-2022-43712POST requests to /web/mvc in GX Software XperienCentral version 10.36.0 and earlier were not blocked for uses that are not logged in. If an unauthorized user is able to bypass other security filters they are able to post unauthorized data to the server because of CVE-2022-22965.https://nvd.nist.gov/vuln/detail/CVE-2022-43712
CVE-2022-43713Interactive Forms (IAF) in GX Software XperienCentral versions 10.33.1 until 10.35.0 was vulnerable to invalid data input because form validation could be bypassed.https://nvd.nist.gov/vuln/detail/CVE-2022-43713
CVE-2023-23843The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands.https://nvd.nist.gov/vuln/detail/CVE-2023-23843
CVE-2023-26859SQL injection vulnerability found in PrestaShop sendinblue v.4.0.15 and before allow a remote attacker to gain privileges via the ajaxOrderTracking.php component.https://nvd.nist.gov/vuln/detail/CVE-2023-26859
CVE-2023-26911ASUS SetupAsusServices v1.0.5.1 in Asus Armoury Crate v5.3.4.0 contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges.https://nvd.nist.gov/vuln/detail/CVE-2023-26911
CVE-2023-33224The SolarWinds Platform was susceptible to the Incorrect Behavior Order Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges.https://nvd.nist.gov/vuln/detail/CVE-2023-33224
CVE-2023-33225The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges.https://nvd.nist.gov/vuln/detail/CVE-2023-33225
CVE-2023-39151Jenkins 2.415 and earlier, LTS 2.401.2 and earlier does not sanitize or properly encode URLs in build logs when transforming them into hyperlinks, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control build log contents.https://nvd.nist.gov/vuln/detail/CVE-2023-39151
CVE-2023-23842The SolarWinds Network Configuration Manager was susceptible to the Directory Traversal Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands.https://nvd.nist.gov/vuln/detail/CVE-2023-23842
CVE-2023-33229The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject passive HTML.https://nvd.nist.gov/vuln/detail/CVE-2023-33229
CVE-2023-3622\n Access Control Bypass Vulnerability in the SolarWinds Platform that allows an underprivileged user to read arbitrary resourcehttps://nvd.nist.gov/vuln/detail/CVE-2023-3622
CVE-2023-30577AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag-community-3.5.4 mishandles argument checking for runtar.c, a different vulnerability than CVE-2022-37705.https://nvd.nist.gov/vuln/detail/CVE-2023-30577
CVE-2023-30949A missing origin validation in Slate sandbox could be exploited by a malicious user to modify the page's content, which could lead to phishing attacks.https://nvd.nist.gov/vuln/detail/CVE-2023-30949
CVE-2023-3242Allocation of Resources Without Limits or Throttling, Improper Initialization vulnerability in B&R Industrial Automation B&R Automation Runtime allows Flooding, Leveraging Race Conditions.This issue affects B&R Automation Runtime: <G4.93.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-3242
CVE-2023-3442A missing authorization vulnerability exists in versions of the Jenkins Plug-in for ServiceNow DevOps prior to 1.38.1 that, if exploited successfully, could cause the unwanted exposure of sensitive information. To address this issue, apply the 1.38.1 version of the Jenkins plug-in for ServiceNow DevOps on your Jenkins server. No changes are required on your instances of the Now Platform. \nhttps://nvd.nist.gov/vuln/detail/CVE-2023-3442
CVE-2023-31465An issue was discovered in FSMLabs TimeKeeper 8.0.17 through 8.0.28. By intercepting requests from various timekeeper streams, it is possible to find the getsamplebacklog call. Some query parameters are passed directly in the URL and named arg[x], with x an integer starting from 1; it is possible to modify arg[2] to insert Bash code that will be executed directly by the server.https://nvd.nist.gov/vuln/detail/CVE-2023-31465
CVE-2023-31466An XSS issue was discovered in FSMLabs TimeKeeper 8.0.17. On the "Configuration -> Compliance -> Add a new compliance report" and "Configuration -> Timekeeper Configuration -> Add a new source there" screens, there are entry points to inject JavaScript code.https://nvd.nist.gov/vuln/detail/CVE-2023-31466
CVE-2023-37623Netdisco before v2.063000 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /Web/TypeAhead.pm.https://nvd.nist.gov/vuln/detail/CVE-2023-37623
CVE-2023-37624Netdisco before v2.063000 was discovered to contain an open redirect vulnerability. An attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links.https://nvd.nist.gov/vuln/detail/CVE-2023-37624
CVE-2023-30367Multi-Remote Next Generation Connection Manager (mRemoteNG) is free software that enables users to store and manage multi-protocol connection configurations to remotely connect to systems. mRemoteNG configuration files can be stored in an encrypted state on disk. mRemoteNG version <= v1.76.20 and <= 1.77.3-dev loads configuration files in plain text into memory (after decrypting them if necessary) at application start-up, even if no connection has been established yet. This allows attackers to access contents of configuration files in plain text through a memory dump and thus compromise user credentials when no custom password encryption key has been set. This also bypasses the connection configuration file encryption setting by dumping already decrypted configurations from memory.https://nvd.nist.gov/vuln/detail/CVE-2023-30367
CVE-2023-32001libcurl can be told to save cookie, HSTS and/or alt-svc data to files. When\ndoing this, it called `stat()` followed by `fopen()` in a way that made it\nvulnerable to a TOCTOU race condition problem.\n\nBy exploiting this flaw, an attacker could trick the victim to create or\noverwrite protected files holding this data in ways it was not intended to.\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-32001
CVE-2023-37692An arbitrary file upload vulnerability in October CMS v3.4.4 allows attackers to execute arbitrary code via a crafted file.https://nvd.nist.gov/vuln/detail/CVE-2023-37692
CVE-2023-37732Yasm v1.3.0.78 was found prone to NULL Pointer Dereference in /libyasm/intnum.c and /elf/elf.c, which allows the attacker to cause a denial of service via a crafted file.https://nvd.nist.gov/vuln/detail/CVE-2023-37732
CVE-2023-38285Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Complexity.https://nvd.nist.gov/vuln/detail/CVE-2023-38285
CVE-2023-28013HCL Verse is susceptible to a Reflected Cross Site Scripting (XSS) vulnerability. By tricking a user into entering crafted markup a remote, unauthenticated attacker could execute script in a victim's web browser to perform operations as the victim and/or steal the victim's cookies, session tokens, or other sensitive information.\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-28013
CVE-2023-28012HCL BigFix Mobile is vulnerable to a command injection attack. An authenticated attacker could run arbitrary shell commands on the WebUI server.\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-28012
CVE-2023-28014HCL BigFix Mobile is vulnerable to a cross-site scripting attack. An authenticated attacker could inject malicious scripts into the application.\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-28014
CVE-2023-32381A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.6.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges.https://nvd.nist.gov/vuln/detail/CVE-2023-32381
CVE-2023-32433A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges.https://nvd.nist.gov/vuln/detail/CVE-2023-32433
CVE-2023-32437The issue was addressed with improvements to the file handling protocol. This issue is fixed in iOS 16.6 and iPadOS 16.6. An app may be able to break out of its sandbox.https://nvd.nist.gov/vuln/detail/CVE-2023-32437
CVE-2023-35983This issue was addressed with improved data protection. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. An app may be able to modify protected parts of the file system.https://nvd.nist.gov/vuln/detail/CVE-2023-35983
CVE-2023-36854The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. Processing a file may lead to unexpected app termination or arbitrary code execution.https://nvd.nist.gov/vuln/detail/CVE-2023-36854
CVE-2023-36862A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Ventura 13.5. An app may be able to determine a user’s current location.https://nvd.nist.gov/vuln/detail/CVE-2023-36862
CVE-2023-37450The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, Safari 16.5.2, tvOS 16.6, macOS Ventura 13.5, watchOS 9.6. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.https://nvd.nist.gov/vuln/detail/CVE-2023-37450
CVE-2023-38133The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may disclose sensitive information.https://nvd.nist.gov/vuln/detail/CVE-2023-38133
CVE-2023-32443An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. Processing a file may lead to a denial-of-service or potentially disclose memory contents.https://nvd.nist.gov/vuln/detail/CVE-2023-32443
CVE-2023-32734The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges.https://nvd.nist.gov/vuln/detail/CVE-2023-32734
CVE-2023-35993A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges.https://nvd.nist.gov/vuln/detail/CVE-2023-35993
CVE-2023-38136The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges.https://nvd.nist.gov/vuln/detail/CVE-2023-38136
CVE-2023-38258The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5, macOS Monterey 12.6.8. Processing a 3D model may result in disclosure of process memory.https://nvd.nist.gov/vuln/detail/CVE-2023-38258
CVE-2023-38259A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. An app may be able to access user-sensitive data.https://nvd.nist.gov/vuln/detail/CVE-2023-38259
CVE-2023-38261The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.https://nvd.nist.gov/vuln/detail/CVE-2023-38261
CVE-2023-38421The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5, macOS Monterey 12.6.8. Processing a 3D model may result in disclosure of process memory.https://nvd.nist.gov/vuln/detail/CVE-2023-38421
CVE-2023-38424The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.https://nvd.nist.gov/vuln/detail/CVE-2023-38424
CVE-2023-38425The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.https://nvd.nist.gov/vuln/detail/CVE-2023-38425
CVE-2023-38564The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. An app may be able to modify protected parts of the file system.https://nvd.nist.gov/vuln/detail/CVE-2023-38564
CVE-2023-38565A path handling issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.6.8, iOS 16.6 and iPadOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to gain root privileges.https://nvd.nist.gov/vuln/detail/CVE-2023-38565
CVE-2023-38572The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. A website may be able to bypass Same Origin Policy.https://nvd.nist.gov/vuln/detail/CVE-2023-38572
CVE-2023-38580The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges.https://nvd.nist.gov/vuln/detail/CVE-2023-38580
CVE-2023-38593A logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.8, iOS 16.6 and iPadOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to cause a denial-of-service.https://nvd.nist.gov/vuln/detail/CVE-2023-38593
CVE-2023-38595The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.https://nvd.nist.gov/vuln/detail/CVE-2023-38595
CVE-2023-38600The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.https://nvd.nist.gov/vuln/detail/CVE-2023-38600
CVE-2023-38602A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. An app may be able to modify protected parts of the file system.https://nvd.nist.gov/vuln/detail/CVE-2023-38602
CVE-2023-38603The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A remote user may be able to cause a denial-of-service.https://nvd.nist.gov/vuln/detail/CVE-2023-38603
CVE-2023-38608The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.5. An app may be able to access user-sensitive data.https://nvd.nist.gov/vuln/detail/CVE-2023-38608
CVE-2023-38611The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.https://nvd.nist.gov/vuln/detail/CVE-2023-38611
CVE-2023-32450\nDell Power Manager, Versions 3.3 to 3.14 contains an Improper Access Control vulnerability. A low-privileged malicious user may potentially exploit this vulnerability to perform arbitrary code execution with limited access.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-32450
CVE-2023-3969A vulnerability, which was classified as problematic, has been found in GZ Scripts Availability Booking Calendar PHP 1.0. Affected by this issue is some unknown functionality of the file index.php of the component HTTP POST Request Handler. The manipulation of the argument promo_code leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235568.https://nvd.nist.gov/vuln/detail/CVE-2023-3969
CVE-2023-3970A vulnerability, which was classified as problematic, was found in GZ Scripts Availability Booking Calendar PHP 1.0. This affects an unknown part of the file /index.php?controller=GzUser&action=edit&id=1 of the component Image Handler. The manipulation of the argument img leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-235569 was assigned to this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-3970
CVE-2023-37980Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gravity Master Custom Field For WP Job Manager plugin <= 1.1 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-37980
CVE-2023-37981Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPKube Authors List plugin <= 2.0.2 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-37981
CVE-2023-37993Auth. Stored Cross-Site Scripting (XSS) vulnerability in maennchen1.De wpShopGermany IT-RECHT KANZLEI plugin <= 1.7 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-37993
CVE-2023-38512Cross-Site Request Forgery (CSRF) vulnerability in Wpstream WpStream – Live Streaming, Video on Demand, Pay Per View plugin <= 4.5.4 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-38512
CVE-2023-37894Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RadiusTheme Variation Images Gallery for WooCommerce plugin <= 2.3.3 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-37894
CVE-2023-37970Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Matthew Fries MF Gig Calendar plugin <= 1.2 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-37970
CVE-2023-37975Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RadiusTheme Variation Swatches for WooCommerce plugin <= 2.3.7 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-37975
CVE-2023-37976Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Radio Forge Muses Player with Skins plugin <= 2.5 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-37976
CVE-2023-37977Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPFunnels Team Drag & Drop Sales Funnel Builder for WordPress – WPFunnels plugin <= 2.7.16 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-37977
CVE-2023-37979Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Saturday Drive Ninja Forms Contact Form plugin <= 3.6.25 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-37979
CVE-2023-38488Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affects all Kirby sites that might have potential attackers in the group of authenticated Panel users or that allow external visitors to update a Kirby content file (e.g. via a contact or comment form). Kirby sites are *not* affected if they don't allow write access for untrusted users or visitors.\n\nA field injection in a content storage implementation is a type of vulnerability that allows attackers with content write access to overwrite content fields that the site developer didn't intend to be modified. In a Kirby site this can be used to alter site content, break site behavior or inject malicious data or code. The exact security risk depends on the field type and usage.\n\nKirby stores content of the site, of pages, files and users in text files by default. The text files use Kirby's KirbyData format where each field is separated by newlines and a line with four dashes (`----`). When reading a KirbyData file, the affected code first removed the Unicode BOM sequence from the file contents and afterwards split the content into fields by the field separator.\n\nWhen writing to a KirbyData file, field separators in field data are escaped to prevent user input from interfering with the field structure. However this escaping could be tricked by including a Unicode BOM sequence in a field separator (e.g. `--\\xEF\\xBB\\xBF--`). When writing, this was not detected as a separator, but because the BOM was removed during reading, it could be abused by attackers to inject other field data into content files.\n\nBecause each field can only be defined once per content file, this vulnerability only affects fields in the content file that were defined above the vulnerable user-writable field or not at all. Fields that are defined below the vulnerable field override the injected field content and were therefore already protected.\n\nThe problem has been patched in Kirby 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6. In all of the mentioned releases, the maintainers have fixed the affected code to only remove the Unicode BOM sequence at the beginning of the file. This fixes this vulnerability both for newly written as well as for existing content files.https://nvd.nist.gov/vuln/detail/CVE-2023-38488
CVE-2023-38489Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affects all Kirby sites with user accounts (unless Kirby's API and Panel are disabled in the config). It can only be abused if a Kirby user is logged in on a device or browser that is shared with potentially untrusted users or if an attacker already maliciously used a previous password to log in to a Kirby site as the affected user.\n\nInsufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization. In the variation described in this advisory, it allows attackers to stay logged in to a Kirby site on another device even if the logged in user has since changed their password. Kirby did not invalidate user sessions that were created with a password that was since changed by the user or by a site admin. If a user changed their password to lock out an attacker who was already in possession of the previous password or of a login session on another device or browser, the attacker would not be reliably prevented from accessing the Kirby site as the affected user.\n\nThe problem has been patched in Kirby 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6. In all of the mentioned releases, the maintainers have updated the authentication implementation to keep track of the hashed password in each active session. If the password changed since the login, the session is invalidated. To enforce this fix even if the vulnerability was previously abused, all users are logged out from the Kirby site after updating to one of the patched releases.https://nvd.nist.gov/vuln/detail/CVE-2023-38489
CVE-2023-38490Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 only affects Kirby sites that use the `Xml` data handler (e.g. `Data::decode($string, 'xml')`) or the `Xml::parse()` method in site or plugin code. The Kirby core does not use any of the affected methods.\n\nXML External Entities (XXE) is a little used feature in the XML markup language that allows to include data from external files in an XML structure. If the name of the external file can be controlled by an attacker, this becomes a vulnerability that can be abused for various system impacts like the disclosure of internal or confidential data that is stored on the server (arbitrary file disclosure) or to perform network requests on behalf of the server (server-side request forgery, SSRF).\n\nKirby's `Xml::parse()` method used PHP's `LIBXML_NOENT` constant, which enabled the processing of XML external entities during the parsing operation. The `Xml::parse()` method is used in the `Xml` data handler (e.g. `Data::decode($string, 'xml')`). Both the vulnerable method and the data handler are not used in the Kirby core. However they may be used in site or plugin code, e.g. to parse RSS feeds or other XML files. If those files are of an external origin (e.g. uploaded by a user or retrieved from an external URL), attackers may be able to include an external entity in the XML file that will then be processed in the parsing process. Kirby sites that don't use XML parsing in site or plugin code are *not* affected.\n\nThe problem has been patched in Kirby 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6. In all of the mentioned releases, the maintainers have removed the `LIBXML_NOENT` constant as processing of external entities is out of scope of the parsing logic. This protects all uses of the method against the described vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-38490
CVE-2023-3973Cross-site Scripting (XSS) - Reflected in GitHub repository jgraph/drawio prior to 21.6.3.https://nvd.nist.gov/vuln/detail/CVE-2023-3973
CVE-2023-3974OS Command Injection in GitHub repository jgraph/drawio prior to 21.4.0.https://nvd.nist.gov/vuln/detail/CVE-2023-3974
CVE-2023-3975OS Command Injection in GitHub repository jgraph/drawio prior to 21.5.0.https://nvd.nist.gov/vuln/detail/CVE-2023-3975
CVE-2023-37900Crossplane is a framework for building cloud native control planes without needing to write code. In versions prior to 1.11.5, 1.12.3, and 1.13.0, a high-privileged user could create a Package referencing an arbitrarily large image containing that Crossplane would then parse, possibly resulting in exhausting all the available memory and therefore in the container being OOMKilled. The impact is limited due to the high privileges required to be able to create the Package and the eventually consistency nature of controller. This issue is fixed in versions 1.11.5, 1.12.3, and 1.13.0.https://nvd.nist.gov/vuln/detail/CVE-2023-37900
CVE-2023-38491Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affects all Kirby sites that might have potential attackers in the group of authenticated Panel users or that allow external visitors to upload an arbitrary file to the content folder. Kirby sites are not affected if they don't allow file uploads for untrusted users or visitors or if the file extensions of uploaded files are limited to a fixed safe list. The attack requires user interaction by another user or visitor and cannot be automated.\n\nAn editor with write access to the Kirby Panel could upload a file with an unknown file extension like `.xyz` that contains HTML code including harmful content like `--redacted-- a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affects all Kirby sites that might have potential attackers in the group of authenticated Panel users or that allow external visitors to upload an arbitrary file to the content folder. Kirby sites are not affected if they don't allow file uploads for untrusted users or visitors or if the file extensions of uploaded files are limited to a fixed safe list. The attack requires user interaction by another user or visitor and cannot be automated.\n\nAn editor with write access to the Kirby Panel could upload a file with an unknown file extension like `.xyz` that contains HTML code including harmful content like `<script>` tags. The direct link to that file could be sent to other users or visitors of the site. If the victim opened that link in a browser where they are logged in to Kirby and the file had not been opened by anyone since the upload, Kirby would not be able to send the correct MIME content type, instead falling back to `text/html`. The browser would then run the script, which could for example trigger requests to Kirby's API with the permissions of the victim.\n\nThe issue was caused by the underlying `Kirby\\Http\\Response::file()` method, which didn't have an explicit fallback if the MIME type could not be determined from the file extension. If you use this method in site or plugin code, these uses may be affected by the same vulnerability.\n\nThe problem has been patched in Kirby 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6. In all of the mentioned releases, the maintainers have fixed the affected method to use a fallback MIME type of `text/plain` and set the `X-Content-Type-Options: nosniff` header if the MIME type of the file is unknownhttps://nvd.nist.gov/vuln/detail/CVE-2023-38491
CVE-2023-38492Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affects all Kirby sites with user accounts (unless Kirby's API and Panel are disabled in the config). The real-world impact of this vulnerability is limited, however we still recommend to update to one of the patch releases because they also fix more severe vulnerabilities.\n\nKirby's authentication endpoint did not limit the password length. This allowed attackers to provide a password with a length up to the server's maximum request body length. Validating that password against the user's actual password requires hashing the provided password, which requires more CPU and memory resources (and therefore processing time) the longer the provided password gets. This could be abused by an attacker to cause the website to become unresponsive or unavailable. Because Kirby comes with a built-in brute force protection, the impact of this vulnerability is limited to 10 failed logins from each IP address and 10 failed logins for each existing user per hour.\n\nThe problem has been patched in Kirby 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6. In all of the mentioned releases, the maintainers have added password length limits in the affected code so that passwords longer than 1000 bytes are immediately blocked, both when setting a password and when logging in.https://nvd.nist.gov/vuln/detail/CVE-2023-38492
CVE-2021-36580Open Redirect vulnerability exists in IceWarp MailServer IceWarp Server Deep Castle 2 Update 1 (13.0.1.2) via the referer parameter.https://nvd.nist.gov/vuln/detail/CVE-2021-36580
CVE-2023-36941A cross-site scripting (XSS) vulnerability in PHPGurukul Online Fire Reporting System Using PHP and MySQL 1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the team name, leader, and member fields.https://nvd.nist.gov/vuln/detail/CVE-2023-36941
CVE-2022-31200Atmail 5.62 allows XSS via the mail/parse.php?file=html/$this-%3ELanguage/help/filexp.html&FirstLoad=1&HelpFile=file.html Search Terms field.https://nvd.nist.gov/vuln/detail/CVE-2022-31200
CVE-2023-38495Crossplane is a framework for building cloud native control planes without needing to write code. In versions prior to 1.11.5, 1.12.3, and 1.13.0, Crossplane's image backend does not validate the byte contents of Crossplane packages. As such, Crossplane does not detect if an attacker has tampered with a Package. The problem has been fixed in 1.11.5, 1.12.3 and 1.13.0. As a workaround, only use images from trusted sources and keep Package editing/creating privileges to administrators only.https://nvd.nist.gov/vuln/detail/CVE-2023-38495
CVE-2023-38504Sails is a realtime MVC Framework for Node.js. In Sails apps prior to version 1.5.7,, an attacker can send a virtual request that will cause the node process to crash. This behavior was fixed in Sails v1.5.7. As a workaround, disable the sockets hook and remove the `sails.io.js` client.https://nvd.nist.gov/vuln/detail/CVE-2023-38504
CVE-2023-38505DietPi-Dashboard is a web dashboard for the operating system DietPi. The dashboard only allows for one TLS handshake to be in process at a given moment. Once a TCP connection is established in HTTPS mode, it will assume that it should be waiting for a handshake, and will stay this way indefinitely until a handshake starts or some error occurs. In version 0.6.1, this can be exploited by simply not starting the handshake, preventing any other TLS handshakes from getting through. An attacker can lock the dashboard in a state where it is waiting for a TLS handshake from the attacker, who won't provide it. This prevents any legitimate traffic from getting to the dashboard, and can last indefinitely. Version 0.6.2 has a patch for this issue. As a workaround, do not use HTTPS mode on the open internet where anyone can connect. Instead, put a reverse proxy in front of the dashboard, and have it handle any HTTPS connections.https://nvd.nist.gov/vuln/detail/CVE-2023-38505
CVE-2023-38510Tolgee is an open-source localization platform. Starting in version 3.14.0 and prior to version 3.23.1, when a request is made using an API key, the backend fails to verify the permission scopes associated with the key, effectively bypassing permission checks entirely for some endpoints. It's important to note that this vulnerability only affects projects that have inadvertently exposed their API keys on the internet. Projects that have kept their API keys secure are not impacted. This issue is fixed in version 3.23.1.https://nvd.nist.gov/vuln/detail/CVE-2023-38510
CVE-2023-3980Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.2.https://nvd.nist.gov/vuln/detail/CVE-2023-3980
CVE-2023-3981Server-Side Request Forgery (SSRF) in GitHub repository omeka/omeka-s prior to 4.0.2.https://nvd.nist.gov/vuln/detail/CVE-2023-3981
CVE-2023-3982Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.2.https://nvd.nist.gov/vuln/detail/CVE-2023-3982
CVE-2020-22623Directory traversal vulnerability in Jinfornet Jreport 15.6 allows unauthenticated attackers to gain sensitive information.https://nvd.nist.gov/vuln/detail/CVE-2020-22623
CVE-2023-36942A cross-site scripting (XSS) vulnerability in PHPGurukul Online Fire Reporting System Using PHP and MySQL 1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the website title field.https://nvd.nist.gov/vuln/detail/CVE-2023-36942
CVE-2023-23764An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff within the GitHub pull request UI. To do so, an attacker would need write access to the repository. This vulnerability affected GitHub Enterprise Server versions 3.7.0 and above and was fixed in versions 3.7.9, 3.8.2, and 3.9.1. This vulnerability was reported via the GitHub Bug Bounty program.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-23764
CVE-2023-33742TeleAdapt RoomCast TA-2400 1.0 through 3.1 suffers from Cleartext Storage of Sensitive Information: RSA private key in Update.exe.https://nvd.nist.gov/vuln/detail/CVE-2023-33742
CVE-2023-33743TeleAdapt RoomCast TA-2400 1.0 through 3.1 is vulnerable to Improper Access Control; specifically, Android Debug Bridge (adb) is available.https://nvd.nist.gov/vuln/detail/CVE-2023-33743
CVE-2023-33744TeleAdapt RoomCast TA-2400 1.0 through 3.1 suffers from Use of a Hard-coded Password (PIN): 385521, 843646, and 592671.https://nvd.nist.gov/vuln/detail/CVE-2023-33744
CVE-2023-33745TeleAdapt RoomCast TA-2400 1.0 through 3.1 is vulnerable to Improper Privilege Management: from the shell available after an adb connection, simply entering the su command provides root access (without requiring a password).https://nvd.nist.gov/vuln/detail/CVE-2023-33745
CVE-2022-43701When the installation directory does not have sufficiently restrictive file permissions, an attacker can modify files in the installation directory to cause execution of malicious code.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-43701
CVE-2022-43702When the directory containing the installer does not have sufficiently restrictive file permissions, an attacker can modify (or replace) the installer to execute malicious code.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-43702
CVE-2022-43703An installer that loads or executes files using an unconstrained search path may be vulnerable to substitute files under control of an attacker being loaded or executed instead of the intended files.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-43703
CVE-2023-3774An unhandled error in Vault Enterprise's namespace creation may cause the Vault process to crash, potentially resulting in denial of service. Fixed in 1.14.1, 1.13.5, and 1.12.9.https://nvd.nist.gov/vuln/detail/CVE-2023-3774
CVE-2022-31454Yii 2 v2.0.45 was discovered to contain a cross-site scripting (XSS) vulnerability via the endpoint /books.https://nvd.nist.gov/vuln/detail/CVE-2022-31454
CVE-2023-38331Zoho ManageEngine Support Center Plus 14001 and below is vulnerable to stored XSS in the products module.https://nvd.nist.gov/vuln/detail/CVE-2023-38331
CVE-2023-3984A vulnerability, which was classified as critical, was found in phpscriptpoint RecipePoint 1.9. This affects an unknown part of the file /recipe-result. The manipulation of the argument text/category/type/difficulty/cuisine/cooking_method leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-235605 was assigned to this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-3984
CVE-2023-28203The issue was addressed with improved checks. This issue is fixed in Apple Music 4.2.0 for Android. An app may be able to access contacts.https://nvd.nist.gov/vuln/detail/CVE-2023-28203
CVE-2023-32427This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in Apple Music 4.2.0 for Android. An attacker in a privileged network position may be able to intercept network traffic.https://nvd.nist.gov/vuln/detail/CVE-2023-32427
CVE-2023-32444A logic issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. A sandboxed process may be able to circumvent sandbox restrictions.https://nvd.nist.gov/vuln/detail/CVE-2023-32444
CVE-2023-32445This issue was addressed with improved checks. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. Processing a document may lead to a cross site scripting attack.https://nvd.nist.gov/vuln/detail/CVE-2023-32445
CVE-2023-32654A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.5. A user may be able to read information belonging to another user.https://nvd.nist.gov/vuln/detail/CVE-2023-32654
CVE-2023-34425The issue was addressed with improved memory handling. This issue is fixed in watchOS 9.6, macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, macOS Big Sur 11.7.9, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.https://nvd.nist.gov/vuln/detail/CVE-2023-34425
CVE-2023-36495An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.6, macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.https://nvd.nist.gov/vuln/detail/CVE-2023-36495
CVE-2023-37285An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.https://nvd.nist.gov/vuln/detail/CVE-2023-37285
CVE-2023-38571This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to bypass Privacy preferences.https://nvd.nist.gov/vuln/detail/CVE-2023-38571
CVE-2023-38590A buffer overflow issue was addressed with improved memory handling. This issue is fixed in watchOS 9.6, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A remote user may be able to cause unexpected system termination or corrupt kernel memory.https://nvd.nist.gov/vuln/detail/CVE-2023-38590
CVE-2023-38592A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16.6 and iPadOS 16.6, watchOS 9.6, tvOS 16.6, macOS Ventura 13.5. Processing web content may lead to arbitrary code execution.https://nvd.nist.gov/vuln/detail/CVE-2023-38592
CVE-2023-38598A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.6, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.https://nvd.nist.gov/vuln/detail/CVE-2023-38598
CVE-2023-38599A logic issue was addressed with improved state management. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A website may be able to track sensitive user information.https://nvd.nist.gov/vuln/detail/CVE-2023-38599
CVE-2023-38601This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to modify protected parts of the file system.https://nvd.nist.gov/vuln/detail/CVE-2023-38601
CVE-2023-38604An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in watchOS 9.6, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.https://nvd.nist.gov/vuln/detail/CVE-2023-38604
CVE-2023-38609An injection issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.5. An app may be able to bypass certain Privacy preferences.https://nvd.nist.gov/vuln/detail/CVE-2023-38609
CVE-2023-3985A vulnerability has been found in SourceCodester Online Jewelry Store 1.0 and classified as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-235606 is the identifier assigned to this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-3985
CVE-2023-3986A vulnerability was found in SourceCodester Simple Online Mens Salon Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/?page=user/list. The manipulation of the argument First Name/Last Name/Username leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235607.https://nvd.nist.gov/vuln/detail/CVE-2023-3986
CVE-2023-3987A vulnerability was found in SourceCodester Simple Online Mens Salon Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/?page=user/manage_user&id=3. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235608.https://nvd.nist.gov/vuln/detail/CVE-2023-3987
CVE-2023-3988A vulnerability was found in Cafe Billing System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file index.php of the component Order Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-235609 was assigned to this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-3988
CVE-2023-3989A vulnerability was found in SourceCodester Jewelry Store System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file add_customer.php. The manipulation leads to cross site scripting. The attack may be launched remotely. VDB-235610 is the identifier assigned to this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-3989
CVE-2023-3990A vulnerability classified as problematic has been found in Mingsoft MCMS up to 5.3.1. This affects an unknown part of the file search.do of the component HTTP POST Request Handler. The manipulation of the argument style leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-235611.https://nvd.nist.gov/vuln/detail/CVE-2023-3990
CVE-2023-2685A vulnerability was found in AO-OPC server versions mentioned above. As the directory information for the service entry is not enclosed in quotation marks, potential attackers could possibly call up another application than the AO-OPC server by starting the service. The service might be started with system user privileges which could cause a shift in user access privileges.\n\nIt is unlikely to exploit the vulnerability in well maintained Windows installations since the attacker would need write access to system folders.\n\nAn update is available that resolves the vulnerability found during an internal review in the product AO-OPC = 3.2.1 \nhttps://nvd.nist.gov/vuln/detail/CVE-2023-2685
CVE-2023-31932Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the viewid parameter of the view-enquiry.php file.https://nvd.nist.gov/vuln/detail/CVE-2023-31932
CVE-2023-31933Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the editid parameter of the edit-pass-detail.php file.https://nvd.nist.gov/vuln/detail/CVE-2023-31933
CVE-2023-31934Cross Site Scripting vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to obtain sensitive information via the adminname parameter of admin-profile.php.https://nvd.nist.gov/vuln/detail/CVE-2023-31934
CVE-2023-31935Cross Site Scripting vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to obtain sensitive information via the emial parameter of admin-profile.php.https://nvd.nist.gov/vuln/detail/CVE-2023-31935
CVE-2023-31936Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the viewid parameter of the view-pass-detail.php file.https://nvd.nist.gov/vuln/detail/CVE-2023-31936
CVE-2023-31937Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the editid parameter of the edit-cateogry-detail.php file.https://nvd.nist.gov/vuln/detail/CVE-2023-31937
CVE-2023-37467Discourse is an open source discussion platform. Prior to version 3.1.0.beta7 of the `beta` and `tests-passed` branches, a CSP (Content Security Policy) nonce reuse vulnerability was discovered could allow cross-site scripting (XSS) attacks to bypass CSP protection for anonymous (i.e. unauthenticated) users. There are no known XSS vectors at the moment, but should one be discovered, this vulnerability would allow the XSS attack to bypass CSP and execute successfully. This vulnerability isn't applicable to logged-in users. Version 3.1.0.beta7 contains a patch. The stable branch doesn't have this vulnerability. A workaround to prevent the vulnerability is to disable Google Tag Manager, i.e., unset the `gtm container id` setting.https://nvd.nist.gov/vuln/detail/CVE-2023-37467
CVE-2023-37754PowerJob v4.3.3 was discovered to contain a remote command execution (RCE) vulnerability via the instanceId parameter at /instance/detail.https://nvd.nist.gov/vuln/detail/CVE-2023-37754
CVE-2023-38992jeecg-boot v3.5.1 was discovered to contain a SQL injection vulnerability via the title parameter at /sys/dict/loadTreeData.https://nvd.nist.gov/vuln/detail/CVE-2023-38992
CVE-2023-39010BoofCV 0.42 was discovered to contain a code injection vulnerability via the component boofcv.io.calibration.CalibrationIO.load. This vulnerability is exploited by loading a crafted camera calibration file.https://nvd.nist.gov/vuln/detail/CVE-2023-39010
CVE-2023-39013Duke v1.2 and below was discovered to contain a code injection vulnerability via the component no.priv.garshol.duke.server.CommonJTimer.init.https://nvd.nist.gov/vuln/detail/CVE-2023-39013
CVE-2023-39015webmagic-extension v0.9.0 and below was discovered to contain a code injection vulnerability via the component us.codecraft.webmagic.downloader.PhantomJSDownloader.https://nvd.nist.gov/vuln/detail/CVE-2023-39015
CVE-2023-39016bboss-persistent v6.0.9 and below was discovered to contain a code injection vulnerability in the component com.frameworkset.common.poolman.util.SQLManager.createPool. This vulnerability is exploited via passing an unchecked argument.https://nvd.nist.gov/vuln/detail/CVE-2023-39016
CVE-2023-39017quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component org.quartz.jobs.ee.jms.SendQueueMessageJob.execute. This vulnerability is exploited via passing an unchecked argument.https://nvd.nist.gov/vuln/detail/CVE-2023-39017
CVE-2023-39018FFmpeg 0.7.0 and below was discovered to contain a code injection vulnerability in the component net.bramp.ffmpeg.FFmpeg.<constructor>. This vulnerability is exploited via passing an unchecked argument.https://nvd.nist.gov/vuln/detail/CVE-2023-39018
CVE-2023-39020stanford-parser v3.9.2 and below was discovered to contain a code injection vulnerability in the component edu.stanford.nlp.io.getBZip2PipedInputStream. This vulnerability is exploited via passing an unchecked argument.https://nvd.nist.gov/vuln/detail/CVE-2023-39020
CVE-2023-39021wix-embedded-mysql v4.6.1 and below was discovered to contain a code injection vulnerability in the component com.wix.mysql.distribution.Setup.apply. This vulnerability is exploited via passing an unchecked argument.https://nvd.nist.gov/vuln/detail/CVE-2023-39021
CVE-2023-39022oscore v2.2.6 and below was discovered to contain a code injection vulnerability in the component com.opensymphony.util.EJBUtils.createStateless. This vulnerability is exploited via passing an unchecked argument.https://nvd.nist.gov/vuln/detail/CVE-2023-39022
CVE-2023-39023university compass v2.2.0 and below was discovered to contain a code injection vulnerability in the component org.compass.core.executor.DefaultExecutorManager.configure. This vulnerability is exploited via passing an unchecked argument.https://nvd.nist.gov/vuln/detail/CVE-2023-39023
CVE-2023-37904Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, more users than permitted could be created from invite links. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. As a workaround, use restrict to email address invites.https://nvd.nist.gov/vuln/detail/CVE-2023-37904
CVE-2023-37906Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, a malicious user can edit a post in a topic and cause a DoS with a carefully crafted edit reason. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. There are no known workarounds for this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-37906
CVE-2023-38498Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, a malicious user can prevent the defer queue from proceeding promptly on sites hosted in the same multisite installation. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. There are no known workarounds for this vulnerability. Users of multisite configurations should upgrade.https://nvd.nist.gov/vuln/detail/CVE-2023-38498
CVE-2023-38684Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, in multiple controller actions, Discourse accepts limit params but does not impose any upper bound on the values being accepted. Without an upper bound, the software may allow arbitrary users to generate DB queries which may end up exhausting the resources on the server. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. There are no known workarounds for this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-38684
CVE-2023-38685Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, information about restricted-visibility topic tags could be obtained by unauthorized users. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches.https://nvd.nist.gov/vuln/detail/CVE-2023-38685
CVE-2023-3488Uninitialized buffer in GBL parser in Silicon Labs GSDK v4.3.0 and earlier allows attacker to leak data from Secure stack via malformed GBL file.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-3488
CVE-2023-38988An issue in the delete function in the OaNotifyController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete notifications created by Administrators.https://nvd.nist.gov/vuln/detail/CVE-2023-38988
CVE-2023-3598Out of bounds read and write in ANGLE in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)https://nvd.nist.gov/vuln/detail/CVE-2023-3598
CVE-2021-4316Inappropriate implementation in Cast UI in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to spoof browser UI via a crafted HTML page. (Chromium security severity: Low)https://nvd.nist.gov/vuln/detail/CVE-2021-4316
CVE-2021-4317Use after free in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)https://nvd.nist.gov/vuln/detail/CVE-2021-4317
CVE-2021-4318Object corruption in Blink in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)https://nvd.nist.gov/vuln/detail/CVE-2021-4318
CVE-2021-4319Use after free in Blink in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)https://nvd.nist.gov/vuln/detail/CVE-2021-4319
CVE-2021-4320Use after free in Blink in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)https://nvd.nist.gov/vuln/detail/CVE-2021-4320
CVE-2021-4321Policy bypass in Blink in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)https://nvd.nist.gov/vuln/detail/CVE-2021-4321
CVE-2021-4322Use after free in DevTools in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Medium)https://nvd.nist.gov/vuln/detail/CVE-2021-4322
CVE-2021-4323Insufficient validation of untrusted input in Extensions in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to access local files via a crafted Chrome Extension. (Chromium security severity: Medium)https://nvd.nist.gov/vuln/detail/CVE-2021-4323
CVE-2021-4324Insufficient policy enforcement in Google Update in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to read arbitrary files via a malicious file. (Chromium security severity: Medium)https://nvd.nist.gov/vuln/detail/CVE-2021-4324
CVE-2022-4906Inappropriate implementation in Blink in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)https://nvd.nist.gov/vuln/detail/CVE-2022-4906
CVE-2022-4907Uninitialized Use in FFmpeg in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)https://nvd.nist.gov/vuln/detail/CVE-2022-4907
CVE-2022-4908Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)https://nvd.nist.gov/vuln/detail/CVE-2022-4908
CVE-2022-4909Inappropriate implementation in XML in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially perform an ASLR bypass via a crafted HTML page. (Chromium security severity: Low)https://nvd.nist.gov/vuln/detail/CVE-2022-4909
CVE-2022-4910Inappropriate implementation in Autofill in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)https://nvd.nist.gov/vuln/detail/CVE-2022-4910
CVE-2022-4911Insufficient data validation in DevTools in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)https://nvd.nist.gov/vuln/detail/CVE-2022-4911
CVE-2022-4912Type Confusion in MathML in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)https://nvd.nist.gov/vuln/detail/CVE-2022-4912
CVE-2022-4913Inappropriate implementation in Extensions in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who had compromised the renderer process to spoof extension storage via a crafted HTML page. (Chromium security severity: High)https://nvd.nist.gov/vuln/detail/CVE-2022-4913
CVE-2022-4914Heap buffer overflow in PrintPreview in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)https://nvd.nist.gov/vuln/detail/CVE-2022-4914
CVE-2022-4915Inappropriate implementation in URL Formatting in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)https://nvd.nist.gov/vuln/detail/CVE-2022-4915
CVE-2022-4916Use after free in Media in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)https://nvd.nist.gov/vuln/detail/CVE-2022-4916
CVE-2022-4917Incorrect security UI in Notifications in Google Chrome on Android prior to 103.0.5060.53 allowed a remote attacker to obscure the full screen notification via a crafted HTML page. (Chromium security severity: Low)https://nvd.nist.gov/vuln/detail/CVE-2022-4917
CVE-2022-4918Use after free in UI in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Medium)https://nvd.nist.gov/vuln/detail/CVE-2022-4918
CVE-2022-4919Use after free in Base Internals in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)https://nvd.nist.gov/vuln/detail/CVE-2022-4919
CVE-2022-4920Heap buffer overflow in Blink in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)https://nvd.nist.gov/vuln/detail/CVE-2022-4920
CVE-2022-4921Use after free in Accessibility in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Low)https://nvd.nist.gov/vuln/detail/CVE-2022-4921
CVE-2022-4922Inappropriate implementation in Blink in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)https://nvd.nist.gov/vuln/detail/CVE-2022-4922
CVE-2022-4923Inappropriate implementation in Omnibox in Google Chrome prior to 99.0.4844.51 allowed an attacker in a privileged network position to perform a man-in-the-middle attack via malicious network traffic. (Chromium security severity: Low)https://nvd.nist.gov/vuln/detail/CVE-2022-4923
CVE-2022-4924Use after free in WebRTC in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)https://nvd.nist.gov/vuln/detail/CVE-2022-4924
CVE-2022-4925Insufficient validation of untrusted input in QUIC in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to perform header splitting via malicious network traffic. (Chromium security severity: Low)https://nvd.nist.gov/vuln/detail/CVE-2022-4925
CVE-2022-4926Insufficient policy enforcement in Intents in Google Chrome on Android prior to 109.0.5414.119 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)https://nvd.nist.gov/vuln/detail/CVE-2022-4926
CVE-2023-2311Insufficient policy enforcement in File System API in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium)https://nvd.nist.gov/vuln/detail/CVE-2023-2311
CVE-2023-2313Inappropriate implementation in Sandbox in Google Chrome on Windows prior to 112.0.5615.49 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a malicious file. (Chromium security severity: High)https://nvd.nist.gov/vuln/detail/CVE-2023-2313
CVE-2023-2314Insufficient data validation in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)https://nvd.nist.gov/vuln/detail/CVE-2023-2314
CVE-2023-36542Apache NiFi 0.0.2 through 1.22.0 include Processors and Controller Services that support HTTP URL references for retrieving drivers, which allows an authenticated and authorized user to configure a location that enables custom code execution. The resolution introduces a new Required Permission for referencing remote resources, restricting configuration of these components to privileged users. The permission prevents unprivileged users from configuring Processors and Controller Services annotated with the new Reference Remote Resources restriction. Upgrading to Apache NiFi 1.23.0 is the recommended mitigation.\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-36542
CVE-2023-32225Sysaid - CWE-434: Unrestricted Upload of File with Dangerous Type - \n\nA malicious user with administrative privileges may be able to upload a dangerous filetype via an unspecified method.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-32225
CVE-2023-32226Sysaid - CWE-552: Files or Directories Accessible to External Parties - \n\nAuthenticated users may exfiltrate files from the server via an unspecified method.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-32226
CVE-2023-32227Synel SYnergy Fingerprint Terminals - CWE-798: Use of Hard-coded Credentialshttps://nvd.nist.gov/vuln/detail/CVE-2023-32227
CVE-2023-37213Synel SYnergy Fingerprint Terminals - CWE-78: 'OS Command Injection'https://nvd.nist.gov/vuln/detail/CVE-2023-37213
CVE-2023-37214\nHeights Telecom ERO1xS-Pro Dual-Band FW version BZ_ERO1XP.025.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-37214
CVE-2023-37215JBL soundbar multibeam 5.1 - CWE-798: Use of Hard-coded Credentialshttps://nvd.nist.gov/vuln/detail/CVE-2023-37215
CVE-2023-37216\n\n AnaSystem SensMini M4 – Using the configuration tool, an authenticated user can cause Denial of Service for the device\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-37216
CVE-2023-37217Tadiran Telecom Aeonix - CWE-204: Observable Response Discrepancyhttps://nvd.nist.gov/vuln/detail/CVE-2023-37217
CVE-2023-37218Tadiran Telecom Aeonix - CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')https://nvd.nist.gov/vuln/detail/CVE-2023-37218
CVE-2023-37219Tadiran Telecom Composit - CWE-1236: Improper Neutralization of Formula Elements in a CSV Filehttps://nvd.nist.gov/vuln/detail/CVE-2023-37219
CVE-2022-43831IBM Storage Scale Container Native Storage Access 5.1.2.1 through 5.1.6.1 could allow a local user to obtain escalated privileges on a host without proper security context settings configured. IBM X-Force ID: 238941.https://nvd.nist.gov/vuln/detail/CVE-2022-43831
CVE-2023-35016IBM Security Verify Governance, Identity Manager 10.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 257772.https://nvd.nist.gov/vuln/detail/CVE-2023-35016
CVE-2023-35019IBM Security Verify Governance, Identity Manager 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 257873.https://nvd.nist.gov/vuln/detail/CVE-2023-35019
CVE-2023-4005Insufficient Session Expiration in GitHub repository fossbilling/fossbilling prior to 0.5.5.https://nvd.nist.gov/vuln/detail/CVE-2023-4005
CVE-2023-4006Improper Neutralization of Formula Elements in a CSV File in GitHub repository thorsten/phpmyfaq prior to 3.1.16.https://nvd.nist.gov/vuln/detail/CVE-2023-4006
CVE-2023-4007Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.16.https://nvd.nist.gov/vuln/detail/CVE-2023-4007
CVE-2020-4868IBM TRIRIGA 3.0, 4.0, and 4.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190744.https://nvd.nist.gov/vuln/detail/CVE-2020-4868
CVE-2023-22595IBM B2B Advanced Communications 1.0.0.0 and IBM Multi-Enterprise Integration Gateway 1.0.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244076.https://nvd.nist.gov/vuln/detail/CVE-2023-22595
CVE-2023-24971\nIBM B2B Advanced Communications 1.0.0.0 and IBM Multi-Enterprise Integration Gateway 1.0.0.1 could allow a user to cause a denial of service due to the deserializing of untrusted serialized Java objects. IBM X-Force ID: 246976.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-24971
CVE-2022-4888The Checkout Fields Manager WordPress plugin before 1.0.2, Abandoned Cart Recovery WordPress plugin before 1.2.5, Custom Fields for WooCommerce WordPress plugin before 1.0.4, Custom Order Number WordPress plugin through 1.0.1, Custom Registration Forms Builder WordPress plugin before 1.0.2, Advanced Free Gifts WordPress plugin before 1.0.2, Gift Registry for WooCommerce WordPress plugin through 1.0.1, Image Watermark for WooCommerce WordPress plugin before 1.0.1, Order Approval for WooCommerce WordPress plugin before 1.1.0, Order Tracking for WooCommerce WordPress plugin before 1.0.2, Price Calculator for WooCommerce WordPress plugin through 1.0.3, Product Dynamic Pricing and Discounts WordPress plugin through 1.0.6, Product Labels and Stickers WordPress plugin through 1.0.1 have flawed CSRF checks in various places, which could allow attackers to make logged in users perform unwanted actionshttps://nvd.nist.gov/vuln/detail/CVE-2022-4888
CVE-2023-0602The Twittee Text Tweet WordPress plugin through 1.0.8 does not properly escape POST values which are printed back to the user inside one of the plugin's administrative page, which allows reflected XSS attacks targeting administrators to happen.https://nvd.nist.gov/vuln/detail/CVE-2023-0602
CVE-2023-3130The Short URL WordPress plugin before 1.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).https://nvd.nist.gov/vuln/detail/CVE-2023-3130
CVE-2023-3134The Forminator WordPress plugin before 1.24.4 does not properly escape values that are being reflected inside form fields that use pre-populated query parameters, which could lead to reflected XSS attacks.https://nvd.nist.gov/vuln/detail/CVE-2023-3134
CVE-2023-3292The grid-kit-premium WordPress plugin before 2.2.0 does not escape some parameters as well as generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as adminhttps://nvd.nist.gov/vuln/detail/CVE-2023-3292
CVE-2023-3345The LMS by Masteriyo WordPress plugin before 1.6.8 does not properly safeguards sensitive user information, like other user's email addresses, making it possible for any students to leak them via some of the plugin's REST API endpoints.https://nvd.nist.gov/vuln/detail/CVE-2023-3345
CVE-2023-3507The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when canceling pre-orders, which could allow attackers to make logged in admins cancel arbitrary pre-orders via a CSRF attackhttps://nvd.nist.gov/vuln/detail/CVE-2023-3507
CVE-2023-3508The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when processing its tab actions, which could allow attackers to make logged in admins email pre-orders customer, change the released date, mark all pre-orders of a specific product as complete or cancel via CSRF attackshttps://nvd.nist.gov/vuln/detail/CVE-2023-3508
CVE-2023-35861A shell-injection vulnerability in email notifications on Supermicro motherboards (such as H12DST-B before 03.10.35) allows remote attackers to inject execute arbitrary commands as root on the BMC.https://nvd.nist.gov/vuln/detail/CVE-2023-35861
CVE-2023-37647SEMCMS v1.5 was discovered to contain a SQL injection vulnerability via the id parameter at /Ant_Suxin.php.https://nvd.nist.gov/vuln/detail/CVE-2023-37647
CVE-2020-21662SQL injection vulnerability in yunyecms 2.0.2 allows remote attackers to run arbitrary SQL commands via XFF.https://nvd.nist.gov/vuln/detail/CVE-2020-21662
CVE-2020-21881Cross Site Request Forgery (CSRF) vulnerability in admin.php in DuxCMS 2.1 allows remote attackers to modtify application data via article/admin/content/add.https://nvd.nist.gov/vuln/detail/CVE-2020-21881
CVE-2021-31651Cross Site Scripting (XSS) vulnerability in neofarg-cms 0.2.3 allows remoate attacker to run arbitrary code via the copyright field in copyright settings.https://nvd.nist.gov/vuln/detail/CVE-2021-31651
CVE-2021-31680Deserialization of Untrusted Data vulnerability in yolo 5 allows attackers to execute arbitrary code via crafted yaml file.https://nvd.nist.gov/vuln/detail/CVE-2021-31680
CVE-2021-31681Deserialization of Untrusted Data vulnerability in yolo 3 allows attackers to execute arbitrary code via crafted yaml file.https://nvd.nist.gov/vuln/detail/CVE-2021-31681
CVE-2023-33534A Cross-Site Request Forgery (CSRF) in Guanzhou Tozed Kangwei Intelligent Technology ZLTS10G software version S10G_3.11.6 allows attackers to takeover user accounts via sending a crafted POST request to /goform/goform_set_cmd_process.https://nvd.nist.gov/vuln/detail/CVE-2023-33534
CVE-2023-34635Wifi Soft Unibox Administration 3.0 and 3.1 is vulnerable to SQL Injection. The vulnerability occurs because of not validating or sanitizing the user input in the username field of the login page.https://nvd.nist.gov/vuln/detail/CVE-2023-34635
CVE-2023-34644Remote code execution vulnerability in Ruijie Networks Product: RG-EW series home routers EW_3.0(1)B11P204, RG-NBS and RG-S1930 series switches SWITCH_3.0(1)B11P218, RG-EG series business VPN routers EG_3.0(1)B11P216, EAP and RAP series wireless access points AP_3.0(1)B11P218, NBC series wireless controllers AC_3.0(1)B11P86 allows remote attackers to gain escalated privileges via crafted POST request to /cgi-bin/luci/api/auth.https://nvd.nist.gov/vuln/detail/CVE-2023-34644
CVE-2023-34842Remote Code Execution vulnerability in DedeCMS through 5.7.109 allows remote attackers to run arbitrary code via crafted POST request to /dede/tpl.php.https://nvd.nist.gov/vuln/detail/CVE-2023-34842
CVE-2023-34872A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open.https://nvd.nist.gov/vuln/detail/CVE-2023-34872
CVE-2023-35791Vound Intella Connect 2.6.0.3 has an Open Redirect vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-35791
CVE-2023-35792Vound Intella Connect 2.6.0.3 is vulnerable to stored Cross-site Scripting (XSS).https://nvd.nist.gov/vuln/detail/CVE-2023-35792
CVE-2023-38303An issue was discovered in Webmin 2.021. One can exploit a stored Cross-Site Scripting (XSS) attack to achieve Remote Command Execution (RCE) through the Users and Group's real name parameter.https://nvd.nist.gov/vuln/detail/CVE-2023-38303
CVE-2023-38304An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Users and Groups functionality, allowing an attacker to store a malicious payload in the Group Name field when creating a new group.https://nvd.nist.gov/vuln/detail/CVE-2023-38304
CVE-2023-38305An issue was discovered in Webmin 2.021. The download functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a crafted download path containing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's browser when the download link is accessed.https://nvd.nist.gov/vuln/detail/CVE-2023-38305
CVE-2023-38306An issue was discovered in Webmin 2.021. A Cross-site Scripting (XSS) Bypass vulnerability was discovered in the file upload functionality. Normally, the application restricts the upload of certain file types such as .svg, .php, etc., and displays an error message if a prohibited file type is detected. However, by following certain steps, an attacker can bypass these restrictions and inject malicious code.https://nvd.nist.gov/vuln/detail/CVE-2023-38306
CVE-2023-38307An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Users and Groups functionality. The vulnerability occurs when an authenticated user adds a new user and inserts an XSS payload into the user's real name.https://nvd.nist.gov/vuln/detail/CVE-2023-38307
CVE-2023-38308An issue was discovered in Webmin 2.021. A Cross-Site Scripting (XSS) vulnerability was discovered in the HTTP Tunnel functionality when handling third-party domain URLs. By providing a crafted URL from a third-party domain, an attacker can inject malicious code. leading to the execution of arbitrary JavaScript code within the context of the victim's browser.https://nvd.nist.gov/vuln/detail/CVE-2023-38308
CVE-2023-38309An issue was discovered in Webmin 2.021. A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the package search functionality. The vulnerability allows an attacker to inject a malicious payload in the "Search for Package" field, which gets reflected back in the application's response, leading to the execution of arbitrary JavaScript code within the context of the victim's browser.https://nvd.nist.gov/vuln/detail/CVE-2023-38309
CVE-2023-38310An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the configuration settings of the system logs functionality. The vulnerability allows an attacker to store an XSS payload in the configuration settings of specific log files. This results in the execution of that payload whenever the affected log files are accessed.https://nvd.nist.gov/vuln/detail/CVE-2023-38310
CVE-2023-38311An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the System Logs Viewer functionality. The vulnerability allows an attacker to store a malicious payload in the configuration field, triggering the execution of the payload when saving the configuration or when accessing the System Logs Viewer page.https://nvd.nist.gov/vuln/detail/CVE-2023-38311
CVE-2020-36763Cross Site Scripting (XSS) vulnerability in DuxCMS 2.1 allows remote attackers to run arbitrary code via the content, time, copyfrom parameters when adding or editing a post.https://nvd.nist.gov/vuln/detail/CVE-2020-36763
CVE-2023-34916Fuge CMS v1.0 contains an Open Redirect vulnerability via /front/ProcessAct.java.https://nvd.nist.gov/vuln/detail/CVE-2023-34916
CVE-2023-34917Fuge CMS v1.0 contains an Open Redirect vulnerability in member/RegisterAct.java.https://nvd.nist.gov/vuln/detail/CVE-2023-34917
CVE-2023-37580Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client.https://nvd.nist.gov/vuln/detail/CVE-2023-37580
CVE-2023-37771Art Gallery Management System v1.0 contains a SQL injection vulnerability via the cid parameter at /agms/product.php.https://nvd.nist.gov/vuln/detail/CVE-2023-37771
CVE-2023-38750In Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41, 9 before 9.0.0 Patch 34, and 10 before 10.0.2, internal JSP and XML files can be exposed.https://nvd.nist.gov/vuln/detail/CVE-2023-38750
CVE-2023-3817Issue summary: Checking excessively long DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_check(), DH_check_ex()\nor EVP_PKEY_param_check() to check a DH key or DH parameters may experience long\ndelays. Where the key or parameters that are being checked have been obtained\nfrom an untrusted source this may lead to a Denial of Service.\n\nThe function DH_check() performs various checks on DH parameters. After fixing\nCVE-2023-3446 it was discovered that a large q parameter value can also trigger\nan overly long computation during some of these checks. A correct q value,\nif present, cannot be larger than the modulus p parameter, thus it is\nunnecessary to perform these checks if q is larger than p.\n\nAn application that calls DH_check() and supplies a key or parameters obtained\nfrom an untrusted source could be vulnerable to a Denial of Service attack.\n\nThe function DH_check() is itself called by a number of other OpenSSL functions.\nAn application calling any of those other functions may similarly be affected.\nThe other functions affected by this are DH_check_ex() and\nEVP_PKEY_param_check().\n\nAlso vulnerable are the OpenSSL dhparam and pkeyparam command line applications\nwhen using the "-check" option.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.https://nvd.nist.gov/vuln/detail/CVE-2023-3817
CVE-2023-3997Splunk SOAR versions 6.0.2 and earlier are indirectly affected by a potential vulnerability accessed through the user’s terminal. A third party can send Splunk SOAR a maliciously crafted web request containing special ANSI characters to cause log file poisoning. When a terminal user attempts to view the poisoned logs, this can tamper with the terminal and cause possible malicious code execution from the terminal user’s action.https://nvd.nist.gov/vuln/detail/CVE-2023-3997
CVE-2023-4004A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system.https://nvd.nist.gov/vuln/detail/CVE-2023-4004
CVE-2023-4010A flaw was found in the USB Host Controller Driver framework in the Linux kernel. The usb_giveback_urb function has a logic loophole in its implementation. Due to the inappropriate judgment condition of the goto statement, the function cannot return under the input of a specific malformed descriptor file, so it falls into an endless loop, resulting in a denial of service.https://nvd.nist.gov/vuln/detail/CVE-2023-4010
CVE-2023-38989An issue in the delete function in the UserController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete the Administrator's role information.https://nvd.nist.gov/vuln/detail/CVE-2023-38989
CVE-2023-3983An authenticated SQL injection vulnerability exists in Advantech iView versions prior to v5.7.4 build 6752. An authenticated remote attacker can bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform blind SQL injection.https://nvd.nist.gov/vuln/detail/CVE-2023-3983
CVE-2022-42182Precisely Spectrum Spatial Analyst 20.01 is vulnerable to Directory Traversal.https://nvd.nist.gov/vuln/detail/CVE-2022-42182
CVE-2022-42183Precisely Spectrum Spatial Analyst 20.01 is vulnerable to Server-Side Request Forgery (SSRF).https://nvd.nist.gov/vuln/detail/CVE-2022-42183
CVE-2023-39122BMC Control-M Software v9.0.20.200 was discovered to contain a SQL injection vulnerability via the report-id parameter at /report/deleteReport.https://nvd.nist.gov/vuln/detail/CVE-2023-39122
CVE-2023-3462HashiCorp's Vault and Vault Enterprise are vulnerable to user enumeration when using the LDAP auth method. An attacker may submit requests of existent and non-existent LDAP users and observe the response from Vault to check if the account is valid on the LDAP server. This vulnerability is fixed in Vault 1.14.1 and 1.13.5.https://nvd.nist.gov/vuln/detail/CVE-2023-3462
CVE-2023-3825\nPTC’s KEPServerEX Versions 6.0 to 6.14.263 are vulnerable to being made to read a recursively defined object that leads to uncontrolled resource consumption. KEPServerEX uses OPC UA, a protocol which defines various object types that can be nested to create complex arrays. It does not implement a check to see if such an object is recursively defined, so an attack could send a maliciously created message that the decoder would try to decode until the stack overflowed and the device crashed.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-3825
CVE-2023-37496HCL Verse is susceptible to a Stored Cross Site Scripting (XSS) vulnerability. An attacker could execute script in a victim's web browser to perform operations as the victim and/or steal the victim's cookies, session tokens, or other sensitive information.\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-37496
CVE-2023-37772Online Shopping Portal Project v3.1 was discovered to contain a SQL injection vulnerability via the Email parameter at /shopping/login.php.https://nvd.nist.gov/vuln/detail/CVE-2023-37772
CVE-2023-4033OS Command Injection in GitHub repository mlflow/mlflow prior to 2.6.0.https://nvd.nist.gov/vuln/detail/CVE-2023-4033
CVE-2020-10962In PowerShell App Deployment Toolkit (aka PSAppDeployToolkit) through 3.8.0, an incorrect access control vulnerability in the default configuration may allow an authenticated user to potentially enable escalation of privilege via local access.https://nvd.nist.gov/vuln/detail/CVE-2020-10962
CVE-2023-34960A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name.https://nvd.nist.gov/vuln/detail/CVE-2023-34960
CVE-2023-36983LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure.https://nvd.nist.gov/vuln/detail/CVE-2023-36983
CVE-2023-36984LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure.https://nvd.nist.gov/vuln/detail/CVE-2023-36984
CVE-2023-26139Versions of the package underscore-keypath from 0.0.11 are vulnerable to Prototype Pollution via the name argument of the setProperty() function. Exploiting this vulnerability is possible due to improper input sanitization which allows the usage of arguments like “__proto__”.https://nvd.nist.gov/vuln/detail/CVE-2023-26139
CVE-2023-23548Reflected XSS in business intelligence in Checkmk <2.2.0p8, <2.1.0p32, <2.0.0p38, <=1.6.0p30.https://nvd.nist.gov/vuln/detail/CVE-2023-23548
CVE-2023-32302Silverstripe Framework is the MVC framework that powers Silverstripe CMS. When a new member record is created and a password is not set, an empty encrypted password is generated. As a result, if someone is aware of the existence of a member record associated with a specific email address, they can potentially attempt to log in using that empty password. Although the default member authenticator and login form require a non-empty password, alternative authentication methods might still permit a successful login with the empty password. This issue has been patched in versions 4.13.4 and 5.0.13.\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-32302
CVE-2023-37478pnpm is a package manager. It is possible to construct a tarball that, when installed via npm or parsed by the registry is safe, but when installed via pnpm is malicious, due to how pnpm parses tar archives. This can result in a package that appears safe on the npm registry or when installed via npm being replaced with a compromised or malicious version when installed via pnpm. This issue has been patched in version(s) 7.33.4 and 8.6.8.https://nvd.nist.gov/vuln/detail/CVE-2023-37478
CVE-2022-39986A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands via the cfg_id parameter in /ajax/openvpn/activate_ovpncfg.php and /ajax/openvpn/del_ovpncfg.php.https://nvd.nist.gov/vuln/detail/CVE-2022-39986
CVE-2022-39987A Command injection vulnerability in RaspAP 2.8.0 thru 2.9.2 allows an authenticated attacker to execute arbitrary OS commands as root via the "entity" POST parameters in /ajax/networking/get_wgkey.php.https://nvd.nist.gov/vuln/detail/CVE-2022-39987
CVE-2023-31710TP-Link Archer AX21(US)_V3_1.1.4 Build 20230219 and AX21(US)_V3.6_1.1.4 Build 20230219 are vulnerable to Buffer Overflow.https://nvd.nist.gov/vuln/detail/CVE-2023-31710
CVE-2023-34634Greenshot 1.2.10 and below allows arbitrary code execution because .NET content is insecurely deserialized when a .greenshot file is opened.https://nvd.nist.gov/vuln/detail/CVE-2023-34634
CVE-2023-39108rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_b parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs.https://nvd.nist.gov/vuln/detail/CVE-2023-39108
CVE-2023-39109rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_a parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs.https://nvd.nist.gov/vuln/detail/CVE-2023-39109
CVE-2023-39110rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path parameter at /ajaxGetFileByPath.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs.https://nvd.nist.gov/vuln/detail/CVE-2023-39110
CVE-2023-38357Session tokens in RWS WorldServer 11.7.3 and earlier have a low entropy and can be enumerated, leading to unauthorized access to user sessions.https://nvd.nist.gov/vuln/detail/CVE-2023-38357
CVE-2023-4045Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.https://nvd.nist.gov/vuln/detail/CVE-2023-4045
CVE-2023-4046In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect compilation and a potentially exploitable crash in the content process. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.https://nvd.nist.gov/vuln/detail/CVE-2023-4046
CVE-2023-4047A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.https://nvd.nist.gov/vuln/detail/CVE-2023-4047
CVE-2023-4048An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.https://nvd.nist.gov/vuln/detail/CVE-2023-4048
CVE-2023-4049Race conditions in reference counting code were found through code inspection. These could have resulted in potentially exploitable use-after-free vulnerabilities. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.https://nvd.nist.gov/vuln/detail/CVE-2023-4049
CVE-2023-4050In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This resulted in a potentially exploitable crash which could have led to a sandbox escape. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.https://nvd.nist.gov/vuln/detail/CVE-2023-4050
CVE-2023-4051A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116.https://nvd.nist.gov/vuln/detail/CVE-2023-4051
CVE-2023-4052The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any files in that directory would be recursively deleted with the permissions of the uninstalling user account. This could be combined with creation of a junction (a form of symbolic link) to allow arbitrary file deletion controlled by the non-privileged user. \n*This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 116 and Firefox ESR < 115.1.https://nvd.nist.gov/vuln/detail/CVE-2023-4052
CVE-2023-4053A website could have obscured the full screen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116.https://nvd.nist.gov/vuln/detail/CVE-2023-4053
CVE-2023-4054When opening appref-ms files, Firefox did not warn the user that these files may contain malicious code. \n*This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.https://nvd.nist.gov/vuln/detail/CVE-2023-4054
CVE-2023-4055When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.https://nvd.nist.gov/vuln/detail/CVE-2023-4055
CVE-2023-4056Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and Thunderbird 102.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.https://nvd.nist.gov/vuln/detail/CVE-2023-4056
CVE-2023-4057Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 115.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116 and Firefox ESR < 115.1.https://nvd.nist.gov/vuln/detail/CVE-2023-4057
CVE-2023-4058Memory safety bugs present in Firefox 115. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116.https://nvd.nist.gov/vuln/detail/CVE-2023-4058
CVE-2023-33493An Unrestricted Upload of File with Dangerous Type vulnerability in the Ajaxmanager File and Database explorer (ajaxmanager) module for PrestaShop through 2.3.0, allows remote attackers to upload dangerous files without restrictions.https://nvd.nist.gov/vuln/detail/CVE-2023-33493
CVE-2023-36210MotoCMS Version 3.4.3 Store Category Template was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the keyword parameter.https://nvd.nist.gov/vuln/detail/CVE-2023-36210
CVE-2023-36211The Barebones CMS v2.0.2 is vulnerable to Stored Cross-Site Scripting (XSS) when an authenticated user interacts with certain features on the admin panel.https://nvd.nist.gov/vuln/detail/CVE-2023-36211
CVE-2023-38559A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. This issue may allow a local attacker to cause a denial of service via outputting a crafted PDF file for a DEVN device with gs.https://nvd.nist.gov/vuln/detail/CVE-2023-38559
CVE-2023-38560An integer overflow flaw was found in pcl/pl/plfont.c:418 in pl_glyph_name in ghostscript. This issue may allow a local attacker to cause a denial of service via transforming a crafted PCL file to PDF format.https://nvd.nist.gov/vuln/detail/CVE-2023-38560
CVE-2023-34551In certain EZVIZ products, two stack buffer overflows in netClientSetWlanCfg function of the EZVIZ SDK command server can allow an authenticated attacker present on the same local network as the camera to achieve remote code execution. This affects CS-C6N-B0-1G2WF Firmware versions before V5.3.0 build 230215 and CS-C6N-R101-1G2WF Firmware versions before V5.3.0 build 230215 and CS-CV310-A0-1B2WFR Firmware versions before V5.3.0 build 230221 and CS-CV310-A0-1C2WFR-C Firmware versions before V5.3.2 build 230221 and CS-C6N-A0-1C2WFR-MUL Firmware versions before V5.3.2 build 230218 and CS-CV310-A0-3C2WFRL-1080p Firmware versions before V5.2.7 build 230302 and CS-CV310-A0-1C2WFR Wifi IP66 2.8mm 1080p Firmware versions before V5.3.2 build 230214 and CS-CV248-A0-32WMFR Firmware versions before V5.2.3 build 230217 and EZVIZ LC1C Firmware versions before V5.3.4 build 230214. The impact is: execute arbitrary code (remote).https://nvd.nist.gov/vuln/detail/CVE-2023-34551
CVE-2023-34552In certain EZVIZ products, two stack based buffer overflows in mulicast_parse_sadp_packet and mulicast_get_pack_type functions of the SADP multicast protocol can allow an unauthenticated attacker present on the same local network as the camera to achieve remote code execution. This affects CS-C6N-B0-1G2WF Firmware versions before V5.3.0 build 230215 and CS-C6N-R101-1G2WF Firmware versions before V5.3.0 build 230215 and CS-CV310-A0-1B2WFR Firmware versions before V5.3.0 build 230221 and CS-CV310-A0-1C2WFR-C Firmware versions before V5.3.2 build 230221 and CS-C6N-A0-1C2WFR-MUL Firmware versions before V5.3.2 build 230218 and CS-CV310-A0-3C2WFRL-1080p Firmware versions before V5.2.7 build 230302 and CS-CV310-A0-1C2WFR Wifi IP66 2.8mm 1080p Firmware versions before V5.3.2 build 230214 and CS-CV248-A0-32WMFR Firmware versions before V5.2.3 build 230217 and EZVIZ LC1C Firmware versions before V5.3.4 build 230214.https://nvd.nist.gov/vuln/detail/CVE-2023-34552
CVE-2023-39147An arbitrary file upload vulnerability in Uvdesk 1.1.3 allows attackers to execute arbitrary code via uploading a crafted image file.https://nvd.nist.gov/vuln/detail/CVE-2023-39147
CVE-2023-20583A potential power side-channel vulnerability in\nAMD processors may allow an authenticated attacker to monitor the CPU power\nconsumption as the data in a cache line changes over time potentially resulting\nin a leak of sensitive information.\n\n\n\n\n\n\n\n\n\n\n\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-20583
CVE-2023-3718\nAn authenticated command injection vulnerability exists in the AOS-CX command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands on the underlying operating system as a privileged user on the affected switch. This allows an attacker to fully compromise the underlying operating system on the device running AOS-CX.\n\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-3718
CVE-2023-31425\nA vulnerability in the fosexec command of Brocade Fabric OS after Brocade Fabric OS v9.1.0 and, before Brocade Fabric OS v9.1.1 could allow a local authenticated user to perform privilege escalation to root by breaking the rbash shell. Starting with Fabric OS v9.1.0, “root” account access is disabled.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-31425
CVE-2023-31429\nBrocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a vulnerability when using various commands such as “chassisdistribute”, “reboot”, “rasman”, errmoduleshow, errfilterset, hassiscfgperrthreshold, supportshowcfgdisable and supportshowcfgenable commands that can cause the content of shell interpreted variables to be printed in the terminal.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-31429
CVE-2023-31426\n\n\nThe Brocade Fabric OS Commands “configupload” and “configdownload” before Brocade Fabric OS v9.1.1c, v8.2.3d, v9.2.0 print scp, sftp, ftp servers passwords in supportsave. This could allow a remote authenticated attacker to access sensitive information.\n\n\n\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-31426
CVE-2023-31427\n\n\nBrocade Fabric OS versions before Brocade Fabric OS v9.1.1c, and v9.2.0 Could allow an authenticated, local user with knowledge of full path names inside Brocade Fabric OS to execute any command regardless of assigned privilege. Starting with Fabric OS v9.1.0, “root” account access is disabled.\n\n\n\n\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-31427
CVE-2023-33560There is a Cross Site Scripting (XSS) vulnerability in "cid" parameter of preview.php in PHPJabbers Time Slots Booking Calendar v3.3.https://nvd.nist.gov/vuln/detail/CVE-2023-33560
CVE-2023-33561Improper input validation of password parameter in PHP Jabbers Time Slots Booking Calendar v 3.3 results in insecure passwords.https://nvd.nist.gov/vuln/detail/CVE-2023-33561
CVE-2023-33562User enumeration is found in in PHP Jabbers Time Slots Booking Calendar v3.3. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.https://nvd.nist.gov/vuln/detail/CVE-2023-33562
CVE-2023-33563In PHP Jabbers Time Slots Booking Calendar 3.3 , lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts.https://nvd.nist.gov/vuln/detail/CVE-2023-33563
CVE-2023-33564There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Time Slots Booking Calendar v3.3.https://nvd.nist.gov/vuln/detail/CVE-2023-33564
CVE-2023-34869PHPJabbers Catering System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /index.php?controller=pjAdmin&action=pjActionForgot.https://nvd.nist.gov/vuln/detail/CVE-2023-34869
CVE-2023-36118Cross Site Scripting vulnerability in Faculty Evaulation System using PHP/MySQLi v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the page parameter.https://nvd.nist.gov/vuln/detail/CVE-2023-36118
CVE-2023-36351An issue in Viatom Health ViHealth for Android v.2.74.58 and before allows a remote attacker to execute arbitrary code via the com.viatom.baselib.mvvm.webWebViewActivity component.https://nvd.nist.gov/vuln/detail/CVE-2023-36351
CVE-2023-3107A set of carefully crafted ipv6 packets can trigger an integer overflow in the calculation of a fragment reassembled packet's payload length field. This allows an attacker to trigger a kernel panic, resulting in a denial of service.\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-3107
CVE-2023-3494The fwctl driver implements a state machine which is executed when a bhyve guest accesses certain x86 I/O ports. The interface lets the guest copy a string into a buffer resident in the bhyve process' memory. A bug in the state machine implementation can result in a buffer overflowing when copying this string. Malicious, privileged software running in a guest VM can exploit the buffer overflow to achieve code execution on the host in the bhyve userspace process, which typically runs as root, mitigated by the capabilities assigned through the Capsicum sandbox available to the bhyve process.\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-3494
CVE-2023-3727Use after free in WebRTC in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)https://nvd.nist.gov/vuln/detail/CVE-2023-3727
CVE-2023-3728Use after free in WebRTC in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)https://nvd.nist.gov/vuln/detail/CVE-2023-3728
CVE-2023-3729Use after free in Splitscreen in Google Chrome on ChromeOS prior to 115.0.5790.98 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. (Chromium security severity: High)https://nvd.nist.gov/vuln/detail/CVE-2023-3729
CVE-2023-3730Use after free in Tab Groups in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)https://nvd.nist.gov/vuln/detail/CVE-2023-3730
CVE-2023-3731Use after free in Diagnostics in Google Chrome on ChromeOS prior to 115.0.5790.98 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)https://nvd.nist.gov/vuln/detail/CVE-2023-3731
CVE-2023-3732Out of bounds memory access in Mojo in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)https://nvd.nist.gov/vuln/detail/CVE-2023-3732
CVE-2023-3733Inappropriate implementation in WebApp Installs in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)https://nvd.nist.gov/vuln/detail/CVE-2023-3733
CVE-2023-3734Inappropriate implementation in Picture In Picture in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)https://nvd.nist.gov/vuln/detail/CVE-2023-3734
CVE-2023-3735Inappropriate implementation in Web API Permission Prompts in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)https://nvd.nist.gov/vuln/detail/CVE-2023-3735
CVE-2023-3736Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 115.0.5790.98 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)https://nvd.nist.gov/vuln/detail/CVE-2023-3736
CVE-2023-3737Inappropriate implementation in Notifications in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to spoof the contents of media notifications via a crafted HTML page. (Chromium security severity: Medium)https://nvd.nist.gov/vuln/detail/CVE-2023-3737
CVE-2023-3738Inappropriate implementation in Autofill in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)https://nvd.nist.gov/vuln/detail/CVE-2023-3738
CVE-2023-3739Insufficient validation of untrusted input in Chromad in Google Chrome on ChromeOS prior to 115.0.5790.98 allowed a remote attacker to execute arbitrary code via a crafted shell script. (Chromium security severity: Low)https://nvd.nist.gov/vuln/detail/CVE-2023-3739
CVE-2023-3740Insufficient validation of untrusted input in Themes in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially serve malicious content to a user via a crafted background URL. (Chromium security severity: Low)https://nvd.nist.gov/vuln/detail/CVE-2023-3740