Security Bulletin 09 Aug 2023

Published on 09 Aug 2023

SingCERT's Security Bulletin summarises the list of vulnerabilities collated from the National Institute of Standards and Technology (NIST)'s National Vulnerability Database (NVD) in the past week.

The vulnerabilities are tabled based on severity, in accordance to their CVSSv3 base scores:


Criticalvulnerabilities with a base score of 9.0 to 10.0
Highvulnerabilities with a base score of 7.0 to 8.9
Mediumvulnerabilities with a base score of 4.0 to 6.9
Lowvulnerabilities with a base score of 0.1 to 3.9
Nonevulnerabilities with a base score of 0.0

For those vulnerabilities without assigned CVSS scores, please visit NVD for the updated CVSS vulnerability entries.

CRITICAL VULNERABILITIES
CVE NumberDescriptionBase ScoreReference
CVE-2023-38490Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 only affects Kirby sites that use the `Xml` data handler (e.g. `Data::decode($string, 'xml')`) or the `Xml::parse()` method in site or plugin code. The Kirby core does not use any of the affected methods.\n\nXML External Entities (XXE) is a little used feature in the XML markup language that allows to include data from external files in an XML structure. If the name of the external file can be controlled by an attacker, this becomes a vulnerability that can be abused for various system impacts like the disclosure of internal or confidential data that is stored on the server (arbitrary file disclosure) or to perform network requests on behalf of the server (server-side request forgery, SSRF).\n\nKirby's `Xml::parse()` method used PHP's `LIBXML_NOENT` constant, which enabled the processing of XML external entities during the parsing operation. The `Xml::parse()` method is used in the `Xml` data handler (e.g. `Data::decode($string, 'xml')`). Both the vulnerable method and the data handler are not used in the Kirby core. However they may be used in site or plugin code, e.g. to parse RSS feeds or other XML files. If those files are of an external origin (e.g. uploaded by a user or retrieved from an external URL), attackers may be able to include an external entity in the XML file that will then be processed in the parsing process. Kirby sites that don't use XML parsing in site or plugin code are *not* affected.\n\nThe problem has been patched in Kirby 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6. In all of the mentioned releases, the maintainers have removed the `LIBXML_NOENT` constant as processing of external entities is out of scope of the parsing logic. This protects all uses of the method against the described vulnerability.10https://nvd.nist.gov/vuln/detail/CVE-2023-38490
CVE-2021-28476Windows Hyper-V Remote Code Execution Vulnerability9.9https://nvd.nist.gov/vuln/detail/CVE-2021-28476
CVE-2023-32231An issue was discovered in Vasion PrinterLogic Client for Windows before 25.0.0.818. During installation, binaries gets executed out of a subfolder in C:\\Windows\\Temp. A standard user can create the folder and path file ahead of time and obtain elevated code execution.9.9https://nvd.nist.gov/vuln/detail/CVE-2023-32231
CVE-2023-32232An issue was discovered in Vasion PrinterLogic Client for Windows before 25.0.0.836. During client installation and repair, a PrinterLogic binary is called by the installer to configure the device. This window is not hidden, and is running with elevated privileges. A standard user can break out of this window, obtaining a full SYSTEM command prompt window. This results in complete compromise via arbitrary SYSTEM code execution (elevation of privileges).9.9https://nvd.nist.gov/vuln/detail/CVE-2023-32232
CVE-2023-3570In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a specific HTTP DELETE request to gain full access to the device.9.9https://nvd.nist.gov/vuln/detail/CVE-2023-3570
CVE-2023-3571In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a specific HTTP POST releated to certificate operations to gain full access to the device.9.9https://nvd.nist.gov/vuln/detail/CVE-2023-3571
CVE-2023-3572In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use an attribute of a specific HTTP POST request releated to date/time operations to gain full access to the device.9.9https://nvd.nist.gov/vuln/detail/CVE-2023-3572
CVE-2023-3573In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with low privileges may use a command injection in a HTTP POST request releated to font configuration operations to gain full access to the device.9.9https://nvd.nist.gov/vuln/detail/CVE-2023-3573
CVE-2020-11928In the media-library-assistant plugin before 2.82 for WordPress, Remote Code Execution can occur via the tax_query, meta_query, or date_query parameter in mla_gallery via an admin.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-11928
CVE-2021-31166HTTP Protocol Stack Remote Code Execution Vulnerability9.8https://nvd.nist.gov/vuln/detail/CVE-2021-31166
CVE-2021-44152An issue was discovered in Reprise RLM 14.2. Because /goform/change_password_process does not verify authentication or authorization, an unauthenticated user can change the password of any existing user. This allows an attacker to change the password of any known user, thereby preventing valid users from accessing the system and granting the attacker full access to that user's account.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-44152
CVE-2021-38578Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2021-38578
CVE-2022-24788Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Versions of vyper prior to 0.3.2 suffer from a potential buffer overrun. Importing a function from a JSON interface which returns `bytes` generates bytecode which does not clamp bytes length, potentially resulting in a buffer overrun. Users are advised to upgrade. There are no known workarounds for this issue.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-24788
CVE-2022-24845Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In affected versions, the return of `<iface>.returns_int128()` is not validated to fall within the bounds of `int128`. This issue can result in a misinterpretation of the integer value and lead to incorrect behavior. As of v0.3.0, `<iface>.returns_int128()` is validated in simple expressions, but not complex expressions. Users are advised to upgrade. There is no known workaround for this issue.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-24845
CVE-2022-0885The Member Hero WordPress plugin through 1.0.9 lacks authorization checks, and does not validate the a request parameter in an AJAX action, allowing unauthenticated users to call arbitrary PHP functions with no arguments.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-0885
CVE-2022-28171The web module in some Hikvision Hybrid SAN/Cluster Storage products have the following security vulnerability. Due to the insufficient input validation, attacker can exploit the vulnerability to execute restricted commands by sending messages with malicious commands to the affected device.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-28171
CVE-2022-32449TOTOLINK EX300_V2 V4.0.3c.7484 was discovered to contain a command injection vulnerability via the langType parameter in the setLanguageCfg function. This vulnerability is exploitable via a crafted MQTT data packet.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-32449
CVE-2022-34858Authentication Bypass vulnerability in miniOrange OAuth 2.0 client for SSO plugin <= 1.11.3 at WordPress.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2022-34858
CVE-2022-27858CSV Injection vulnerability in Activity Log Team Activity Log <= 2.8.3 on WordPress.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2022-27858
CVE-2022-41794A heap based buffer overflow vulnerability exists in the PSD thumbnail resource parsing code of OpenImageIO 2.3.19.0. A specially-crafted PSD file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-41794
CVE-2022-41837An out-of-bounds write vulnerability exists in the OpenImageIO::add_exif_item_to_spec functionality of OpenImageIO Project OpenImageIO v2.4.4.2. Specially-crafted exif metadata can lead to stack-based memory corruption. An attacker can provide a malicious file to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-41837
CVE-2022-4557Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Group Arge Energy and Control Systems Smartpower Web allows SQL Injection.This issue affects Smartpower Web: before 23.01.01.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2022-4557
CVE-2023-1803Authentication Bypass by Alternate Name vulnerability in DTS Electronics Redline Router firmware allows Authentication Bypass.This issue affects Redline Router: before 7.17.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-1803
CVE-2023-1833Authentication Bypass by Primary Weakness vulnerability in DTS Electronics Redline Router firmware allows Authentication Bypass.This issue affects Redline Router: before 7.17.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-1833
CVE-2023-20873In Spring Boot versions 3.0.0 - 3.0.5, 2.7.0 - 2.7.10, and older unsupported versions, an application that is deployed to Cloud Foundry could be susceptible to a security bypass. Users of affected versions should apply the following mitigation: 3.0.x users should upgrade to 3.0.6+. 2.7.x users should upgrade to 2.7.11+. Users of older, unsupported versions should upgrade to 3.0.6+ or 2.7.11+.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-20873
CVE-2022-47758Nanoleaf firmware v7.1.1 and below is missing TLS verification, allowing attackers to execute arbitrary code via a DNS hijacking attack.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-47758
CVE-2023-2712Unrestricted Upload of File with Dangerous Type vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform allows Command Injection, Using Malicious Files, Upload a Web Shell to a Web Server.This issue affects Rental Module: before 23.05.15.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-2712
CVE-2023-2713Authorization Bypass Through User-Controlled Key vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform allows Authentication Abuse, Authentication Bypass.This issue affects Rental Module: before 23.05.15.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-2713
CVE-2023-2882Generation of Incorrect Security Tokens vulnerability in CBOT Chatbot allows Token Impersonation, Privilege Abuse.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-2882
CVE-2023-2884Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG), Use of Insufficiently Random Values vulnerability in CBOT Chatbot allows Signature Spoofing by Key Recreation.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-2884
CVE-2023-2887Authentication Bypass by Spoofing vulnerability in CBOT Chatbot allows Authentication Bypass.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-2887
CVE-2023-33863SerialiseValue in RenderDoc before 1.27 allows an Integer Overflow with a resultant Buffer Overflow. 0xffffffff is sign-extended to 0xffffffffffffffff (SIZE_MAX) and then there is an attempt to add 1.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-33863
CVE-2023-33864StreamReader::ReadFromExternal in RenderDoc before 1.27 allows an Integer Overflow with a resultant Buffer Overflow. It uses uint32_t(m_BufferSize-m_InputSize) even though m_InputSize can exceed m_BufferSize.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-33864
CVE-2023-29402The go command may generate unexpected code at build time when using cgo. This may result in unexpected behavior when running a go program which uses cgo. This may occur when running an untrusted module which contains directories with newline characters in their names. Modules which are retrieved using the go command, i.e. via "go get", are not affected (modules retrieved using GOPATH-mode, i.e. GO111MODULE=off, may be affected).9.8https://nvd.nist.gov/vuln/detail/CVE-2023-29402
CVE-2023-29404The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "#cgo LDFLAGS" directive. The arguments for a number of flags which are non-optional are incorrectly considered optional, allowing disallowed flags to be smuggled through the LDFLAGS sanitization. This affects usage of both the gc and gccgo compilers.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-29404
CVE-2023-29405The go command may execute arbitrary code at build time when using cgo. This may occur when running "go get" on a malicious module, or when running any other command which builds untrusted code. This is can by triggered by linker flags, specified via a "#cgo LDFLAGS" directive. Flags containing embedded spaces are mishandled, allowing disallowed flags to be smuggled through the LDFLAGS sanitization by including them in the argument of another flag. This only affects usage of the gccgo compiler.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-29405
CVE-2023-29129A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions >= V1.17.3 < V1.18.0), Mendix SAML (Mendix 7 compatible) (All versions >= V1.16.4 < V1.17.3), Mendix SAML (Mendix 8 compatible) (All versions >= V2.3.0 < V2.4.0), Mendix SAML (Mendix 8 compatible) (All versions >= V2.2.0 < V2.3.0), Mendix SAML (Mendix 9 latest compatible, New Track) (All versions >= V3.3.1 < V3.6.1), Mendix SAML (Mendix 9 latest compatible, New Track) (All versions >= V3.1.9 < V3.3.1), Mendix SAML (Mendix 9 latest compatible, Upgrade Track) (All versions >= V3.3.0 < V3.6.0), Mendix SAML (Mendix 9 latest compatible, Upgrade Track) (All versions >= V3.1.8 < V3.3.0), Mendix SAML (Mendix 9.12/9.18 compatible, New Track) (All versions >= V3.3.1 < V3.3.15), Mendix SAML (Mendix 9.12/9.18 compatible, Upgrade Track) (All versions >= V3.3.0 < V3.3.14), Mendix SAML (Mendix 9.6 compatible, New Track) (All versions >= V3.1.9 < V3.2.7), Mendix SAML (Mendix 9.6 compatible, Upgrade Track) (All versions >= V3.1.8 < V3.2.6). The affected versions of the module insufficiently verify the SAML assertions. This could allow unauthenticated remote attackers to bypass authentication and get access to the application.\r\n\r\nThis CVE entry describes the incomplete fix for CVE-2023-25957 in a specific non default configuration.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-29129
CVE-2023-3048Authorization Bypass Through User-Controlled Key vulnerability in TMT Lockcell allows Authentication Abuse, Authentication Bypass.This issue affects Lockcell: before 15.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-3048
CVE-2023-3049Unrestricted Upload of File with Dangerous Type vulnerability in TMT Lockcell allows Command Injection.This issue affects Lockcell: before 15.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-3049
CVE-2023-35885CloudPanel 2 before 2.3.1 has insecure file-manager cookie authentication.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-35885
CVE-2023-28094Pega platform clients who are using versions 7.4 through 8.8.x and have upgraded from a version prior to 8.x may be utilizing default credentials.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-28094
CVE-2023-2068The File Manager Advanced Shortcode WordPress plugin through 2.3.2 does not adequately prevent uploading files with disallowed MIME types when using the shortcode. This leads to RCE in cases where the allowed MIME type list does not include PHP files. In the worst case, this is available to unauthenticated users.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-2068
CVE-2023-2601The wpbrutalai WordPress plugin before 2.0.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by admin via CSRF.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-2601
CVE-2020-22336An issue was discovered in pdfcrack 0.17 thru 0.18, allows attackers to execute arbitrary code via a stack overflow in the MD5 function.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-22336
CVE-2023-37151Sourcecodester Online Pizza Ordering System v1.0 allows the upload of malicious PHP files resulting in Remote Code Execution (RCE).9.8https://nvd.nist.gov/vuln/detail/CVE-2023-37151
CVE-2023-37152Projectworlds Online Art Gallery Project 1.0 allows unauthenticated users to perform arbitrary file uploads via the adminHome.php page.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-37152
CVE-2023-3696Prototype Pollution in GitHub repository automattic/mongoose prior to 7.3.4.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-3696
CVE-2023-3519Unauthenticated remote code execution\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-3519
CVE-2023-38408The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-38408
CVE-2023-37292Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in HGiga iSherlock 4.5 (iSherlock-user modules), HGiga iSherlock 5.5 (iSherlock-user modules) allows OS Command Injection.This issue affects iSherlock 4.5: before iSherlock-user-4.5-174; iSherlock 5.5: before iSherlock-user-5.5-174.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-37292
CVE-2023-35086\nIt is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by directly using input as a format string when calling syslog in logmessage_normal function, in the do_detwan_cgi module of httpd. An unauthenticated remote attacker without privilege can exploit this vulnerability to perform remote arbitrary code execution, arbitrary system operation or disrupt service.\n\nThis issue affects RT-AX56U V2: 3.0.0.4.386_50460; RT-AC86U: 3.0.0.4_386_51529.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-35086
CVE-2023-35087\nIt is identified a format string vulnerability in ASUS RT-AX56U V2 & RT-AC86U. This vulnerability is caused by lacking validation for a specific value when calling cm_processChangedConfigMsg in ccm_processREQ_CHANGED_CONFIG function in AiMesh system. An unauthenticated remote attacker can exploit this vulnerability without privilege to perform remote arbitrary code execution, arbitrary system operation or disrupt service.\nThis issue affects RT-AX56U V2: 3.0.0.4.386_50460; RT-AC86U: 3.0.0.4_386_51529.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-35087
CVE-2023-35078\nIvanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, through 11.10 allows remote attackers to obtain PII, add an administrative account, and change the configuration because of an authentication bypass, as exploited in the wild in July 2023. A patch is available.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-35078
CVE-2023-35088Improper Neutralization of Special Elements Used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. \nIn the toAuditCkSql method, the groupId, streamId, auditId, and dt are directly concatenated into the SQL query statement, which may lead to SQL injection attacks.\nUsers are advised to upgrade to Apache InLong's 1.8.0 or cherry-pick [1] to solve it.\n\n[1] https://github.com/apache/inlong/pull/8198 \n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-35088
CVE-2023-3548An unauthorized user could gain account access to IQ Wifi 6 versions prior to 2.0.2 by conducting a brute force authentication attack.\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-3548
CVE-2023-37895Java object deserialization issue in Jackrabbit webapp/standalone on all platforms allows attacker to remotely execute code via RMIVersions up to (including) 2.20.10 (stable branch) and 2.21.17 (unstable branch) use the component "commons-beanutils", which contains a class that can be used for remote code execution over RMI.\n\nUsers are advised to immediately update to versions 2.20.11 or 2.21.18. Note that earlier stable branches (1.0.x .. 2.18.x) have been EOLd already and do not receive updates anymore.\n\nIn general, RMI support can expose vulnerabilities by the mere presence of an exploitable class on the classpath. Even if Jackrabbit itself does not contain any code known to be exploitable anymore, adding other components to your server can expose the same type of problem. We therefore recommend to disable RMI access altogether (see further below), and will discuss deprecating RMI support in future Jackrabbit releases.\n\nHow to check whether RMI support is enabledRMI support can be over an RMI-specific TCP port, and over an HTTP binding. Both are by default enabled in Jackrabbit webapp/standalone.\n\nThe native RMI protocol by default uses port 1099. To check whether it is enabled, tools like "netstat" can be used to check.\n\nRMI-over-HTTP in Jackrabbit by default uses the path "/rmi". So when running standalone on port 8080, check whether an HTTP GET request on localhost:8080/rmi returns 404 (not enabled) or 200 (enabled). Note that the HTTP path may be different when the webapp is deployed in a container as non-root context, in which case the prefix is under the user's control.\n\nTurning off RMIFind web.xml (either in JAR/WAR file or in unpacked web application folder), and remove the declaration and the mapping definition for the RemoteBindingServlet:\n\n        <servlet>\n            <servlet-name>RMI</servlet-name>\n            <servlet-class>org.apache.jackrabbit.servlet.remote.RemoteBindingServlet</servlet-class>\n        </servlet>\n\n        <servlet-mapping>\n            <servlet-name>RMI</servlet-name>\n            <url-pattern>/rmi</url-pattern>\n        </servlet-mapping>\n\nFind the bootstrap.properties file (in $REPOSITORY_HOME), and set\n\n        rmi.enabled=false\n\n    and also remove\n\n        rmi.host\n        rmi.port\n        rmi.url-pattern\n\n If there is no file named bootstrap.properties in $REPOSITORY_HOME, it is located somewhere in the classpath. In this case, place a copy in $REPOSITORY_HOME and modify it as explained.\n\n \n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-37895
CVE-2023-35941Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, a malicious client is able to construct credentials with permanent validity in some specific scenarios. This is caused by the some rare scenarios in which HMAC payload can be always valid in OAuth2 filter's check. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, avoid wildcards/prefix domain wildcards in the host's domain configuration.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-35941
CVE-2023-35980There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-35980
CVE-2023-35981There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-35981
CVE-2023-35982There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of these vulnerabilities result in the ability to execute arbitrary code as a privileged user on the underlying operating system.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-35982
CVE-2023-37460Plexis Archiver is a collection of Plexus components to create archives or extract archives to a directory with a unified `Archiver`/`UnArchiver` API. Prior to version 4.8.0, using AbstractUnArchiver for extracting an archive might lead to an arbitrary file creation and possibly remote code execution. When extracting an archive with an entry that already exists in the destination directory as a symbolic link whose target does not exist - the `resolveFile()` function will return the symlink's source instead of its target, which will pass the verification that ensures the file will not be extracted outside of the destination directory. Later `Files.newOutputStream()`, that follows symlinks by default, will actually write the entry's content to the symlink's target. Whoever uses plexus archiver to extract an untrusted archive is vulnerable to an arbitrary file creation and possibly remote code execution. Version 4.8.0 contains a patch for this issue.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-37460
CVE-2023-37677Pligg CMS v2.0.2 (also known as Kliqqi) was discovered to contain a remote code execution (RCE) vulnerability in the component admin_editor.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-37677
CVE-2023-37920Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-37920
CVE-2023-38647An attacker can use SnakeYAML to deserialize java.net.URLClassLoader and make it load a JAR from a specified URL, and then deserialize javax.script.ScriptEngineManager to load code using that ClassLoader. This unbounded deserialization can likely lead to remote code execution. The code can be run in Helix REST start and Workflow creation.\n\nAffect all the versions lower and include 1.2.0.\n\nAffected products: helix-core, helix-rest\n\nMitigation: Short term, stop using any YAML based configuration and workflow creation.\n                  Long term, all Helix version bumping up to 1.3.0 \n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-38647
CVE-2023-26859SQL injection vulnerability found in PrestaShop sendinblue v.4.0.15 and before allow a remote attacker to gain privileges via the ajaxOrderTracking.php component.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-26859
CVE-2023-31465An issue was discovered in FSMLabs TimeKeeper 8.0.17 through 8.0.28. By intercepting requests from various timekeeper streams, it is possible to find the getsamplebacklog call. Some query parameters are passed directly in the URL and named arg[x], with x an integer starting from 1; it is possible to modify arg[2] to insert Bash code that will be executed directly by the server.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-31465
CVE-2023-3956The InstaWP Connect plugin for WordPress is vulnerable to unauthorized access of data, modification of data and loss of data due to a missing capability check on the 'events_receiver' function in versions up to, and including, 0.0.9.18. This makes it possible for unauthenticated attackers to add, modify or delete post and taxonomy, install, activate or deactivate plugin, change customizer settings, add or modify or delete user including administrator user.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-3956
CVE-2023-3974OS Command Injection in GitHub repository jgraph/drawio prior to 21.4.0.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-3974
CVE-2023-3975OS Command Injection in GitHub repository jgraph/drawio prior to 21.5.0.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-3975
CVE-2023-38495Crossplane is a framework for building cloud native control planes without needing to write code. In versions prior to 1.11.5, 1.12.3, and 1.13.0, Crossplane's image backend does not validate the byte contents of Crossplane packages. As such, Crossplane does not detect if an attacker has tampered with a Package. The problem has been fixed in 1.11.5, 1.12.3 and 1.13.0. As a workaround, only use images from trusted sources and keep Package editing/creating privileges to administrators only.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-38495
CVE-2023-33743TeleAdapt RoomCast TA-2400 1.0 through 3.1 is vulnerable to Improper Access Control; specifically, Android Debug Bridge (adb) is available.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-33743
CVE-2023-33744TeleAdapt RoomCast TA-2400 1.0 through 3.1 suffers from Use of a Hard-coded Password (PIN): 385521, 843646, and 592671.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-33744
CVE-2023-33745TeleAdapt RoomCast TA-2400 1.0 through 3.1 is vulnerable to Improper Privilege Management: from the shell available after an adb connection, simply entering the su command provides root access (without requiring a password).9.8https://nvd.nist.gov/vuln/detail/CVE-2023-33745
CVE-2023-3984A vulnerability, which was classified as critical, was found in phpscriptpoint RecipePoint 1.9. This affects an unknown part of the file /recipe-result. The manipulation of the argument text/category/type/difficulty/cuisine/cooking_method leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-235605 was assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-3984
CVE-2023-34425The issue was addressed with improved memory handling. This issue is fixed in watchOS 9.6, macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, macOS Big Sur 11.7.9, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-34425
CVE-2023-36495An integer overflow was addressed with improved input validation. This issue is fixed in watchOS 9.6, macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-36495
CVE-2023-37285An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-37285
CVE-2023-38598A use-after-free issue was addressed with improved memory management. This issue is fixed in watchOS 9.6, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-38598
CVE-2023-38604An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in watchOS 9.6, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-38604
CVE-2023-3985A vulnerability has been found in SourceCodester Online Jewelry Store 1.0 and classified as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-235606 is the identifier assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-3985
CVE-2023-3987A vulnerability was found in SourceCodester Simple Online Mens Salon Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/?page=user/manage_user&id=3. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235608.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-3987
CVE-2023-3988A vulnerability was found in Cafe Billing System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file index.php of the component Order Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-235609 was assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-3988
CVE-2023-37754PowerJob v4.3.3 was discovered to contain a remote command execution (RCE) vulnerability via the instanceId parameter at /instance/detail.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-37754
CVE-2023-38992jeecg-boot v3.5.1 was discovered to contain a SQL injection vulnerability via the title parameter at /sys/dict/loadTreeData.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-38992
CVE-2023-39010BoofCV 0.42 was discovered to contain a code injection vulnerability via the component boofcv.io.calibration.CalibrationIO.load. This vulnerability is exploited by loading a crafted camera calibration file.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-39010
CVE-2023-39013Duke v1.2 and below was discovered to contain a code injection vulnerability via the component no.priv.garshol.duke.server.CommonJTimer.init.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-39013
CVE-2023-39015webmagic-extension v0.9.0 and below was discovered to contain a code injection vulnerability via the component us.codecraft.webmagic.downloader.PhantomJSDownloader.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-39015
CVE-2023-39016bboss-persistent v6.0.9 and below was discovered to contain a code injection vulnerability in the component com.frameworkset.common.poolman.util.SQLManager.createPool. This vulnerability is exploited via passing an unchecked argument.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-39016
CVE-2023-39017quartz-jobs 2.3.2 and below was discovered to contain a code injection vulnerability in the component org.quartz.jobs.ee.jms.SendQueueMessageJob.execute. This vulnerability is exploited via passing an unchecked argument.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-39017
CVE-2023-39018FFmpeg 0.7.0 and below was discovered to contain a code injection vulnerability in the component net.bramp.ffmpeg.FFmpeg.<constructor>. This vulnerability is exploited via passing an unchecked argument.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-39018
CVE-2023-39020stanford-parser v3.9.2 and below was discovered to contain a code injection vulnerability in the component edu.stanford.nlp.io.getBZip2PipedInputStream. This vulnerability is exploited via passing an unchecked argument.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-39020
CVE-2023-39021wix-embedded-mysql v4.6.1 and below was discovered to contain a code injection vulnerability in the component com.wix.mysql.distribution.Setup.apply. This vulnerability is exploited via passing an unchecked argument.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-39021
CVE-2023-39022oscore v2.2.6 and below was discovered to contain a code injection vulnerability in the component com.opensymphony.util.EJBUtils.createStateless. This vulnerability is exploited via passing an unchecked argument.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-39022
CVE-2023-39023university compass v2.2.0 and below was discovered to contain a code injection vulnerability in the component org.compass.core.executor.DefaultExecutorManager.configure. This vulnerability is exploited via passing an unchecked argument.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-39023
CVE-2023-32227Synel SYnergy Fingerprint Terminals - CWE-798: Use of Hard-coded Credentials9.8https://nvd.nist.gov/vuln/detail/CVE-2023-32227
CVE-2023-37213Synel SYnergy Fingerprint Terminals - CWE-78: 'OS Command Injection'9.8https://nvd.nist.gov/vuln/detail/CVE-2023-37213
CVE-2023-37214\nHeights Telecom ERO1xS-Pro Dual-Band FW version BZ_ERO1XP.025.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-37214
CVE-2023-37215JBL soundbar multibeam 5.1 - CWE-798: Use of Hard-coded Credentials9.8https://nvd.nist.gov/vuln/detail/CVE-2023-37215
CVE-2023-4005Insufficient Session Expiration in GitHub repository fossbilling/fossbilling prior to 0.5.5.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-4005
CVE-2023-4006Improper Neutralization of Formula Elements in a CSV File in GitHub repository thorsten/phpmyfaq prior to 3.1.16.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-4006
CVE-2023-35861A shell-injection vulnerability in email notifications on Supermicro motherboards (such as H12DST-B before 03.10.35) allows remote attackers to inject execute arbitrary commands as root on the BMC.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-35861
CVE-2023-37647SEMCMS v1.5 was discovered to contain a SQL injection vulnerability via the id parameter at /Ant_Suxin.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-37647
CVE-2020-21662SQL injection vulnerability in yunyecms 2.0.2 allows remote attackers to run arbitrary SQL commands via XFF.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-21662
CVE-2023-34635Wifi Soft Unibox Administration 3.0 and 3.1 is vulnerable to SQL Injection. The vulnerability occurs because of not validating or sanitizing the user input in the username field of the login page.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-34635
CVE-2023-34644Remote code execution vulnerability in Ruijie Networks Product: RG-EW series home routers and repeaters EW_3.0(1)B11P204, RG-NBS and RG-S1930 series switches SWITCH_3.0(1)B11P218, RG-EG series business VPN routers EG_3.0(1)B11P216, EAP and RAP series wireless access points AP_3.0(1)B11P218, NBC series wireless controllers AC_3.0(1)B11P86 allows unauthorized remote attackers to gain the highest privileges via crafted POST request to /cgi-bin/luci/api/auth.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-34644
CVE-2023-34842Remote Code Execution vulnerability in DedeCMS through 5.7.109 allows remote attackers to run arbitrary code via crafted POST request to /dede/tpl.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-34842
CVE-2023-37771Art Gallery Management System v1.0 contains a SQL injection vulnerability via the cid parameter at /agms/product.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-37771
CVE-2023-39122BMC Control-M through 9.0.20.200 allows SQL injection via the /RF-Server/report/deleteReport report-id parameter. This is fixed in 9.0.21 (and is also fixed by a patch for 9.0.20.200).9.8https://nvd.nist.gov/vuln/detail/CVE-2023-39122
CVE-2023-34960A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11.* up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-34960
CVE-2023-37478pnpm is a package manager. It is possible to construct a tarball that, when installed via npm or parsed by the registry is safe, but when installed via pnpm is malicious, due to how pnpm parses tar archives. This can result in a package that appears safe on the npm registry or when installed via npm being replaced with a compromised or malicious version when installed via pnpm. This issue has been patched in version(s) 7.33.4 and 8.6.8.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-37478
CVE-2022-39986A Command injection vulnerability in RaspAP 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands via the cfg_id parameter in /ajax/openvpn/activate_ovpncfg.php and /ajax/openvpn/del_ovpncfg.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-39986
CVE-2023-31710TP-Link Archer AX21(US)_V3_1.1.4 Build 20230219 and AX21(US)_V3.6_1.1.4 Build 20230219 are vulnerable to Buffer Overflow.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-31710
CVE-2023-34634Greenshot 1.2.10 and below allows arbitrary code execution because .NET content is insecurely deserialized when a .greenshot file is opened.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-34634
CVE-2023-4056Memory safety bugs present in Firefox 115, Firefox ESR 115.0, Firefox ESR 102.13, Thunderbird 115.0, and Thunderbird 102.13. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-4056
CVE-2023-4057Memory safety bugs present in Firefox 115, Firefox ESR 115.0, and Thunderbird 115.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116, Firefox ESR < 115.1, and Thunderbird < 115.1.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-4057
CVE-2023-4058Memory safety bugs present in Firefox 115. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 116.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-4058
CVE-2023-33493An Unrestricted Upload of File with Dangerous Type vulnerability in the Ajaxmanager File and Database explorer (ajaxmanager) module for PrestaShop through 2.3.0, allows remote attackers to upload dangerous files without restrictions.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-33493
CVE-2023-36210MotoCMS Version 3.4.3 Store Category Template was discovered to contain a Server-Side Template Injection (SSTI) vulnerability via the keyword parameter.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-36210
CVE-2023-33561Improper input validation of password parameter in PHP Jabbers Time Slots Booking Calendar v 3.3 results in insecure passwords.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-33561
CVE-2023-33562User enumeration is found in in PHP Jabbers Time Slots Booking Calendar v3.3. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-33562
CVE-2023-26443Full-text autocomplete search allows user-provided SQL syntax to be injected to SQL statements. With existing sanitization in place, this can be abused to trigger benign SQL Exceptions but could potentially be escalated to a malicious SQL injection vulnerability. We now properly encode single quotes for SQL FULLTEXT queries. No publicly available exploits are known.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-26443
CVE-2023-26317A vulnerability has been discovered in Xiaomi routers that could allow command injection through an external interface. This vulnerability arises from inadequate filtering of responses returned from the external interface. Attackers could exploit this vulnerability by hijacking the ISP or an upper-layer router to gain privileges on the Xiaomi router. Successful exploitation of this flaw could permit remote code execution and complete compromise of the device.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-26317
CVE-2022-40609IBM SDK, Java Technology Edition 7.1.5.18 and 8.0.8.0 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe deserialization flaw. By sending specially-crafted data, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 236069.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-40609
CVE-2023-1437All versions prior to 9.1.4 of Advantech WebAccess/SCADA are vulnerable to use of untrusted pointers. The RPC arguments the client sent client could contain raw memory pointers for the server to use as-is. This could allow an attacker to gain access to the remote file system and the ability to execute commands and overwrite files.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-1437
CVE-2023-33371Control ID IDSecure 4.7.26.0 and prior uses a hardcoded cryptographic key in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-33371
CVE-2023-36082An isssue in GatesAIr Flexiva FM Transmitter/Exiter Fax 150W allows a remote attacker to gain privileges via the LDAP and SMTP credentials.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-36082
CVE-2023-38954ZKTeco BioAccess IVS v3.3.1 was discovered to contain a SQL injection vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-38954
CVE-2023-37679A remote command execution (RCE) vulnerability in NextGen Mirth Connect v4.3.0 allows attackers to execute arbitrary commands on the hosting server.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-37679
CVE-2023-21408\nDue to insufficient file permissions, unprivileged users could gain access to unencrypted user credentials\nthat are used in the integration interface towards 3rd party systems.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-21408
CVE-2023-21409\nDue to insufficient file permissions, unprivileged users could gain access to unencrypted administrator\ncredentials allowing the configuration of the application.\n\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-21409
CVE-2023-4008An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible to takeover GitLab Pages with unique domain URLs if the random string added was known.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-4008
CVE-2023-4120A vulnerability was found in Beijing Baichuo Smart S85F Management Platform up to 20230722 and classified as critical. This issue affects some unknown processing of the file importhtml.php. The manipulation of the argument sql leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235967. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-4120
CVE-2023-4121A vulnerability was found in Beijing Baichuo Smart S85F Management Platform up to 20230722. It has been classified as critical. Affected is an unknown function. The manipulation of the argument file_upload leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235968. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-4121
CVE-2023-36213SQL injection vulnerability in MotoCMS v.3.4.3 allows a remote attacker to gain privileges via the keyword parameter of the search function.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-36213
CVE-2023-33666ai-dev aioptimizedcombinations before v0.1.3 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-33666
CVE-2023-38951A path traversal vulnerability in ZKTeco BioTime v8.5.5 allows attackers to write arbitrary files via using a malicious SFTP configuration.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-38951
CVE-2023-33665ai-dev aitable before v0.2.2 was discovered to contain a SQL injection vulnerability via the component /includes/ajax.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-33665
CVE-2023-36131PHPJabbers Availability Booking Calendar 5.0 is vulnerable to Incorrect Access Control due to improper input validation of password parameter.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-36131
CVE-2023-36132PHP Jabbers Availability Booking Calendar 5.0 is vulnerable to Incorrect Access Control.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-36132
CVE-2023-36133PHPJabbers Availability Booking Calendar 5.0 is vulnerable to User Account Takeover through username/password change.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-36133
CVE-2023-36134In PHP Jabbers Class Scheduling System 1.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-36134
CVE-2023-36139In PHPJabbers Cleaning Business Software 1.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-36139
CVE-2023-39143PaperCut NG and PaperCut MF before 22.1.3 on Windows allow path traversal, enabling attackers to upload, read, or delete arbitrary files. This leads to remote code execution when external device integration is enabled (a very common configuration).9.8https://nvd.nist.gov/vuln/detail/CVE-2023-39143
CVE-2023-33372Connected IO v2.1.0 and prior uses a hard-coded username/password pair embedded in their device's firmware used for device communication using MQTT. An attacker who gained access to these credentials is able to connect to the MQTT broker and send messages on behalf of devices, impersonating them. in order to sign and verify JWT session tokens, allowing attackers to sign arbitrary session tokens and bypass authentication.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-33372
CVE-2023-33373Connected IO v2.1.0 and prior keeps passwords and credentials in clear-text format, allowing attackers to exfiltrate the credentials and use them to impersonate the devices.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-33373
CVE-2023-33374Connected IO v2.1.0 and prior has a command as part of its communication protocol allowing the management platform to specify arbitrary OS commands for devices to execute. Attackers abusing this dangerous functionality may issue all devices OS commands to execute, resulting in arbitrary remote command execution.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-33374
CVE-2023-33375Connected IO v2.1.0 and prior has a stack-based buffer overflow vulnerability in its communication protocol, enabling attackers to take control over devices.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-33375
CVE-2023-33376Connected IO v2.1.0 and prior has an argument injection vulnerability in its iptables command message in its communication protocol, enabling attackers to execute arbitrary OS commands on devices.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-33376
CVE-2023-33377Connected IO v2.1.0 and prior has an OS command injection vulnerability in the set firewall command in part of its communication protocol, enabling attackers to execute arbitrary OS commands on devices.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-33377
CVE-2023-33378Connected IO v2.1.0 and prior has an argument injection vulnerability in its AT command message in its communication protocol, enabling attackers to execute arbitrary OS commands on devices.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-33378
CVE-2023-39551PHPGurukul Online Security Guards Hiring System v.1.0 is vulnerable to SQL Injection via osghs/admin/search.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-39551
CVE-2023-3898Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mAyaNet E-Commerce Software allows SQL Injection.This issue affects E-Commerce Software: before 1.1.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-3898
CVE-2023-3717Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Farmakom Remote Administration Console allows SQL Injection.This issue affects Remote Administration Console: before 1.02.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-3717
CVE-2023-3716Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oduyo Online Collection Software allows SQL Injection.This issue affects Online Collection Software: before 1.0.1.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-3716
CVE-2023-3651Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Digital Ant E-Commerce Software allows SQL Injection.This issue affects E-Commerce Software: before 11.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-3651
CVE-2023-3386Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in a2 Camera Trap Tracking System allows SQL Injection.This issue affects Camera Trap Tracking System: before 3.1905.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-3386
CVE-2023-3522Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in a2 License Portal System allows SQL Injection.This issue affects License Portal System: before 1.48.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-3522
CVE-2023-21709Microsoft Exchange Server Elevation of Privilege Vulnerability9.8https://nvd.nist.gov/vuln/detail/CVE-2023-21709
CVE-2023-35385Microsoft Message Queuing Remote Code Execution Vulnerability9.8https://nvd.nist.gov/vuln/detail/CVE-2023-35385
CVE-2023-36910Microsoft Message Queuing Remote Code Execution Vulnerability9.8https://nvd.nist.gov/vuln/detail/CVE-2023-36910
CVE-2023-36911Microsoft Message Queuing Remote Code Execution Vulnerability9.8https://nvd.nist.gov/vuln/detail/CVE-2023-36911
CVE-2022-4920Heap buffer overflow in Blink in Google Chrome prior to 101.0.4951.41 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)9.6https://nvd.nist.gov/vuln/detail/CVE-2022-4920
CVE-2022-4924Use after free in WebRTC in Google Chrome prior to 97.0.4692.71 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)9.6https://nvd.nist.gov/vuln/detail/CVE-2022-4924
CVE-2023-3526In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an unauthenticated remote attacker could use a reflective XSS within the license viewer page of the devices in order to execute code in the context of the user's browser.9.6https://nvd.nist.gov/vuln/detail/CVE-2023-3526
CVE-2023-1935ROC800-Series RTU devices are vulnerable to an authentication bypass, which could allow an attacker to gain unauthorized access to data or control of the device and cause a denial-of-service condition.9.4https://nvd.nist.gov/vuln/detail/CVE-2023-1935
CVE-2022-1650Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository eventsource/eventsource prior to v2.0.2.\n\n9.3https://nvd.nist.gov/vuln/detail/CVE-2022-1650
CVE-2022-1252Use of a Broken or Risky Cryptographic Algorithm in GitHub repository gnuboard/gnuboard5 prior to and including 5.5.5. A vulnerability in gnuboard v5.5.5 and below uses weak encryption algorithms leading to sensitive information exposure. This allows an attacker to derive the email address of any user, including when the 'Let others see my information.' box is ticked off. Or to send emails to any email address, with full control of its contents\n\n9.1https://nvd.nist.gov/vuln/detail/CVE-2022-1252
CVE-2022-41649A heap out of bounds read vulnerability exists in the handling of IPTC data while parsing TIFF images in OpenImageIO v2.3.19.0. A specially-crafted TIFF file can cause a read of adjacent heap memory, which can leak sensitive process information. An attacker can provide a malicious file to trigger this vulnerability.9.1https://nvd.nist.gov/vuln/detail/CVE-2022-41649
CVE-2023-31146Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, during codegen, the length word of a dynarray is written before the data, which can result in out-of-bounds array access in the case where the dynarray is on both the lhs and rhs of an assignment. The issue can cause data corruption across call frames. The expected behavior is to revert due to out-of-bounds array access. Version 0.3.8 contains a patch for this issue.9.1https://nvd.nist.gov/vuln/detail/CVE-2023-31146
CVE-2022-42183Precisely Spectrum Spatial Analyst 20.01 is vulnerable to Server-Side Request Forgery (SSRF).9.1https://nvd.nist.gov/vuln/detail/CVE-2022-42183
CVE-2023-33369A path traversal vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing attackers to delete arbitrary files on IDSecure filesystem, causing a denial of service.9.1https://nvd.nist.gov/vuln/detail/CVE-2023-33369
CVE-2023-37364In WS-Inc J WBEM Server 4.7.4 before 4.7.5, the CIM-XML protocol adapter does not disable entity resolution. This allows context-dependent attackers to read arbitrary files or cause a denial of service, a similar issue to CVE-2013-4152.9.1https://nvd.nist.gov/vuln/detail/CVE-2023-37364
CVE-2023-36217Cross Site Scripting vulnerability in Xoops CMS v.2.5.10 allows a remote attacker to execute arbitrary code via the category name field of the image manager function.9https://nvd.nist.gov/vuln/detail/CVE-2023-36217

OTHER VULNERABILITIES
CVE NumberDescriptionBase ScoreReference
CVE-2021-28474Microsoft SharePoint Server Remote Code Execution Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2021-28474
CVE-2021-31181Microsoft SharePoint Remote Code Execution Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2021-31181
CVE-2021-31194OLE Automation Remote Code Execution Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2021-31194
CVE-2021-41121Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions when performing a function call inside a literal struct, there is a memory corruption issue that occurs because of an incorrect pointer to the the top of the stack. This issue has been resolved in version 0.3.0.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-41121
CVE-2021-35234Numerous exposed dangerous functions within Orion Core has allows for read-only SQL injection leading to privileged escalation. An attacker with low-user privileges may steal password hashes and password salt information.\n\n8.8https://nvd.nist.gov/vuln/detail/CVE-2021-35234
CVE-2022-0580Incorrect Authorization in Packagist librenms/librenms prior to 22.2.0.\n\n8.8https://nvd.nist.gov/vuln/detail/CVE-2022-0580
CVE-2022-0611Missing Authorization in Packagist snipe/snipe-it prior to 5.3.11.\n\n8.8https://nvd.nist.gov/vuln/detail/CVE-2022-0611
CVE-2022-33891The Apache Spark UI offers the possibility to enable ACLs via the configuration option spark.acls.enable. With an authentication filter, this checks whether a user has access permissions to view or modify the application. If ACLs are enabled, a code path in HttpSecurityFilter can allow someone to perform impersonation by providing an arbitrary user name. A malicious user might then be able to reach a permission check function that will ultimately build a Unix shell command based on their input, and execute it. This will result in arbitrary shell command execution as the user Spark is currently running as. This affects Apache Spark versions 3.0.3 and earlier, versions 3.1.1 to 3.1.2, and versions 3.2.0 to 3.2.1.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-33891
CVE-2022-2818Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository cockpit-hq/cockpit prior to 2.2.2.\n\n8.8https://nvd.nist.gov/vuln/detail/CVE-2022-2818
CVE-2022-37400Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in OpenOffice existed where the required initialization vector for encryption was always the same which weakens the security of the encryption making them vulnerable if an attacker has access to the user's configuration data. This issue affects: Apache OpenOffice versions prior to 4.1.13. Reference: CVE-2022-26306 - LibreOffice8.8https://nvd.nist.gov/vuln/detail/CVE-2022-37400
CVE-2022-37401Apache OpenOffice supports the storage of passwords for web connections in the user's configuration database. The stored passwords are encrypted with a single master key provided by the user. A flaw in OpenOffice existed where master key was poorly encoded resulting in weakening its entropy from 128 to 43 bits making the stored passwords vulnerable to a brute force attack if an attacker has access to the users stored config. This issue affects: Apache OpenOffice versions prior to 4.1.13. Reference: CVE-2022-26307 - LibreOffice8.8https://nvd.nist.gov/vuln/detail/CVE-2022-37401
CVE-2022-37435Apache ShenYu Admin has insecure permissions, which may allow low-privilege administrators to modify high-privilege administrator's passwords. This issue affects Apache ShenYu 2.4.2 and 2.4.3.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-37435
CVE-2022-36961A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege escalation or remote code execution.\n\n8.8https://nvd.nist.gov/vuln/detail/CVE-2022-36961
CVE-2022-36960SolarWinds Platform was susceptible to Improper Input Validation. This vulnerability allows a remote adversary with valid access to SolarWinds Web Console to escalate user privileges.\n\n8.8https://nvd.nist.gov/vuln/detail/CVE-2022-36960
CVE-2023-1522SQL Injection in the Hardware Inventory report of Security Center 5.11.2.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-1522
CVE-2023-2929Out of bounds write in Swiftshader in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-2929
CVE-2023-0767An attacker could construct a PKCS 12 cert bundle in such a way that could allow for arbitrary memory writes via PKCS 12 Safe Bag attributes being mishandled. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-0767
CVE-2023-22653An OS command injection vulnerability exists in the vtysh_ubus tcpdump_start_cb functionality of Milesight UR32L v32.3.0.5. A specially crafted HTTP request can lead to command execution. An authenticated attacker can send an HTTP request to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-22653
CVE-2023-24018A stack-based buffer overflow vulnerability exists in the libzebra.so.0.0.0 security_decrypt_password functionality of Milesight UR32L v32.3.0.5. A specially crafted HTTP request can lead to a buffer overflow. An authenticated attacker can send an HTTP request to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-24018
CVE-2023-27867IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code via JNDI Injection. By sending a specially crafted request using the property clientRerouteServerListJNDIName, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 249514.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-27867
CVE-2023-27868IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked class instantiation when providing plugin classes. By sending a specially crafted request using the named pluginClassName class, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 249516.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-27868
CVE-2023-27869IBM Db2 JDBC Driver for Db2 for Linux, UNIX and Windows 10.5, 11.1, and 11.5 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unchecked logger injection. By sending a specially crafted request using the named traceFile property, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 249517.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-27869
CVE-2023-2329The WooCommerce Google Sheet Connector WordPress plugin before 1.3.6 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack8.8https://nvd.nist.gov/vuln/detail/CVE-2023-2329
CVE-2022-28863An issue was discovered in Nokia NetAct 22. A remote user, authenticated to the website, can visit the Site Configuration Tool section and arbitrarily upload potentially dangerous files without restrictions via the /netact/sct dir parameter in conjunction with the operation=upload value.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-28863
CVE-2022-28864An issue was discovered in Nokia NetAct 22 through the Administration of Measurements website section. A malicious user can edit or add the templateName parameter in order to include malicious code, which is then downloaded as a .csv or .xlsx file and executed on a victim machine. Here, the /aom/html/EditTemplate.jsf and /aom/html/ViewAllTemplatesPage.jsf templateName parameter is used.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-28864
CVE-2022-30280/SecurityManagement/html/createuser.jsf in Nokia NetAct 22 allows CSRF. A remote attacker is able to create users with arbitrary privileges, even administrative privileges. The application (even if it implements a CSRF token for the random GET request) does not ever verify a CSRF token. With a little help of social engineering/phishing (such as sending a link via email or chat), an attacker may trick the users of a web application into executing actions of the attacker's choosing. If the victim is a normal user, a successful CSRF attack can force the user to perform state changing requests like transferring funds, changing their email address, and so forth. If the victim is an administrative account, CSRF can compromise the entire web application.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-30280
CVE-2023-3321\nA vulnerability exists by allowing low-privileged users to read and update the data in various directories used by the Zenon system. An attacker could exploit the vulnerability by using specially crafted\nprograms to exploit the vulnerabilities by allowing them to run on the zenon installed hosts.\nThis issue affects ABB Ability™ zenon: from 11 build through 11 build 106404.\n\n8.8https://nvd.nist.gov/vuln/detail/CVE-2023-3321
CVE-2023-21406\nAriel Harush and Roy Hodir from OTORIO have found a flaw in the AXIS A1001 when\ncommunicating over OSDP. A heap-based buffer overflow was found in the pacsiod process which\nis handling the OSDP communication allowing to write outside of the allocated buffer. By\nappending invalid data to an OSDP message it was possible to write data beyond the heap\nallocated buffer. The data written outside the buffer could be used to execute arbitrary code. \n\nlease refer to the Axis security advisory for more information, mitigation and affected products and software versions.\n\n8.8https://nvd.nist.gov/vuln/detail/CVE-2023-21406
CVE-2023-2626There exists an authentication bypass vulnerability in OpenThread border router devices and implementations. This issue allows unauthenticated nodes to craft radio frames using “Key ID Mode 2”: a special mode using a static encryption key to bypass security checks, resulting in arbitrary IP packets being allowed on the Thread network.\n This provides a pathway for an attacker to send/receive arbitrary IPv6 packets to devices on the LAN, potentially exploiting them if they lack additional authentication or contain any network vulnerabilities that would normally be mitigated by the home router’s NAT firewall. Effected devices have been mitigated through an automatic update beyond the affected range.\n8.8https://nvd.nist.gov/vuln/detail/CVE-2023-2626
CVE-2023-38555Authentication bypass vulnerability in Fujitsu network devices Si-R series and SR-M series allows a network-adjacent unauthenticated attacker to obtain, change, and/or reset configuration settings of the affected products. Affected products and versions are as follows: Si-R 30B all versions, Si-R 130B all versions, Si-R 90brin all versions, Si-R570B all versions, Si-R370B all versions, Si-R220D all versions, Si-R G100 V02.54 and earlier, Si-R G200 V02.54 and earlier, Si-R G100B V04.12 and earlier, Si-R G110B V04.12 and earlier, Si-R G200B V04.12 and earlier, Si-R G210 V20.52 and earlier, Si-R G211 V20.52 and earlier, Si-R G120 V20.52 and earlier, Si-R G121 V20.52 and earlier, and SR-M 50AP1 all versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-38555
CVE-2022-43710Interactive Forms (IAF) in GX Software XperienCentral versions 10.31.0 until 10.33.0 was vulnerable to cross site request forgery (CSRF) because the unique token could be deduced using the names of all input fields.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-43710
CVE-2023-28012HCL BigFix Mobile is vulnerable to a command injection attack. An authenticated attacker could run arbitrary shell commands on the WebUI server.\n8.8https://nvd.nist.gov/vuln/detail/CVE-2023-28012
CVE-2023-37450The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, Safari 16.5.2, tvOS 16.6, macOS Ventura 13.5, watchOS 9.6. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-37450
CVE-2023-38594The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-38594
CVE-2023-38597The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5, Safari 16.6. Processing web content may lead to arbitrary code execution.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-38597
CVE-2023-38595The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-38595
CVE-2023-38600The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-38600
CVE-2023-38611The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may lead to arbitrary code execution.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-38611
CVE-2023-38512Cross-Site Request Forgery (CSRF) vulnerability in Wpstream WpStream – Live Streaming, Video on Demand, Pay Per View plugin <= 4.5.4 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-38512
CVE-2023-38488Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affects all Kirby sites that might have potential attackers in the group of authenticated Panel users or that allow external visitors to update a Kirby content file (e.g. via a contact or comment form). Kirby sites are *not* affected if they don't allow write access for untrusted users or visitors.\n\nA field injection in a content storage implementation is a type of vulnerability that allows attackers with content write access to overwrite content fields that the site developer didn't intend to be modified. In a Kirby site this can be used to alter site content, break site behavior or inject malicious data or code. The exact security risk depends on the field type and usage.\n\nKirby stores content of the site, of pages, files and users in text files by default. The text files use Kirby's KirbyData format where each field is separated by newlines and a line with four dashes (`----`). When reading a KirbyData file, the affected code first removed the Unicode BOM sequence from the file contents and afterwards split the content into fields by the field separator.\n\nWhen writing to a KirbyData file, field separators in field data are escaped to prevent user input from interfering with the field structure. However this escaping could be tricked by including a Unicode BOM sequence in a field separator (e.g. `--\\xEF\\xBB\\xBF--`). When writing, this was not detected as a separator, but because the BOM was removed during reading, it could be abused by attackers to inject other field data into content files.\n\nBecause each field can only be defined once per content file, this vulnerability only affects fields in the content file that were defined above the vulnerable user-writable field or not at all. Fields that are defined below the vulnerable field override the injected field content and were therefore already protected.\n\nThe problem has been patched in Kirby 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6. In all of the mentioned releases, the maintainers have fixed the affected code to only remove the Unicode BOM sequence at the beginning of the file. This fixes this vulnerability both for newly written as well as for existing content files.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-38488
CVE-2023-38590A buffer overflow issue was addressed with improved memory handling. This issue is fixed in watchOS 9.6, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A remote user may be able to cause unexpected system termination or corrupt kernel memory.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-38590
CVE-2023-38592A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16.6 and iPadOS 16.6, watchOS 9.6, tvOS 16.6, macOS Ventura 13.5. Processing web content may lead to arbitrary code execution.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-38592
CVE-2023-3598Out of bounds read and write in ANGLE in Google Chrome prior to 114.0.5735.90 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-3598
CVE-2021-4317Use after free in ANGLE in Google Chrome prior to 96.0.4664.93 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2021-4317
CVE-2021-4318Object corruption in Blink in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2021-4318
CVE-2021-4319Use after free in Blink in Google Chrome prior to 93.0.4577.82 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2021-4319
CVE-2021-4320Use after free in Blink in Google Chrome prior to 92.0.4515.107 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2021-4320
CVE-2021-4322Use after free in DevTools in Google Chrome prior to 91.0.4472.77 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Chromium security severity: Medium)8.8https://nvd.nist.gov/vuln/detail/CVE-2021-4322
CVE-2022-4906Inappropriate implementation in Blink in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2022-4906
CVE-2022-4907Uninitialized Use in FFmpeg in Google Chrome prior to 108.0.5359.71 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)8.8https://nvd.nist.gov/vuln/detail/CVE-2022-4907
CVE-2022-4912Type Confusion in MathML in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2022-4912
CVE-2022-4914Heap buffer overflow in PrintPreview in Google Chrome prior to 104.0.5112.79 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)8.8https://nvd.nist.gov/vuln/detail/CVE-2022-4914
CVE-2022-4916Use after free in Media in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2022-4916
CVE-2022-4918Use after free in UI in Google Chrome prior to 102.0.5005.61 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Medium)8.8https://nvd.nist.gov/vuln/detail/CVE-2022-4918
CVE-2022-4919Use after free in Base Internals in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2022-4919
CVE-2022-4921Use after free in Accessibility in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Low)8.8https://nvd.nist.gov/vuln/detail/CVE-2022-4921
CVE-2023-2313Inappropriate implementation in Sandbox in Google Chrome on Windows prior to 112.0.5615.49 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a malicious file. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-2313
CVE-2023-36542Apache NiFi 0.0.2 through 1.22.0 include Processors and Controller Services that support HTTP URL references for retrieving drivers, which allows an authenticated and authorized user to configure a location that enables custom code execution. The resolution introduces a new Required Permission for referencing remote resources, restricting configuration of these components to privileged users. The permission prevents unprivileged users from configuring Processors and Controller Services annotated with the new Reference Remote Resources restriction. Upgrading to Apache NiFi 1.23.0 is the recommended mitigation.\n8.8https://nvd.nist.gov/vuln/detail/CVE-2023-36542
CVE-2023-35019IBM Security Verify Governance, Identity Manager 10.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 257873.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-35019
CVE-2023-33534A Cross-Site Request Forgery (CSRF) in Guanzhou Tozed Kangwei Intelligent Technology ZLTS10G software version S10G_3.11.6 allows attackers to takeover user accounts via sending a crafted POST request to /goform/goform_set_cmd_process.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-33534
CVE-2023-3983An authenticated SQL injection vulnerability exists in Advantech iView versions prior to v5.7.4 build 6752. An authenticated remote attacker can bypass checks in com.imc.iview.utils.CUtils.checkSQLInjection() to perform blind SQL injection.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-3983
CVE-2023-37772Online Shopping Portal Project v3.1 was discovered to contain a SQL injection vulnerability via the Email parameter at /shopping/login.php.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-37772
CVE-2022-39987A Command injection vulnerability in RaspAP 2.8.0 thru 2.9.2 allows an authenticated attacker to execute arbitrary OS commands as root via the "entity" POST parameters in /ajax/networking/get_wgkey.php.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-39987
CVE-2023-39108rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_b parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-39108
CVE-2023-39109rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path_a parameter in the doDiff Function of /classes/compareClass.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-39109
CVE-2023-39110rconfig v3.9.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the path parameter at /ajaxGetFileByPath.php. This vulnerability allows authenticated attackers to make arbitrary requests via injection of crafted URLs.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-39110
CVE-2023-4047A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-4047
CVE-2023-34552In certain EZVIZ products, two stack based buffer overflows in mulicast_parse_sadp_packet and mulicast_get_pack_type functions of the SADP multicast protocol can allow an unauthenticated attacker present on the same local network as the camera to achieve remote code execution. This affects CS-C6N-B0-1G2WF Firmware versions before V5.3.0 build 230215 and CS-C6N-R101-1G2WF Firmware versions before V5.3.0 build 230215 and CS-CV310-A0-1B2WFR Firmware versions before V5.3.0 build 230221 and CS-CV310-A0-1C2WFR-C Firmware versions before V5.3.2 build 230221 and CS-C6N-A0-1C2WFR-MUL Firmware versions before V5.3.2 build 230218 and CS-CV310-A0-3C2WFRL-1080p Firmware versions before V5.2.7 build 230302 and CS-CV310-A0-1C2WFR Wifi IP66 2.8mm 1080p Firmware versions before V5.3.2 build 230214 and CS-CV248-A0-32WMFR Firmware versions before V5.2.3 build 230217 and EZVIZ LC1C Firmware versions before V5.3.4 build 230214.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-34552
CVE-2023-3718\nAn authenticated command injection vulnerability exists in the AOS-CX command line interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands on the underlying operating system as a privileged user on the affected switch. This allows an attacker to fully compromise the underlying operating system on the device running AOS-CX.\n\n\n\n8.8https://nvd.nist.gov/vuln/detail/CVE-2023-3718
CVE-2023-33563In PHP Jabbers Time Slots Booking Calendar 3.3 , lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-33563
CVE-2023-3494The fwctl driver implements a state machine which is executed when a bhyve guest accesses certain x86 I/O ports. The interface lets the guest copy a string into a buffer resident in the bhyve process' memory. A bug in the state machine implementation can result in a buffer overflowing when copying this string. Malicious, privileged software running in a guest VM can exploit the buffer overflow to achieve code execution on the host in the bhyve userspace process, which typically runs as root, mitigated by the capabilities assigned through the Capsicum sandbox available to the bhyve process.\n\n\n8.8https://nvd.nist.gov/vuln/detail/CVE-2023-3494
CVE-2023-3727Use after free in WebRTC in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-3727
CVE-2023-3728Use after free in WebRTC in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-3728
CVE-2023-3729Use after free in Splitscreen in Google Chrome on ChromeOS prior to 115.0.5790.131 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via crafted UI interactions. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-3729
CVE-2023-3730Use after free in Tab Groups in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-3730
CVE-2023-3731Use after free in Diagnostics in Google Chrome on ChromeOS prior to 115.0.5790.131 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-3731
CVE-2023-3732Out of bounds memory access in Mojo in Google Chrome prior to 115.0.5790.98 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-3732
CVE-2023-4069Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-4069
CVE-2023-4071Heap buffer overflow in Visuals in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-4071
CVE-2023-4072Out of bounds read and write in WebGL in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-4072
CVE-2023-4073Out of bounds memory access in ANGLE in Google Chrome on Mac prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-4073
CVE-2023-4074Use after free in Blink Task Scheduling in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-4074
CVE-2023-4075Use after free in Cast in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-4075
CVE-2023-4076Use after free in WebRTC in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to potentially exploit heap corruption via a crafted WebRTC session. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-4076
CVE-2023-4077Insufficient data validation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: Medium)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-4077
CVE-2023-4078Inappropriate implementation in Extensions in Google Chrome prior to 115.0.5790.170 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: Medium)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-4078
CVE-2023-36212File Upload vulnerability in Total CMS v.1.7.4 allows a remote attacker to execute arbitrary code via a crafted PHP file to the edit page function.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-36212
CVE-2023-36255An issue in Eramba Limited Eramba Enterprise v.3.19.1 allows a remote attacker to execute arbitrary code via the path parameter in the URL.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-36255
CVE-2023-4125Weak Password Requirements in GitHub repository answerdev/answer prior to v1.1.0.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-4125
CVE-2023-4126Insufficient Session Expiration in GitHub repository answerdev/answer prior to v1.1.0.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-4126
CVE-2023-21407\nA broken access control was found allowing for privileged escalation of the operator account to gain\nadministrator privileges.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-21407
CVE-2023-21410\nUser provided input is not sanitized on the AXIS License Plate Verifier specific “api.cgi” allowing for\narbitrary code execution.\n\n8.8https://nvd.nist.gov/vuln/detail/CVE-2023-21410
CVE-2023-21411\nUser provided input is not sanitized in the “Settings > Access Control” configuration interface allowing for\narbitrary code execution.\n\n8.8https://nvd.nist.gov/vuln/detail/CVE-2023-21411
CVE-2023-21412\nUser provided input is not sanitized on the AXIS License Plate Verifier specific “search.cgi” allowing for\nSQL injections.\n\n8.8https://nvd.nist.gov/vuln/detail/CVE-2023-21412
CVE-2023-3663In CODESYS Development System versions from 3.5.11.20 and before 3.5.19.20 a missing integrity check might allow an unauthenticated remote attacker to manipulate the content of notifications received via HTTP by the CODESYS notification server.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-3663
CVE-2022-4046In CODESYS Control in multiple versions a improper restriction of operations within the bounds of a memory buffer allow an remote attacker with user privileges to gain full access of the device.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-4046
CVE-2023-36298DedeCMS v5.7.109 has a File Upload vulnerability, leading to remote code execution (RCE).8.8https://nvd.nist.gov/vuln/detail/CVE-2023-36298
CVE-2023-36299A File Upload vulnerability in typecho v.1.2.1 allows a remote attacker to execute arbitrary code via the upload and options-general parameters in index.php.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-36299
CVE-2023-33364An OS Command injection vulnerability exists in Suprema BioStar 2 before V2.9.1, which allows authenticated users to execute arbitrary OS commands on the BioStar 2 server.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-33364
CVE-2023-37497The Unica application exposes an API which accepts arbitrary XML input. By manipulating the given XML, an authenticated attacker with certain rights can successfully perform XML External Entity attacks (XXE) against the backend service.\n8.8https://nvd.nist.gov/vuln/detail/CVE-2023-37497
CVE-2023-37498A user is capable of assigning him/herself to arbitrary groups by reusing a POST request issued by an administrator.  It is possible that an attacker could potentially escalate their privileges.\n8.8https://nvd.nist.gov/vuln/detail/CVE-2023-37498
CVE-2023-4140The WP Ultimate CSV Importer plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 7.9.8 due to insufficient restriction on the 'get_header_values' function. This makes it possible for authenticated attackers, with minimal permissions such as an author, if the administrator previously grants access in the plugin settings, to modify their user role by supplying the 'wp_capabilities->cus1' parameter.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-4140
CVE-2023-4141The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '->cus2' parameter. This allows authenticated attackers with author-level permissions or above, if the administrator previously grants access in the plugin settings, to create a PHP file and execute code on the server. The author resolved this vulnerability by removing the ability for authors and editors to import files, please note that this means php file creation is still allowed for site administrators, use the plugin with caution.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-4141
CVE-2023-4142The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 7.9.8 via the '->cus1' parameter. This allows authenticated attackers with author-level permissions or above, if the administrator previously grants access in the plugin settings, to execute code on the server. The author resolved this vulnerability by removing the ability for authors and editors to import files, please note that this means remote code execution is still possible for site administrators, use the plugin with caution.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-4142
CVE-2023-29328Microsoft Teams Remote Code Execution Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2023-29328
CVE-2023-29330Microsoft Teams Remote Code Execution Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2023-29330
CVE-2023-35368Microsoft Exchange Remote Code Execution Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2023-35368
CVE-2023-35381Windows Fax Service Remote Code Execution Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2023-35381
CVE-2023-35387Windows Bluetooth A2DP driver Elevation of Privilege Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2023-35387
CVE-2023-36882Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2023-36882
CVE-2023-38169Microsoft OLE DB Remote Code Execution Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2023-38169
CVE-2023-38181Microsoft Exchange Server Spoofing Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2023-38181
CVE-2023-38185Microsoft Exchange Server Remote Code Execution Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2023-38185
CVE-2023-32437The issue was addressed with improvements to the file handling protocol. This issue is fixed in iOS 16.6 and iPadOS 16.6. An app may be able to break out of its sandbox.8.6https://nvd.nist.gov/vuln/detail/CVE-2023-32437
CVE-2022-2732Missing Authorization in GitHub repository openemr/openemr prior to 7.0.0.1.\n\n8.3https://nvd.nist.gov/vuln/detail/CVE-2022-2732
CVE-2023-34196In the Keyfactor EJBCA before 8.0.0, the RA web certificate distribution servlet /ejbca/ra/cert allows partial denial of service due to an authentication issue. In configurations using OAuth, disclosure of CA certificates (attributes and public keys) to unauthenticated or less privileged users may occur.8.2https://nvd.nist.gov/vuln/detail/CVE-2023-34196
CVE-2020-15795A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions < V5.2), Nucleus Source Code (Versions including affected DNS modules), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). The DNS domain name label parsing functionality does not properly validate the names in DNS-responses. The parsing of malformed responses could result in a write past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to execute code in the context of the current process or cause a denial-of-service condition.8.1https://nvd.nist.gov/vuln/detail/CVE-2020-15795
CVE-2020-27009A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions < V5.2), Nucleus Source Code (Versions including affected DNS modules), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). The DNS domain name record decompression functionality does not properly validate the pointer offset values. The parsing of malformed responses could result in a write past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to execute code in the context of the current process or cause a denial-of-service condition.8.1https://nvd.nist.gov/vuln/detail/CVE-2020-27009
CVE-2021-38575NetworkPkg/IScsiDxe has remotely exploitable buffer overflows.8.1https://nvd.nist.gov/vuln/detail/CVE-2021-38575
CVE-2022-0229The miniOrange's Google Authenticator WordPress plugin before 5.5 does not have proper authorisation and CSRF checks when handling the reconfigureMethod, and does not validate the parameters passed to it properly. As a result, unauthenticated users could delete arbitrary options from the blog, making it unusable.8.1https://nvd.nist.gov/vuln/detail/CVE-2022-0229
CVE-2023-28288Microsoft SharePoint Server Spoofing Vulnerability8.1https://nvd.nist.gov/vuln/detail/CVE-2023-28288
CVE-2023-31484CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.8.1https://nvd.nist.gov/vuln/detail/CVE-2023-31484
CVE-2023-2885Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability in CBOT Chatbot allows Adversary in the Middle (AiTM).This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.\n\n8.1https://nvd.nist.gov/vuln/detail/CVE-2023-2885
CVE-2023-35947Gradle is a build tool with a focus on build automation and support for multi-language development. In affected versions when unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. This could lead to important files being overwritten anywhere the Gradle process has write permissions. For a build reading Tar entries from a Tar archive, this issue could allow Gradle to disclose information from sensitive files through an arbitrary file read. To exploit this behavior, an attacker needs to either control the source of an archive already used by the build or modify the build to interact with a malicious archive. It is unlikely that this would go unnoticed. A fix has been released in Gradle 7.6.2 and 8.2 to protect against this vulnerability. Starting from these versions, Gradle will refuse to handle Tar archives which contain path traversal elements in a Tar entry name. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n\n\n\n### Impact\n\nThis is a path traversal vulnerability when Gradle deals with Tar archives, often referenced as TarSlip, a variant of ZipSlip.\n\n* When unpacking Tar archives, Gradle did not check that files could be written outside of the unpack location. This could lead to important files being overwritten anywhere the Gradle process has write permissions.\n* For a build reading Tar entries from a Tar archive, this issue could allow Gradle to disclose information from sensitive files through an arbitrary file read.\n\nTo exploit this behavior, an attacker needs to either control the source of an archive already used by the build or modify the build to interact with a malicious archive. It is unlikely that this would go unnoticed.\n\nGradle uses Tar archives for its [Build Cache](https://docs.gradle.org/current/userguide/build_cache.html). These archives are safe when created by Gradle. But if an attacker had control of a remote build cache server, they could inject malicious build cache entries that leverage this vulnerability. This attack vector could also be exploited if a man-in-the-middle can be performed between the remote cache and the build.\n\n### Patches\n\nA fix has been released in Gradle 7.6.2 and 8.2 to protect against this vulnerability. Starting from these versions, Gradle will refuse to handle Tar archives which contain path traversal elements in a Tar entry name.\n\nIt is recommended that users upgrade to a patched version.\n\n### Workarounds\n\nThere is no workaround.\n\n* If your build deals with Tar archives that you do not fully trust, you need to inspect them to confirm they do not attempt to leverage this vulnerability.\n* If you use the Gradle remote build cache, make sure only trusted parties have write access to it and that connections to the remote cache are properly secured.\n\n### References\n\n* [CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')](https://cwe.mitre.org/data/definitions/22.html)\n* [Gradle Build Cache](https://docs.gradle.org/current/userguide/build_cache.html)\n* [ZipSlip](https://security.snyk.io/research/zip-slip-vulnerability)\n8.1https://nvd.nist.gov/vuln/detail/CVE-2023-35947
CVE-2023-24019A stack-based buffer overflow vulnerability exists in the urvpn_client http_connection_readcb functionality of Milesight UR32L v32.3.0.5. A specially crafted network packet can lead to a buffer overflow. An attacker can send a malicious packet to trigger this vulnerability.8.1https://nvd.nist.gov/vuln/detail/CVE-2023-24019
CVE-2023-32257A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_SESSION_SETUP and SMB2_LOGOFF commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel.8.1https://nvd.nist.gov/vuln/detail/CVE-2023-32257
CVE-2023-32258A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_LOGOFF and SMB2_CLOSE commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel.8.1https://nvd.nist.gov/vuln/detail/CVE-2023-32258
CVE-2023-32443An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. Processing a file may lead to a denial-of-service or potentially disclose memory contents.8.1https://nvd.nist.gov/vuln/detail/CVE-2023-32443
CVE-2023-38510Tolgee is an open-source localization platform. Starting in version 3.14.0 and prior to version 3.23.1, when a request is made using an API key, the backend fails to verify the permission scopes associated with the key, effectively bypassing permission checks entirely for some endpoints. It's important to note that this vulnerability only affects projects that have inadvertently exposed their API keys on the internet. Projects that have kept their API keys secure are not impacted. This issue is fixed in version 3.23.1.8.1https://nvd.nist.gov/vuln/detail/CVE-2023-38510
CVE-2023-32302Silverstripe Framework is the MVC framework that powers Silverstripe CMS. When a new member record is created and a password is not set, an empty encrypted password is generated. As a result, if someone is aware of the existence of a member record associated with a specific email address, they can potentially attempt to log in using that empty password. Although the default member authenticator and login form require a non-empty password, alternative authentication methods might still permit a successful login with the empty password. This issue has been patched in versions 4.13.4 and 5.0.13.\n\n\n8.1https://nvd.nist.gov/vuln/detail/CVE-2023-32302
CVE-2023-4068Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)8.1https://nvd.nist.gov/vuln/detail/CVE-2023-4068
CVE-2023-4070Type Confusion in V8 in Google Chrome prior to 115.0.5790.170 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High)8.1https://nvd.nist.gov/vuln/detail/CVE-2023-4070
CVE-2023-36897Visual Studio Tools for Office Runtime Spoofing Vulnerability8.1https://nvd.nist.gov/vuln/detail/CVE-2023-36897
CVE-2022-0121Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hoppscotch hoppscotch/hoppscotch.This issue affects hoppscotch/hoppscotch before 2.1.1.\n\n8https://nvd.nist.gov/vuln/detail/CVE-2022-0121
CVE-2023-34551In certain EZVIZ products, two stack buffer overflows in netClientSetWlanCfg function of the EZVIZ SDK command server can allow an authenticated attacker present on the same local network as the camera to achieve remote code execution. This affects CS-C6N-B0-1G2WF Firmware versions before V5.3.0 build 230215 and CS-C6N-R101-1G2WF Firmware versions before V5.3.0 build 230215 and CS-CV310-A0-1B2WFR Firmware versions before V5.3.0 build 230221 and CS-CV310-A0-1C2WFR-C Firmware versions before V5.3.2 build 230221 and CS-C6N-A0-1C2WFR-MUL Firmware versions before V5.3.2 build 230218 and CS-CV310-A0-3C2WFRL-1080p Firmware versions before V5.2.7 build 230302 and CS-CV310-A0-1C2WFR Wifi IP66 2.8mm 1080p Firmware versions before V5.3.2 build 230214 and CS-CV248-A0-32WMFR Firmware versions before V5.2.3 build 230217 and EZVIZ LC1C Firmware versions before V5.3.4 build 230214. The impact is: execute arbitrary code (remote).8https://nvd.nist.gov/vuln/detail/CVE-2023-34551
CVE-2023-35388Microsoft Exchange Server Remote Code Execution Vulnerability8https://nvd.nist.gov/vuln/detail/CVE-2023-35388
CVE-2023-36891Microsoft SharePoint Server Spoofing Vulnerability8https://nvd.nist.gov/vuln/detail/CVE-2023-36891
CVE-2023-36892Microsoft SharePoint Server Spoofing Vulnerability8https://nvd.nist.gov/vuln/detail/CVE-2023-36892
CVE-2023-38182Microsoft Exchange Server Remote Code Execution Vulnerability8https://nvd.nist.gov/vuln/detail/CVE-2023-38182
CVE-2021-28465Web Media Extensions Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-28465
CVE-2021-31165Windows Container Manager Service Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31165
CVE-2021-31167Windows Container Manager Service Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31167
CVE-2021-31168Windows Container Manager Service Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31168
CVE-2021-31169Windows Container Manager Service Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31169
CVE-2021-31170Windows Graphics Component Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31170
CVE-2021-31175Microsoft Office Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31175
CVE-2021-31176Microsoft Office Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31176
CVE-2021-31179Microsoft Office Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31179
CVE-2021-31187Windows WalletService Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31187
CVE-2021-31188Windows Graphics Component Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31188
CVE-2021-31190Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31190
CVE-2021-31193Windows SSDP Service Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31193
CVE-2021-31198Microsoft Exchange Server Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31198
CVE-2021-31208Windows Container Manager Service Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31208
CVE-2021-31211Visual Studio Code Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31211
CVE-2021-31213Visual Studio Code Remote Containers Extension Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31213
CVE-2021-31214Visual Studio Code Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31214
CVE-2022-1316Incorrect Permission Assignment for Critical Resource in GitHub repository zerotier/zerotierone prior to 1.8.8. Local Privilege Escalation\n\n7.8https://nvd.nist.gov/vuln/detail/CVE-2022-1316
CVE-2022-24767GitHub: Git for Windows' uninstaller vulnerable to DLL hijacking when run under the SYSTEM user account.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24767
CVE-2022-2054Code Injection in GitHub repository nuitka/nuitka prior to 0.9.\n\n7.8https://nvd.nist.gov/vuln/detail/CVE-2022-2054
CVE-2021-39820Adobe InDesign versions 16.3 (and earlier), and 16.3.1 (and earlier) is affected by an Out-of-bounds Write vulnerability due to insecure handling of a malicious TIFF file, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-39820
CVE-2022-47506SolarWinds Platform was susceptible to the Directory Traversal Vulnerability. This vulnerability allows a local adversary with authenticated account access to edit the default configuration, enabling the execution of arbitrary commands.\n\n7.8https://nvd.nist.gov/vuln/detail/CVE-2022-47506
CVE-2023-1393A flaw was found in X.Org Server Overlay Window. A Use-After-Free may lead to local privilege escalation. If a client explicitly destroys the compositor overlay window (aka COW), the Xserver would leave a dangling pointer to that window in the CompScreen structure, which will trigger a use-after-free later.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-1393
CVE-2023-1579Heap based buffer overflow in binutils-gdb/bfd/libbfd.c in bfd_getl64.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-1579
CVE-2022-47505The SolarWinds Platform was susceptible to the Local Privilege Escalation Vulnerability. This vulnerability allows a local adversary with a valid system user account to escalate local privileges.\n\n7.8https://nvd.nist.gov/vuln/detail/CVE-2022-47505
CVE-2023-23540The issue was addressed with improved memory handling. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.4, iOS 16.4 and iPadOS 16.4, macOS Big Sur 11.7.5. An app may be able to execute arbitrary code with kernel privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-23540
CVE-2023-27385Heap-based buffer overflow vulnerability exists in CX-Drive All models all versions. By having a user open a specially crafted SDD file, arbitrary code may be executed and/or information may be disclosed.\r\n7.8https://nvd.nist.gov/vuln/detail/CVE-2023-27385
CVE-2023-29344Microsoft Office Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-29344
CVE-2023-33865RenderDoc before 1.27 allows local privilege escalation via a symlink attack. It relies on the /tmp/RenderDoc directory regardless of ownership.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-33865
CVE-2023-29403On Unix platforms, the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases, such as when dumping memory state, or assuming the status of standard i/o file descriptors. If a setuid/setgid binary is executed with standard I/O file descriptors closed, opening any files can result in unexpected content being read or written with elevated privileges. Similarly, if a setuid/setgid program is terminated, either via panic or signal, it may leak the contents of its registers.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-29403
CVE-2023-36664Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).7.8https://nvd.nist.gov/vuln/detail/CVE-2023-36664
CVE-2023-3390A use-after-free vulnerability was found in the Linux kernel's netfilter subsystem in net/netfilter/nf_tables_api.c.\n\nMishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue.\n\nWe recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-3390
CVE-2023-33298com.perimeter81.osx.HelperTool in Perimeter81 10.0.0.19 on macOS allows Local Privilege Escalation (to root) via shell metacharacters in usingCAPath.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-33298
CVE-2023-36183Buffer Overflow vulnerability in OpenImageIO v.2.4.12.0 and before allows a remote to execute arbitrary code and obtain sensitive information via a crafted file to the readimg function.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-36183
CVE-2023-27390A heap-based buffer overflow vulnerability exists in the Sequence::DrawText functionality of Diagon v1.0.139. A specially crafted markdown file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-27390
CVE-2023-31194An improper array index validation vulnerability exists in the GraphPlanar::Write functionality of Diagon v1.0.139. A specially crafted markdown file can lead to memory corruption. A victim would need to open a malicious file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-31194
CVE-2023-31248Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace7.8https://nvd.nist.gov/vuln/detail/CVE-2023-31248
CVE-2023-35001Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace7.8https://nvd.nist.gov/vuln/detail/CVE-2023-35001
CVE-2022-33065Multiple signed integers overflow in function au_read_header in src/au.c and in functions mat4_open and mat4_read_header in src/mat4.c in Libsndfile, allows an attacker to cause Denial of Service or other unspecified impacts.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-33065
CVE-2023-3610A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.\n\nFlaw in the error handling of bound chains causes a use-after-free in the abort path of NFT_MSG_NEWRULE. The vulnerability requires CAP_NET_ADMIN to be triggered.\n\nWe recommend upgrading past commit 4bedf9eee016286c835e3d8fa981ddece5338795.\n\n7.8https://nvd.nist.gov/vuln/detail/CVE-2023-3610
CVE-2023-3640A possible unauthorized memory access flaw was found in the Linux kernel's cpu_entry_area mapping of X86 CPU data to memory, where a user may guess the location of exception stacks or other important data. Based on the previous CVE-2023-0597, the 'Randomize per-cpu entry area' feature was implemented in /arch/x86/mm/cpu_entry_area.c, which works through the init_cea_offsets() function when KASLR is enabled. However, despite this feature, there is still a risk of per-cpu entry area leaks. This issue could allow a local user to gain access to some important data with memory in an expected location and potentially escalate their privileges on the system.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-3640
CVE-2023-3812An out-of-bounds memory access flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-3812
CVE-2023-37907Cryptomator is data encryption software for users who store their files in the cloud. Prior to version 1.9.2, the MSI installer provided on the homepage allows local privilege escalation (LPE) for low privileged users, if already installed. The problem occurs as the repair function of the MSI spawns two administrative CMDs. A simple LPE is possible via a breakout. Version 1.9.2 fixes this issue.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-37907
CVE-2023-2640On Ubuntu kernels carrying both c914c0e27eb0 and "UBUNTU: SAUCE: overlayfs: Skip permission checking for trusted.overlayfs.* xattrs", an unprivileged user may set privileged extended attributes on the mounted files, leading them to be set on the upper files without the appropriate security checks.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-2640
CVE-2023-32629Local privilege escalation vulnerability in Ubuntu Kernels overlayfs ovl_copy_up_meta_inode_data skip permission checks when calling ovl_do_setxattr on Ubuntu kernels7.8https://nvd.nist.gov/vuln/detail/CVE-2023-32629
CVE-2023-39261In JetBrains IntelliJ IDEA before 2023.2 plugin for Space was requesting excessive permissions7.8https://nvd.nist.gov/vuln/detail/CVE-2023-39261
CVE-2023-26911ASUS SetupAsusServices v1.0.5.1 in Asus Armoury Crate v5.3.4.0 contains an unquoted service path vulnerability which allows local users to launch processes with elevated privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-26911
CVE-2023-30577AMANDA (Advanced Maryland Automatic Network Disk Archiver) before tag-community-3.5.4 mishandles argument checking for runtar.c, a different vulnerability than CVE-2022-37705.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-30577
CVE-2023-32381A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.6.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-32381
CVE-2023-32433A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-32433
CVE-2023-36854The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. Processing a file may lead to unexpected app termination or arbitrary code execution.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-36854
CVE-2023-32734The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-32734
CVE-2023-35993A use-after-free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.6.8, iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-35993
CVE-2023-38136The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-38136
CVE-2023-38261The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-38261
CVE-2023-38424The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-38424
CVE-2023-38565A path handling issue was addressed with improved validation. This issue is fixed in macOS Monterey 12.6.8, iOS 16.6 and iPadOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to gain root privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-38565
CVE-2023-38580The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5, watchOS 9.6. An app may be able to execute arbitrary code with kernel privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-38580
CVE-2023-32450\nDell Power Manager, Versions 3.3 to 3.14 contains an Improper Access Control vulnerability. A low-privileged malicious user may potentially exploit this vulnerability to perform arbitrary code execution with limited access.\n\n7.8https://nvd.nist.gov/vuln/detail/CVE-2023-32450
CVE-2022-43701When the installation directory does not have sufficiently restrictive file permissions, an attacker can modify files in the installation directory to cause execution of malicious code.\n\n7.8https://nvd.nist.gov/vuln/detail/CVE-2022-43701
CVE-2022-43702When the directory containing the installer does not have sufficiently restrictive file permissions, an attacker can modify (or replace) the installer to execute malicious code.\n\n7.8https://nvd.nist.gov/vuln/detail/CVE-2022-43702
CVE-2022-43703An installer that loads or executes files using an unconstrained search path may be vulnerable to substitute files under control of an attacker being loaded or executed instead of the intended files.\n\n7.8https://nvd.nist.gov/vuln/detail/CVE-2022-43703
CVE-2023-37219Tadiran Telecom Composit - CWE-1236: Improper Neutralization of Formula Elements in a CSV File7.8https://nvd.nist.gov/vuln/detail/CVE-2023-37219
CVE-2022-43831IBM Storage Scale Container Native Storage Access 5.1.2.1 through 5.1.6.1 could allow a local user to obtain escalated privileges on a host without proper security context settings configured. IBM X-Force ID: 238941.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-43831
CVE-2021-31680Deserialization of Untrusted Data vulnerability in yolo 5 allows attackers to execute arbitrary code via crafted yaml file.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31680
CVE-2021-31681Deserialization of Untrusted Data vulnerability in yolo 3 allows attackers to execute arbitrary code via crafted yaml file.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31681
CVE-2023-3997Splunk SOAR versions 6.0.2 and earlier are indirectly affected by a potential vulnerability accessed through the user’s terminal. A third party can send Splunk SOAR a maliciously crafted web request containing special ANSI characters to cause log file poisoning. When a terminal user attempts to view the poisoned logs, this can tamper with the terminal and cause possible malicious code execution from the terminal user’s action.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-3997
CVE-2023-4004A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-4004
CVE-2023-4033OS Command Injection in GitHub repository mlflow/mlflow prior to 2.6.0.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-4033
CVE-2020-10962In PowerShell App Deployment Toolkit (aka PSAppDeployToolkit) through 3.8.0, an incorrect access control vulnerability in the default configuration may allow an authenticated user to potentially enable escalation of privilege via local access.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-10962
CVE-2023-39147An arbitrary file upload vulnerability in Uvdesk 1.1.3 allows attackers to execute arbitrary code via uploading a crafted image file.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-39147
CVE-2023-31425\nA vulnerability in the fosexec command of Brocade Fabric OS after Brocade Fabric OS v9.1.0 and, before Brocade Fabric OS v9.1.1 could allow a local authenticated user to perform privilege escalation to root by breaking the rbash shell. Starting with Fabric OS v9.1.0, “root” account access is disabled.\n\n7.8https://nvd.nist.gov/vuln/detail/CVE-2023-31425
CVE-2023-31427\n\n\nBrocade Fabric OS versions before Brocade Fabric OS v9.1.1c, and v9.2.0 Could allow an authenticated, local user with knowledge of full path names inside Brocade Fabric OS to execute any command regardless of assigned privilege. Starting with Fabric OS v9.1.0, “root” account access is disabled.\n\n\n\n\n\n\n7.8https://nvd.nist.gov/vuln/detail/CVE-2023-31427
CVE-2023-36351An issue in Viatom Health ViHealth for Android v.2.74.58 and before allows a remote attacker to execute arbitrary code via the com.viatom.baselib.mvvm.webWebViewActivity component.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-36351
CVE-2023-31432Through manipulation of passwords or other variables, using commands such as portcfgupload, configupload, license, myid, a non-privileged user could obtain root privileges in Brocade Fabric OS versions before Brocade Fabric OS v9.1.1c and v9.2.0.\n\n\n7.8https://nvd.nist.gov/vuln/detail/CVE-2023-31432
CVE-2023-26439The cacheservice API could be abused to inject parameters with SQL syntax which was insufficiently sanitized before getting executed as SQL statement. Attackers with access to a local or restricted network were able to perform arbitrary SQL queries, discovering other users cached data. We have improved the input check for API calls and filter for potentially malicious content. No publicly available exploits are known.\n\n7.8https://nvd.nist.gov/vuln/detail/CVE-2023-26439
CVE-2023-26440The cacheservice API could be abused to indirectly inject parameters with SQL syntax which was insufficiently sanitized and would later be executed when creating new cache groups. Attackers with access to a local or restricted network could perform arbitrary SQL queries. We have improved the input check for API calls and filter for potentially malicious content. No publicly available exploits are known.\n\n7.8https://nvd.nist.gov/vuln/detail/CVE-2023-26440
CVE-2023-38418\nThe BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-38418
CVE-2023-38746Out-of-bounds read vulnerability/issue exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-38746
CVE-2023-38747Heap-based buffer overflow vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-38747
CVE-2023-38748Use after free vulnerability exists in CX-Programmer Included in CX-One CXONE-AL[][]D-V4 V9.80 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-38748
CVE-2023-22314Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22277 and CVE-2023-22317.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-22314
CVE-2023-22317Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22277 and CVE-2023-22314.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-22317
CVE-2023-22277Use after free vulnerability exists in CX-Programmer Ver.9.79 and earlier. By having a user open a specially crafted CXP file, information disclosure and/or arbitrary code execution may occur. This vulnerability is different from CVE-2023-22317 and CVE-2023-22314.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-22277
CVE-2023-32764Fabasoft Cloud Enterprise Client 23.3.0.130 allows a user to escalate their privileges to local administrator.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-32764
CVE-2023-35359Windows Kernel Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-35359
CVE-2023-35371Microsoft Office Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-35371
CVE-2023-35372Microsoft Office Visio Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-35372
CVE-2023-35379Reliability Analysis Metrics Calculation Engine (RACEng) Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-35379
CVE-2023-35380Windows Kernel Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-35380
CVE-2023-35382Windows Kernel Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-35382
CVE-2023-35386Windows Kernel Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-35386
CVE-2023-35390.NET and Visual Studio Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-35390
CVE-2023-36865Microsoft Office Visio Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-36865
CVE-2023-36866Microsoft Office Visio Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-36866
CVE-2023-36895Microsoft Outlook Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-36895
CVE-2023-36896Microsoft Excel Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-36896
CVE-2023-36898Tablet Windows User Interface Application Core Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-36898
CVE-2023-36900Windows Common Log File System Driver Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-36900
CVE-2023-36903Windows System Assessment Tool Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-36903
CVE-2023-36904Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-36904
CVE-2023-38154Windows Kernel Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-38154
CVE-2023-38170HEVC Video Extensions Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-38170
CVE-2023-38175Microsoft Windows Defender Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-38175
CVE-2023-38186Windows Mobile Device Management Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-38186
CVE-2021-28478Microsoft SharePoint Server Spoofing Vulnerability7.6https://nvd.nist.gov/vuln/detail/CVE-2021-28478
CVE-2017-16516In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajl_string_decode function in yajl_encode.c. This results in the whole ruby process terminating and potentially a denial of service.7.5https://nvd.nist.gov/vuln/detail/CVE-2017-16516
CVE-2020-11732The Media Library Assistant plugin before 2.82 for Wordpress suffers from a Local File Inclusion vulnerability in mla_gallery link=download.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-11732
CVE-2021-26419Scripting Engine Memory Corruption Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2021-26419
CVE-2022-21669PuddingBot is a group management bot. In version 0.0.6-b933652 and prior, the bot token is publicly exposed in main.py, making it accessible to malicious actors. The bot token has been revoked and new version is already running on the server. As of time of publication, the maintainers are planning to update code to reflect this change at a later date.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-21669
CVE-2022-0282Cross-site Scripting in Packagist microweber/microweber prior to 1.2.11.\n\n7.5https://nvd.nist.gov/vuln/detail/CVE-2022-0282
CVE-2022-0355Improper Removal of Sensitive Information Before Storage or Transfer in NPM simple-get prior to 4.0.1.\n\n7.5https://nvd.nist.gov/vuln/detail/CVE-2022-0355
CVE-2022-0214The Custom Popup Builder WordPress plugin before 1.3.1 autoload data from its popup on every pages, as such data can be sent by unauthenticated user, and is not validated in length, this could cause a denial of service on the blog7.5https://nvd.nist.gov/vuln/detail/CVE-2022-0214
CVE-2022-0565Cross-site Scripting in Packagist pimcore/pimcore prior to 10.3.1.\n\n7.5https://nvd.nist.gov/vuln/detail/CVE-2022-0565
CVE-2018-25032zlib before 1.2.12 allows memory corruption when deflating (i.e., when compressing) if the input has many distant matches.7.5https://nvd.nist.gov/vuln/detail/CVE-2018-25032
CVE-2022-24787Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. In version 0.3.1 and prior, bytestrings can have dirty bytes in them, resulting in the word-for-word comparisons giving incorrect results. Even without dirty nonzero bytes, two bytestrings can compare to equal if one ends with `"\\x00"` because there is no comparison of the length. A patch is available and expected to be part of the 0.3.2 release. There are currently no known workarounds.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-24787
CVE-2022-24795yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of `yajl` contain an integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs. The reallocation logic at `yajl_buf.c#L64` may result in the `need` 32bit integer wrapping to 0 when `need` approaches a value of 0x80000000 (i.e. ~2GB of data), which results in a reallocation of buf->alloc into a small heap chunk. These integers are declared as `size_t` in the 2.x branch of `yajl`, which practically prevents the issue from triggering on 64bit platforms, however this does not preclude this issue triggering on 32bit builds on which `size_t` is a 32bit integer. Subsequent population of this under-allocated heap chunk is based on the original buffer size, leading to heap memory corruption. This vulnerability mostly impacts process availability. Maintainers believe exploitation for arbitrary code execution is unlikely. A patch is available and anticipated to be part of yajl-ruby version 1.4.2. As a workaround, avoid passing large inputs to YAJL.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-24795
CVE-2022-0828The Download Manager WordPress plugin before 3.2.34 uses the uniqid php function to generate the master key for a download, allowing an attacker to brute force the key with reasonable resources giving direct download access regardless of role based restrictions or password protections set for the download.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-0828
CVE-2021-35250A researcher reported a Directory Transversal Vulnerability in Serv-U 15.3. This may allow access to files relating to the Serv-U installation and server files. This issue has been resolved in Serv-U 15.3 Hotfix 1.\n\n7.5https://nvd.nist.gov/vuln/detail/CVE-2021-35250
CVE-2022-29255Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions prior to 0.3.4 when a calling an external contract with no return value, the contract address (including side effects) could be evaluated twice. This may result in incorrect outcomes for contracts. This issue has been addressed in v0.3.4.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-29255
CVE-2022-1412The Log WP_Mail WordPress plugin through 0.1 saves sent email in a publicly accessible directory using predictable filenames, allowing any unauthenticated visitor to obtain potentially sensitive information like generated passwords.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-1412
CVE-2022-31781Apache Tapestry up to version 5.8.1 is vulnerable to Regular Expression Denial of Service (ReDoS) in the way it handles Content Types. Specially crafted Content Types may cause catastrophic backtracking, taking exponential time to complete. Specifically, this is about the regular expression used on the parameter of the org.apache.tapestry5.http.ContentType class. Apache Tapestry 5.8.2 has a fix for this vulnerability. Notice the vulnerability cannot be triggered by web requests in Tapestry code alone. It would only happen if there's some non-Tapestry codepath passing some outside input to the ContentType class constructor.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-31781
CVE-2022-2083The Simple Single Sign On WordPress plugin through 4.1.0 leaks its OAuth client_secret, which could be used by attackers to gain unauthorized access to the site.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-2083
CVE-2022-3907The Clerk WordPress plugin before 4.0.0 is affected by time-based attacks in the validation function for all API requests due to the usage of comparison operators to verify API keys against the ones stored in the site options.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-3907
CVE-2021-35252Common encryption key appears to be used across all deployed instances of Serv-U FTP Server. Because of this an encrypted value that is exposed to an attacker can be simply recovered to plaintext.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-35252
CVE-2023-22403\nAn Allocation of Resources Without Limits or Throttling vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS).\n\n\n\nOn QFX10K Series, Inter-Chassis Control Protocol (ICCP) is used in MC-LAG topologies to exchange control information between the devices in the topology. ICCP connection flaps and sync issues will be observed due to excessive specific traffic to the local device.\n\n\n\nThis issue affects Juniper Networks Junos OS on QFX10K Series:\n\n * All versions prior to 20.2R3-S7;\n * 20.4 versions prior to 20.4R3-S4;\n * 21.1 versions prior to 21.1R3-S3;\n * 21.2 versions prior to 21.2R3-S1;\n * 21.3 versions prior to 21.3R3;\n * 21.4 versions prior to 21.4R3;\n * 22.1 versions prior to 22.1R2.\n\n\n\n\n7.5https://nvd.nist.gov/vuln/detail/CVE-2023-22403
CVE-2023-25577Werkzeug is a comprehensive WSGI web application library. Prior to version 2.2.3, Werkzeug's multipart form data parser will parse an unlimited number of parts, including file parts. Parts can be a small amount of bytes, but each requires CPU time to parse and may use more memory as Python data. If a request can be made to an endpoint that accesses `request.data`, `request.form`, `request.files`, or `request.get_data(parse_form_data=False)`, it can cause unexpectedly high resource usage. This allows an attacker to cause a denial of service by sending crafted multipart data to an endpoint that will parse it. The amount of CPU time required can block worker processes from handling legitimate requests. The amount of RAM required can trigger an out of memory kill of the process. Unlimited file parts can use up memory and file handles. If many concurrent requests are sent continuously, this can exhaust or kill all available workers. Version 2.2.3 contains a patch for this issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-25577
CVE-2023-24329An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-24329
CVE-2023-25957A vulnerability has been identified in Mendix SAML (Mendix 7 compatible) (All versions >= V1.16.4 < V1.17.3), Mendix SAML (Mendix 8 compatible) (All versions >= V2.2.0 < V2.3.0), Mendix SAML (Mendix 9 latest compatible, New Track) (All versions >= V3.1.9 < V3.3.1), Mendix SAML (Mendix 9 latest compatible, Upgrade Track) (All versions >= V3.1.8 < V3.3.0), Mendix SAML (Mendix 9.6 compatible, New Track) (All versions >= V3.1.9 < V3.2.7), Mendix SAML (Mendix 9.6 compatible, Upgrade Track) (All versions >= V3.1.8 < V3.2.6). The affected versions of the module insufficiently verify the SAML assertions. This could allow unauthenticated remote attackers to bypass authentication and get access to the application.\r\n\r\nFor compatibility reasons, fix versions still contain this issue, but only when the recommended, default configuration option `'Use Encryption'` is disabled.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-25957
CVE-2023-0210A bug affects the Linux kernel’s ksmbd NTLMv2 authentication and is known to crash the OS immediately in Linux-based systems.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-0210
CVE-2023-24472A denial of service vulnerability exists in the FitsOutput::close() functionality of OpenImageIO Project OpenImageIO v2.4.7.1. A specially crafted ImageOutput Object can lead to denial of service. An attacker can provide malicious input to trigger this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-24472
CVE-2023-30629Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.1 through 0.3.7, the Vyper compiler generates the wrong bytecode. Any contract that uses the `raw_call` with `revert_on_failure=False` and `max_outsize=0` receives the wrong response from `raw_call`. Depending on the memory garbage, the result can be either `True` or `False`. A patch is available and, as of time of publication, anticipated to be part of Vyper 0.3.8. As a workaround, one may always put `max_outsize>0`.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-30629
CVE-2023-23837No exception handling vulnerability which revealed sensitive or excessive information to users.\n\n7.5https://nvd.nist.gov/vuln/detail/CVE-2023-23837
CVE-2023-0045The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set  function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is only issued on the next schedule, when the TIF bits are checked. This leaves the victim vulnerable to values already injected on the BTB, prior to the prctl syscall.  The patch that added the support for the conditional mitigation via prctl (ib_prctl_set) dates back to the kernel 4.9.176.\n\nWe recommend upgrading past commit a664ec9158eeddd75121d39c9a0758016097fa96\n\n7.5https://nvd.nist.gov/vuln/detail/CVE-2023-0045
CVE-2023-30837Vyper is a pythonic smart contract language for the EVM. The storage allocator does not guard against allocation overflows in versions prior to 0.3.8. An attacker can overwrite the owner variable. This issue was fixed in version 0.3.8.\n7.5https://nvd.nist.gov/vuln/detail/CVE-2023-30837
CVE-2023-2156A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of proper handling of user-supplied data, which can lead to an assertion failure. This may allow an unauthenticated remote attacker to create a denial of service condition on the system.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-2156
CVE-2023-32058Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, due to missing overflow check for loop variables, by assigning the iterator of a loop to a variable, it is possible to overflow the type of the latter. The issue seems to happen only in loops of type `for i in range(a, a + N)` as in loops of type `for i in range(start, stop)` and `for i in range(stop)`, the compiler is able to raise a `TypeMismatch` when trying to overflow the variable. The problem has been patched in version 0.3.8.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-32058
CVE-2023-32059Vyper is a Pythonic smart contract language for the Ethereum virtual machine. Prior to version 0.3.8, internal calls with default arguments are compiled incorrectly. Depending on the number of arguments provided in the call, the defaults are added not right-to-left, but left-to-right. If the types are incompatible, typechecking is bypassed. The ability to pass kwargs to internal functions is an undocumented feature that is not well known about. The issue is patched in version 0.3.8.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-32059
CVE-2023-2703Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Finex Media Competition Management System allows Retrieve Embedded Sensitive Data, Collect Data as Provided by Users.This issue affects Competition Management System: before 23.07.\n\n7.5https://nvd.nist.gov/vuln/detail/CVE-2023-2703
CVE-2023-28319A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the (now freed) hash. This flaw risks inserting sensitive heap-based data into the error message that might be shown to users or otherwise get leaked and revealed.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-28319
CVE-2023-2953A vulnerability was found in openldap. This security flaw causes a null pointer dereference in ber_memalloc_x() function.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-2953
CVE-2023-34624An issue was discovered htmlcleaner thru = 2.28 allows attackers to cause a denial of service or other unspecified impacts via crafted object that uses cyclic dependencies.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-34624
CVE-2023-23841\nSolarWinds Serv-U is submitting an HTTP request when changing or updating the attributes for File Share or File request.? Part of the URL of the request discloses sensitive data. \n\n7.5https://nvd.nist.gov/vuln/detail/CVE-2023-23841
CVE-2023-30586A privilege escalation vulnerability exists in Node.js 20 that allowed loading arbitrary OpenSSL engines when the experimental permission model is enabled, which can bypass and/or disable the permission model. The attack complexity is high. However, the crypto.setEngine() API can be used to bypass the permission model when called with a compatible OpenSSL engine. The OpenSSL engine can, for example, disable the permission model in the host process by manipulating the process's stack memory to locate the permission model Permission::enabled_ in the host process's heap memory. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-30586
CVE-2023-30589The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).\r\n\r\nThe CR character (without LF) is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only the CRLF sequence should delimit each header-field. This impacts all Node.js active versions: v16, v18, and, v20\r\n7.5https://nvd.nist.gov/vuln/detail/CVE-2023-30589
CVE-2023-36053In Django 3.2 before 3.2.20, 4 before 4.1.10, and 4.2 before 4.2.3, EmailValidator and URLValidator are subject to a potential ReDoS (regular expression denial of service) attack via a very large number of domain name labels of emails and URLs.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-36053
CVE-2023-34457MechanicalSoup is a Python library for automating interaction with websites. Starting in version 0.2.0 and prior to version 1.3.0, a malicious web server can read arbitrary files on the client using a `<input type="file" ...>` inside HTML form. All users of MechanicalSoup's form submission are affected, unless they took very specific (and manual) steps to reset HTML form field values. Version 1.3.0 contains a patch for this issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-34457
CVE-2023-36884Windows Search Remote Code Execution Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2023-36884
CVE-2023-29984Null pointer dereference vulnerability exists in multiple vendors MFPs and printers which implement Debut web server 1.2 or 1.3. Processing a specially crafted request may lead an affected product to a denial-of-service (DoS) condition. As for the affected products/models/versions, see the detailed information provided by each vendor.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-29984
CVE-2023-37464OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption (JOSE). The AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag provided in the JWE. The spec says that a fixed length of 16 octets must be applied. Therefore this bug allows an attacker to provide a truncated Authentication Tag and to modify the JWE accordingly. Users should upgrade to a version >= 0.6.2.2. Users unable to upgrade should avoid using AES GCM encryption and replace it with another encryption algorithm (e.g. AES CBC).7.5https://nvd.nist.gov/vuln/detail/CVE-2023-37464
CVE-2023-34966An infinite loop vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets sent by the client, the core unmarshalling function sl_unpack_loop() did not validate a field in the network packet that contains the count of elements in an array-like structure. By passing 0 as the count value, the attacked function will run in an endless loop consuming 100% CPU. This flaw allows an attacker to issue a malformed RPC request, triggering an infinite loop, resulting in a denial of service condition.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-34966
CVE-2023-38633A directory traversal problem in the URL decoder of librsvg before 2.56.3 could be used by local or remote attackers to disclose files (on the local filesystem outside of the expected area), as demonstrated by href=".?../../../../../../../../../../etc/passwd" in an xi:include element.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-38633
CVE-2023-32247A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_SESSION_SETUP commands. The issue results from the lack of control of resource consumption. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-32247
CVE-2023-32248A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_TREE_CONNECT and SMB2_QUERY_INFO commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-32248
CVE-2023-32252A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_LOGOFF commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-32252
CVE-2023-3748A flaw was found in FRRouting when parsing certain babeld unicast hello messages that are intended to be ignored. This issue may allow an attacker to send specially crafted hello messages with the unicast flag set, the interval field set to 0, or any TLV that contains a sub-TLV with the Mandatory flag set to enter an infinite loop and cause a denial of service.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-3748
CVE-2023-35067Plaintext Storage of a Password vulnerability in Infodrom Software E-Invoice Approval System allows Read Sensitive Strings Within an Executable.This issue affects E-Invoice Approval System: before v.20230701.\n\n7.5https://nvd.nist.gov/vuln/detail/CVE-2023-35067
CVE-2023-34434Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. \n\nThe attacker could bypass the current logic and achieve arbitrary file reading. To solve it, users are advised to upgrade to Apache InLong's 1.8.0 or cherry-pick https://github.com/apache/inlong/pull/8130 .\n\n7.5https://nvd.nist.gov/vuln/detail/CVE-2023-34434
CVE-2023-34235Strapi is an open-source headless content management system. Prior to version 4.10.8, it is possible to leak private fields if one is using the `t(number)` prefix. Knex query allows users to change the default prefix. For example, if someone changes the prefix to be the same as it was before or to another table they want to query, the query changes from `password` to `t1.password`. `password` is protected by filtering protections but `t1.password` is not protected. This can lead to filtering attacks on everything related to the object again, including admin passwords and reset-tokens. Version 4.10.8 fixes this issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-34235
CVE-2023-35943Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, the CORS filter will segfault and crash Envoy when the `origin` header is removed and deleted between `decodeHeaders`and `encodeHeaders`. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, do not remove the `origin` header in the Envoy configuration.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-35943
CVE-2022-46902An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is a Path Traversal for an Unzip operation. The Vocera Report Console contains a websocket function that allows for the restoration of the database from a ZIP archive that expects a SQL import file. During the unzip operation, the code takes file paths from the ZIP archive and writes them to a Vocera temporary directory. Unfortunately, the code does not properly check if the file paths include directory traversal payloads that would escape the intended destination.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-46902
CVE-2023-38493Armeria is a microservice framework Spring supports Matrix variables. When Spring integration is used, Armeria calls Spring controllers via `TomcatService` or `JettyService` with the path that may contain matrix variables. Prior to version 1.24.3, the Armeria decorators might not invoked because of the matrix variables. If an attacker sends a specially crafted request, the request may bypass the authorizer. Version 1.24.3 contains a patch for this issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-38493
CVE-2022-31457RTX TRAP v1.0 allows attackers to perform a directory traversal via a crafted request sent to the endpoint /data/.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-31457
CVE-2022-2502A vulnerability exists in the HCI IEC 60870-5-104 function included in certain versions of the RTU500 series product. The vulnerability can only be exploited, if the HCI 60870-5-104 is configured with support for IEC 62351-5 and the CMU contains the license feature ‘Advanced security’ which must be ordered separately. If these preconditions are fulfilled, an attacker could exploit the vulnerability by sending a specially crafted message to the RTU500, causing the targeted RTU500 CMU to reboot. The vulnerability is caused by a missing input data validation which eventually if exploited causes an internal buffer to overflow in the HCI IEC 60870-5-104 function.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-2502
CVE-2022-4608A vulnerability exists in HCI IEC 60870-5-104 function included in certain versions of the RTU500 series product. The vulnerability can only be exploited, if the HCI 60870-5-104 is configured with support for IEC 62351-3. After session resumption interval is expired an RTU500 initiated update of session parameters causes an unexpected restart due to a stack overflow.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-4608
CVE-2023-38433Fujitsu Real-time Video Transmission Gear "IP series" use hard-coded credentials, which may allow a remote unauthenticated attacker to initialize or reboot the products, and as a result, terminate the video transmission. Affected products and versions are as follows: IP-HE950E firmware versions V01L001 to V01L053, IP-HE950D firmware versions V01L001 to V01L053, IP-HE900E firmware versions V01L001 to V01L010, IP-HE900D firmware versions V01L001 to V01L004, IP-900E / IP-920E firmware versions V01L001 to V02L061, IP-900D / IP-900?D / IP-920D firmware versions V01L001 to V02L061, IP-90 firmware versions V01L001 to V01L013, and IP-9610 firmware versions V01L001 to V02L007.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-38433
CVE-2022-43713Interactive Forms (IAF) in GX Software XperienCentral versions 10.33.1 until 10.35.0 was vulnerable to invalid data input because form validation could be bypassed.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-43713
CVE-2023-3442A missing authorization vulnerability exists in versions of the Jenkins Plug-in for ServiceNow DevOps prior to 1.38.1 that, if exploited successfully, could cause the unwanted exposure of sensitive information. To address this issue, apply the 1.38.1 version of the Jenkins plug-in for ServiceNow DevOps on your Jenkins server. No changes are required on your instances of the Now Platform. \n7.5https://nvd.nist.gov/vuln/detail/CVE-2023-3442
CVE-2023-30367Multi-Remote Next Generation Connection Manager (mRemoteNG) is free software that enables users to store and manage multi-protocol connection configurations to remotely connect to systems. mRemoteNG configuration files can be stored in an encrypted state on disk. mRemoteNG version <= v1.76.20 and <= 1.77.3-dev loads configuration files in plain text into memory (after decrypting them if necessary) at application start-up, even if no connection has been established yet. This allows attackers to access contents of configuration files in plain text through a memory dump and thus compromise user credentials when no custom password encryption key has been set. This also bypasses the connection configuration file encryption setting by dumping already decrypted configurations from memory.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-30367
CVE-2023-38285Trustwave ModSecurity 3.x before 3.0.10 has Inefficient Algorithmic Complexity.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-38285
CVE-2023-38564The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5. An app may be able to modify protected parts of the file system.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-38564
CVE-2023-38572The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. A website may be able to bypass Same Origin Policy.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-38572
CVE-2023-38603The issue was addressed with improved checks. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A remote user may be able to cause a denial-of-service.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-38603
CVE-2023-38492Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affects all Kirby sites with user accounts (unless Kirby's API and Panel are disabled in the config). The real-world impact of this vulnerability is limited, however we still recommend to update to one of the patch releases because they also fix more severe vulnerabilities.\n\nKirby's authentication endpoint did not limit the password length. This allowed attackers to provide a password with a length up to the server's maximum request body length. Validating that password against the user's actual password requires hashing the provided password, which requires more CPU and memory resources (and therefore processing time) the longer the provided password gets. This could be abused by an attacker to cause the website to become unresponsive or unavailable. Because Kirby comes with a built-in brute force protection, the impact of this vulnerability is limited to 10 failed logins from each IP address and 10 failed logins for each existing user per hour.\n\nThe problem has been patched in Kirby 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6. In all of the mentioned releases, the maintainers have added password length limits in the affected code so that passwords longer than 1000 bytes are immediately blocked, both when setting a password and when logging in.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-38492
CVE-2023-38504Sails is a realtime MVC Framework for Node.js. In Sails apps prior to version 1.5.7,, an attacker can send a virtual request that will cause the node process to crash. This behavior was fixed in Sails v1.5.7. As a workaround, disable the sockets hook and remove the `sails.io.js` client.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-38504
CVE-2023-38505DietPi-Dashboard is a web dashboard for the operating system DietPi. The dashboard only allows for one TLS handshake to be in process at a given moment. Once a TCP connection is established in HTTPS mode, it will assume that it should be waiting for a handshake, and will stay this way indefinitely until a handshake starts or some error occurs. In version 0.6.1, this can be exploited by simply not starting the handshake, preventing any other TLS handshakes from getting through. An attacker can lock the dashboard in a state where it is waiting for a TLS handshake from the attacker, who won't provide it. This prevents any legitimate traffic from getting to the dashboard, and can last indefinitely. Version 0.6.2 has a patch for this issue. As a workaround, do not use HTTPS mode on the open internet where anyone can connect. Instead, put a reverse proxy in front of the dashboard, and have it handle any HTTPS connections.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-38505
CVE-2020-22623Directory traversal vulnerability in Jinfornet Jreport 15.6 allows unauthenticated attackers to gain sensitive information.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-22623
CVE-2023-33742TeleAdapt RoomCast TA-2400 1.0 through 3.1 suffers from Cleartext Storage of Sensitive Information: RSA private key in Update.exe.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-33742
CVE-2023-32444A logic issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. A sandboxed process may be able to circumvent sandbox restrictions.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-32444
CVE-2023-38571This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to bypass Privacy preferences.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-38571
CVE-2023-38601This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.7.9, macOS Monterey 12.6.8, macOS Ventura 13.5. An app may be able to modify protected parts of the file system.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-38601
CVE-2023-38609An injection issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13.5. An app may be able to bypass certain Privacy preferences.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-38609
CVE-2023-38684Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, in multiple controller actions, Discourse accepts limit params but does not impose any upper bound on the values being accepted. Without an upper bound, the software may allow arbitrary users to generate DB queries which may end up exhausting the resources on the server. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. There are no known workarounds for this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-38684
CVE-2023-37218Tadiran Telecom Aeonix - CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')7.5https://nvd.nist.gov/vuln/detail/CVE-2023-37218
CVE-2023-34358ASUS RT-AX88U's httpd is subject to an unauthenticated DoS condition. A remote attacker can send a specially crafted request to a device which contains a specific user agent, causing the httpd binary to crash during a string comparison performed within web.c, resulting in a DoS condition.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-34358
CVE-2023-34359ASUS RT-AX88U's httpd is subject to an unauthenticated DoS condition. A remote attacker can send a specially crafted request to the device which causes the httpd binary to crash within the "do_json_decode()" function of ej.c, resulting in a DoS condition.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-34359
CVE-2023-38750In Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41, 9 before 9.0.0 Patch 34, and 10 before 10.0.2, internal JSP and XML files can be exposed.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-38750
CVE-2023-3825\nPTC’s KEPServerEX Versions 6.0 to 6.14.263 are vulnerable to being made to read a recursively defined object that leads to uncontrolled resource consumption. KEPServerEX uses OPC UA, a protocol which defines various object types that can be nested to create complex arrays. It does not implement a check to see if such an object is recursively defined, so an attack could send a maliciously created message that the decoder would try to decode until the stack overflowed and the device crashed.\n\n7.5https://nvd.nist.gov/vuln/detail/CVE-2023-3825
CVE-2023-36983LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-36983
CVE-2023-36984LavaLite CMS v 9.0.0 is vulnerable to Sensitive Data Exposure.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-36984
CVE-2023-26139Versions of the package underscore-keypath from 0.0.11 are vulnerable to Prototype Pollution via the name argument of the setProperty() function. Exploiting this vulnerability is possible due to improper input sanitization which allows the usage of arguments like “__proto__”.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-26139
CVE-2023-4048An out-of-bounds read could have led to an exploitable crash when parsing HTML with DOMParser in low memory situations. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-4048
CVE-2023-4050In some cases, an untrusted input stream was copied to a stack buffer without checking its size. This resulted in a potentially exploitable crash which could have led to a sandbox escape. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-4050
CVE-2023-4051A website could have obscured the full screen notification by using the file open dialog. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-4051
CVE-2023-4055When the number of cookies per domain was exceeded in `document.cookie`, the actual cookie jar sent to the host was no longer consistent with expected cookie jar state. This could have caused requests to be sent with some cookies missing. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-4055
CVE-2023-3107A set of carefully crafted ipv6 packets can trigger an integer overflow in the calculation of a fragment reassembled packet's payload length field. This allows an attacker to trigger a kernel panic, resulting in a denial of service.\n7.5https://nvd.nist.gov/vuln/detail/CVE-2023-3107
CVE-2023-0632An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A Regular Expression Denial of Service was possible by using crafted payloads to search Harbor Registry.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-0632
CVE-2023-3364An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.14 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A Regular Expression Denial of Service was possible via sending crafted payloads which use AutolinkFilter to the preview_markdown endpoint.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-3364
CVE-2023-3900An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. An invalid 'start_sha' value on merge requests page may lead to Denial of Service as Changes tab would not load.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-3900
CVE-2023-3993An issue has been discovered in GitLab EE affecting all versions starting from 14.3 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. Access tokens may have been logged when a query was made to a specific endpoint.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-3993
CVE-2023-3994An issue has been discovered in GitLab CE/EE affecting all versions starting from 9.3 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A Regular Expression Denial of Service was possible via sending crafted payloads which use ProjectReferenceFilter to the preview_markdown endpoint.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-3994
CVE-2023-4011An issue has been discovered in GitLab EE affecting all versions from 15.11 prior to 16.2.2 which allows an attacker to spike the resource consumption resulting in DoS.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-4011
CVE-2023-38556Improper input validation vulnerability in SEIKO EPSON printer Web Config allows a remote attacker to turned off the printer.\r\n[Note] Web Config is the software that allows users to check the status and change the settings of SEIKO EPSON printers via a web browser. Web Config is pre-installed in some printers provided by SEIKO EPSON CORPORATION. For the details of the affected product names/model numbers, refer to the information provided by the vendor.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-38556
CVE-2023-26451Functions with insufficient randomness were used to generate authorization tokens of the integrated oAuth Authorization Service. Authorization codes were predictable for third parties and could be used to intercept and take over the client authorization process. As a result, other users accounts could be compromised. The oAuth Authorization Service is not enabled by default. We have updated the implementation to use sources with sufficient randomness to generate authorization tokens. No publicly available exploits are known.\n\n7.5https://nvd.nist.gov/vuln/detail/CVE-2023-26451
CVE-2022-46485Data Illusion Survey Software Solutions ngSurvey version 2.4.28 and below is vulnerable to Denial of Service if a survey contains a "Text Field", "Comment Field" or "Contact Details".7.5https://nvd.nist.gov/vuln/detail/CVE-2022-46485
CVE-2022-46484Information disclosure in password protected surveys in Data Illusion Survey Software Solutions NGSurvey v2.4.28 and below allows attackers to view the password to access and arbitrarily submit surveys.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-46484
CVE-2023-33370An uncaught exception vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing attackers to cause the main web server of IDSecure to fault and crash, causing a denial of service.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-33370
CVE-2023-38955ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to obtain sensitive information about all managed devices, including their IP addresses and device names.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-38955
CVE-2023-38956A path traversal vulnerability in ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-38956
CVE-2023-39144Element55 KnowMore appliances version 21 and older was discovered to store passwords in plaintext.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-39144
CVE-2023-33363An authentication bypass vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows unauthenticated users to access some functionality on BioStar 2 servers.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-33363
CVE-2023-0956\nExternal input could be used on TEL-STER TelWin SCADA WebInterface to construct paths to files and directories without properly neutralizing special elements within the pathname, which could allow an unauthenticated attacker to read files on the system.\n\n7.5https://nvd.nist.gov/vuln/detail/CVE-2023-0956
CVE-2023-38949An issue in a hidden API in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to arbitrarily reset the Administrator password via a crafted web request.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-38949
CVE-2023-38950A path traversal vulnerability in the iclock API of ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read arbitrary files via supplying a crafted payload.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-38950
CVE-2023-38952Insecure access control in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read sensitive backup files and access sensitive information such as user credentials via sending a crafted HTTP request to the static files resources of the system.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-38952
CVE-2023-36135User enumeration is found in in PHPJabbers Class Scheduling System v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-36135
CVE-2023-30146Assmann Digitus Plug&View IP Camera HT-IP211HDP, version 2.000.022 allows unauthenticated attackers to download a copy of the camera's settings and the administrator credentials.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-30146
CVE-2023-4139The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Sensitive Information Exposure via Directory Listing due to missing restriction in export folder indexing in versions up to, and including, 7.9.8. This makes it possible for unauthenticated attackers to list and view exported files.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-4139
CVE-2023-38494MeterSphere is an open-source continuous testing platform. Prior to version 2.10.4 LTS, some interfaces of the Cloud version of MeterSphere do not have configuration permissions, and are sensitively leaked by attackers. Version 2.10.4 LTS contains a patch for this issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-38494
CVE-2023-35383Microsoft Message Queuing Information Disclosure Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2023-35383
CVE-2023-36912Microsoft Message Queuing Denial of Service Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2023-36912
CVE-2023-38172Microsoft Message Queuing Denial of Service Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2023-38172
CVE-2023-38178.NET Core and Visual Studio Denial of Service Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2023-38178
CVE-2023-38184Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2023-38184
CVE-2023-36899ASP.NET Elevation of Privilege Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2023-36899
CVE-2023-38180.NET and Visual Studio Denial of Service Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2023-38180
CVE-2021-3450The X509_V_FLAG_X509_STRICT flag enables additional security checks of the certificates present in a certificate chain. It is not set by default. Starting from OpenSSL version 1.1.1h a check to disallow certificates in the chain that have explicitly encoded elliptic curve parameters was added as an additional strict check. An error in the implementation of this check meant that the result of a previous check to confirm that certificates in the chain are valid CA certificates was overwritten. This effectively bypasses the check that non-CA certificates must not be able to issue other certificates. If a "purpose" has been configured then there is a subsequent opportunity for checks that the certificate is a valid CA. All of the named "purpose" values implemented in libcrypto perform this check. Therefore, where a purpose is set the certificate chain will still be rejected even when the strict flag has been used. A purpose is set by default in libssl client and server certificate verification routines, but it can be overridden or removed by an application. In order to be affected, an application must explicitly set the X509_V_FLAG_X509_STRICT verification flag and either not set a purpose for the certificate verification or, in the case of TLS client or server applications, override the default purpose. OpenSSL versions 1.1.1h and newer are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1h-1.1.1j).7.4https://nvd.nist.gov/vuln/detail/CVE-2021-3450
CVE-2020-27738A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). The DNS domain name record decompression functionality does not properly validate the pointer offset values. The parsing of malformed responses could result in a read access past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to cause a denial-of-service condition.7.4https://nvd.nist.gov/vuln/detail/CVE-2020-27738
CVE-2021-31186Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability7.4https://nvd.nist.gov/vuln/detail/CVE-2021-31186
CVE-2021-31936Microsoft Accessibility Insights for Web Information Disclosure Vulnerability7.4https://nvd.nist.gov/vuln/detail/CVE-2021-31936
CVE-2023-36873.NET Framework Spoofing Vulnerability7.4https://nvd.nist.gov/vuln/detail/CVE-2023-36873
CVE-2021-31192Windows Media Foundation Core Remote Code Execution Vulnerability7.3https://nvd.nist.gov/vuln/detail/CVE-2021-31192
CVE-2023-22743Git for Windows is the Windows port of the revision control system Git. Prior to Git for Windows version 2.39.2, by carefully crafting DLL and putting into a subdirectory of a specific name living next to the Git for Windows installer, Windows can be tricked into side-loading said DLL. This potentially allows users with local write access to place malicious payloads in a location where automated upgrades might run the Git for Windows installer with elevation. Version 2.39.2 contains a patch for this issue. Some workarounds are available. Never leave untrusted files in the Downloads folder or its sub-folders before executing the Git for Windows installer, or move the installer into a different directory before executing it.7.3https://nvd.nist.gov/vuln/detail/CVE-2023-22743
CVE-2023-38489Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affects all Kirby sites with user accounts (unless Kirby's API and Panel are disabled in the config). It can only be abused if a Kirby user is logged in on a device or browser that is shared with potentially untrusted users or if an attacker already maliciously used a previous password to log in to a Kirby site as the affected user.\n\nInsufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization. In the variation described in this advisory, it allows attackers to stay logged in to a Kirby site on another device even if the logged in user has since changed their password. Kirby did not invalidate user sessions that were created with a password that was since changed by the user or by a site admin. If a user changed their password to lock out an attacker who was already in possession of the previous password or of a login session on another device or browser, the attacker would not be reliably prevented from accessing the Kirby site as the affected user.\n\nThe problem has been patched in Kirby 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6. In all of the mentioned releases, the maintainers have updated the authentication implementation to keep track of the hashed password in each active session. If the password changed since the login, the session is invalidated. To enforce this fix even if the vulnerability was previously abused, all users are logged out from the Kirby site after updating to one of the patched releases.7.3https://nvd.nist.gov/vuln/detail/CVE-2023-38489
CVE-2023-3670In CODESYS Development System 3.5.9.0 to 3.5.17.0 and CODESYS Scripting 4.0.0.0 to 4.1.0.0 unsafe directory permissions would allow an attacker with local access to the workstation to place potentially harmful and disguised scripts that could be executed by legitimate users.7.3https://nvd.nist.gov/vuln/detail/CVE-2023-3670
CVE-2023-3662In CODESYS Development System versions from 3.5.17.0 and prior to 3.5.19.20 a vulnerability allows for execution of binaries from the current working directory in the users context .7.3https://nvd.nist.gov/vuln/detail/CVE-2023-3662
CVE-2018-19422/panel/uploads in Subrion CMS 4.2.1 allows remote attackers to execute arbitrary PHP code via a .pht or .phar file, because the .htaccess file omits these.7.2https://nvd.nist.gov/vuln/detail/CVE-2018-19422
CVE-2021-26422Skype for Business and Lync Remote Code Execution Vulnerability7.2https://nvd.nist.gov/vuln/detail/CVE-2021-26422
CVE-2021-31200Common Utilities Remote Code Execution Vulnerability7.2https://nvd.nist.gov/vuln/detail/CVE-2021-31200
CVE-2022-47503SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.\n\n7.2https://nvd.nist.gov/vuln/detail/CVE-2022-47503
CVE-2022-47504SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.\n\n7.2https://nvd.nist.gov/vuln/detail/CVE-2022-47504
CVE-2022-47507SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.\n\n7.2https://nvd.nist.gov/vuln/detail/CVE-2022-47507
CVE-2023-23836SolarWinds Platform version 2022.4.1 was found to be susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to the SolarWinds Web Console to execute arbitrary commands.\n\n7.2https://nvd.nist.gov/vuln/detail/CVE-2023-23836
CVE-2022-36963The SolarWinds Platform was susceptible to the Command Injection Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform admin account to execute arbitrary commands.\n\n7.2https://nvd.nist.gov/vuln/detail/CVE-2022-36963
CVE-2023-1207This HTTP Headers WordPress plugin before 1.18.8 has an import functionality which executes arbitrary SQL on the server, leading to an SQL Injection vulnerability.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-1207
CVE-2023-25081Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the src and dmz variables.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-25081
CVE-2023-25082Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the old_ip and old_mac variables.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-25082
CVE-2023-25083Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the ip and mac variables.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-25083
CVE-2023-25084Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the ip, mac and description variables.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-25084
CVE-2023-25085Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the index and to_dst variables.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-25085
CVE-2023-25086Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the index and dport variables.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-25086
CVE-2023-25087Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the index and to_dport variables.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-25087
CVE-2023-25088Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the firewall_handler_set function with the index and description variables.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-25088
CVE-2023-25089Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the handle_interface_acl function with the interface variable when in_acl is -1.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-25089
CVE-2023-25090Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the handle_interface_acl function with the interface and in_acl variables.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-25090
CVE-2023-25091Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the handle_interface_acl function with the interface variable when out_acl is -1.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-25091
CVE-2023-25092Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the handle_interface_acl function with the interface and out_acl variables.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-25092
CVE-2023-25093Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the class_name variable..7.2https://nvd.nist.gov/vuln/detail/CVE-2023-25093
CVE-2023-25094Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the into_class_node function with either the class_name or old_class_name variable.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-25094
CVE-2023-25095Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the rule_name variable with two possible format strings that represent negated commands.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-25095
CVE-2023-25096Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the rule_name variable with two possible format strings.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-25096
CVE-2023-25097Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the attach_class variable.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-25097
CVE-2023-25098Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the source variable.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-25098
CVE-2023-25099Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the dest variable.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-25099
CVE-2023-25100Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_qos function with the default_class variable.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-25100
CVE-2023-25101Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_dmvpn function with the gre_key variable.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-25101
CVE-2023-25102Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_dmvpn function with the hub_ip and the hub_gre_ip variables.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-25102
CVE-2023-25103Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_dmvpn function with the gre_ip and the gre_mask variables.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-25103
CVE-2023-25104Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_ike_profile function with the username and the password variables.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-25104
CVE-2023-25105Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_ike_profile function with the secrets_remote variable.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-25105
CVE-2023-25106Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the local_virtual_ip and the local_virtual_mask variables.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-25106
CVE-2023-25107Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the remote_subnet and the remote_mask variables.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-25107
CVE-2023-25108Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the remote_ip variable.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-25108
CVE-2023-25109Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the local_ip variable.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-25109
CVE-2023-25110Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the remote_virtual_ip variable.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-25110
CVE-2023-25111Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_gre function with the key variable.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-25111
CVE-2023-25112Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_l2tp function with the remote_subnet and the remote_mask variables.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-25112
CVE-2023-25113Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_l2tp function with the key variable.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-25113
CVE-2023-25114Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the expert_options variable.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-25114
CVE-2023-25115Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the remote_ip and the port variables.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-25115
CVE-2023-25116Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the local_virtual_ip and the remote_virtual_ip variables.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-25116
CVE-2023-25117Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the local_virtual_ip and the local_virtual_mask variables.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-25117
CVE-2023-25118Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the username and the password variables.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-25118
CVE-2023-25119Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_pptp function with the remote_subnet and the remote_mask variables.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-25119
CVE-2023-25120Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_dmvpn function with the cisco_secret variable.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-25120
CVE-2023-25121Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_ike_profile function with the secrets_local variable.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-25121
CVE-2023-25122Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the old_remote_subnet and the old_remote_mask variables.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-25122
CVE-2023-25123Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the remote_subnet and the remote_mask variables when action is 2.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-25123
CVE-2023-25124Multiple buffer overflow vulnerabilities exist in the vtysh_ubus binary of Milesight UR32L v32.3.0.5 due to the use of an unsafe sprintf pattern. A specially crafted HTTP request can lead to arbitrary code execution. An attacker with high privileges can send HTTP requests to trigger these vulnerabilities.This buffer overflow occurs in the set_openvpn_client function with the remote_subnet and the remote_mask variables.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-25124
CVE-2023-1208This HTTP Headers WordPress plugin before 1.18.11 allows arbitrary data to be written to arbitrary files, leading to a Remote Code Execution vulnerability.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-1208
CVE-2021-35391Server Side Request Forgery vulnerability found in Deskpro Support Desk v2021.21.6 allows attackers to execute arbitrary code via a crafted URL.7.2https://nvd.nist.gov/vuln/detail/CVE-2021-35391
CVE-2023-28130Local user may lead to privilege escalation using Gaia Portal hostnames page.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-28130
CVE-2023-23843The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-23843
CVE-2023-23844The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-23844
CVE-2023-33224The SolarWinds Platform was susceptible to the Incorrect Behavior Order Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-33224
CVE-2023-33225The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-33225
CVE-2023-23842The SolarWinds Network Configuration Manager was susceptible to the Directory Traversal Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-23842
CVE-2023-38425The issue was addressed with improved memory handling. This issue is fixed in iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. An app may be able to execute arbitrary code with kernel privileges.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-38425
CVE-2023-31932Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the viewid parameter of the view-enquiry.php file.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-31932
CVE-2023-31933Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the editid parameter of the edit-pass-detail.php file.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-31933
CVE-2023-31936Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the viewid parameter of the view-pass-detail.php file.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-31936
CVE-2023-31937Sql injection vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to execute arbitrary code via the editid parameter of the edit-cateogry-detail.php file.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-31937
CVE-2023-32225Sysaid - CWE-434: Unrestricted Upload of File with Dangerous Type - \n\nA malicious user with administrative privileges may be able to upload a dangerous filetype via an unspecified method.\n\n7.2https://nvd.nist.gov/vuln/detail/CVE-2023-32225
CVE-2023-38948An arbitrary file download vulnerability in the /c/PluginsController.php component of jizhi CMS 1.9.5 allows attackers to execute arbitrary code via downloading a crafted plugin.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-38948
CVE-2023-35081A path traversal vulnerability in Ivanti EPMM versions (11.10.x < 11.10.0.3, 11.9.x < 11.9.1.2 and 11.8.x < 11.8.1.2) allows an authenticated administrator to write arbitrary files onto the appliance.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-35081
CVE-2023-39121emlog v2.1.9 was discovered to contain a SQL injection vulnerability via the component /admin/user.php.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-39121
CVE-2023-38167Microsoft Dynamics Business Central Elevation Of Privilege Vulnerability7.2https://nvd.nist.gov/vuln/detail/CVE-2023-38167
CVE-2021-31172Microsoft SharePoint Server Spoofing Vulnerability7.1https://nvd.nist.gov/vuln/detail/CVE-2021-31172
CVE-2021-31182Microsoft Bluetooth Driver Spoofing Vulnerability7.1https://nvd.nist.gov/vuln/detail/CVE-2021-31182
CVE-2022-1651A memory leak flaw was found in the Linux kernel in acrn_dev_ioctl in the drivers/virt/acrn/hsm.c function in how the ACRN Device Model emulates virtual NICs in VM. This flaw allows a local privileged attacker to leak unauthorized kernel information, causing a denial of service.7.1https://nvd.nist.gov/vuln/detail/CVE-2022-1651
CVE-2022-1671A NULL pointer dereference flaw was found in rxrpc_preparse_s in net/rxrpc/server_key.c in the Linux kernel. This flaw allows a local attacker to crash the system or leak internal kernel information.7.1https://nvd.nist.gov/vuln/detail/CVE-2022-1671
CVE-2022-1973A use-after-free flaw was found in the Linux kernel in log_replay in fs/ntfs3/fslog.c in the NTFS journal. This flaw allows a local attacker to crash the system and leads to a kernel information leak problem.7.1https://nvd.nist.gov/vuln/detail/CVE-2022-1973
CVE-2022-3202A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in Journaled File System (JFS)in the Linux kernel. This could allow a local attacker to crash the system or leak kernel internal information.7.1https://nvd.nist.gov/vuln/detail/CVE-2022-3202
CVE-2022-3564A vulnerability classified as critical was found in Linux Kernel. Affected by this vulnerability is the function l2cap_reassemble_sdu of the file net/bluetooth/l2cap_core.c of the component Bluetooth. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-211087.7.1https://nvd.nist.gov/vuln/detail/CVE-2022-3564
CVE-2022-47520An issue was discovered in the Linux kernel before 6.0.11. Missing offset validation in drivers/net/wireless/microchip/wilc1000/hif.c in the WILC1000 wireless driver can trigger an out-of-bounds read when parsing a Robust Security Network (RSN) information element from a Netlink packet.7.1https://nvd.nist.gov/vuln/detail/CVE-2022-47520
CVE-2022-41858A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information.7.1https://nvd.nist.gov/vuln/detail/CVE-2022-41858
CVE-2023-26607In the Linux kernel 6.0.8, there is an out-of-bounds read in ntfs_attr_find in fs/ntfs/attrib.c.7.1https://nvd.nist.gov/vuln/detail/CVE-2023-26607
CVE-2023-3268An out of bounds (OOB) memory access flaw was found in the Linux kernel in relay_file_read_start_pos in kernel/relay.c in the relayfs. This flaw could allow a local attacker to crash the system or leak kernel internal information.7.1https://nvd.nist.gov/vuln/detail/CVE-2023-3268
CVE-2023-3567A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This flaw allows an attacker with local user access to cause a system crash or leak internal kernel information.7.1https://nvd.nist.gov/vuln/detail/CVE-2023-3567
CVE-2023-34093Strapi is an open-source headless content management system. Prior to version 4.10.8, anyone (Strapi developers, users, plugins) can make every attribute of a Content-Type public without knowing it. The vulnerability only affects the handling of content types by Strapi, not the actual content types themselves. Users can use plugins or modify their own content types without realizing that the `privateAttributes` getter is being removed, which can result in any attribute becoming public. This can lead to sensitive information being exposed or the entire system being taken control of by an attacker(having access to password hashes). Anyone can be impacted, depending on how people are using/extending content-types. If the users are mutating the content-type, they will not be affected. Version 4.10.8 contains a patch for this issue.7.1https://nvd.nist.gov/vuln/detail/CVE-2023-34093
CVE-2023-23764An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff within the GitHub pull request UI. To do so, an attacker would need write access to the repository. This vulnerability affected GitHub Enterprise Server versions 3.7.0 and above and was fixed in versions 3.7.9, 3.8.2, and 3.9.1. This vulnerability was reported via the GitHub Bug Bounty program.\n\n7.1https://nvd.nist.gov/vuln/detail/CVE-2023-23764
CVE-2023-31926System files could be overwritten using the less command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0.\n\n\n7.1https://nvd.nist.gov/vuln/detail/CVE-2023-31926
CVE-2022-34453\nDell XtremIO X2 XMS versions prior to 6-4-1.11 contain an improper access control vulnerability. A remote read only user could potentially exploit this vulnerability to perform add/delete QoS policies which are disabled by default.\n\n7.1https://nvd.nist.gov/vuln/detail/CVE-2022-34453
CVE-2023-25600An issue was discovered in InsydeH2O. A malicious operating system can tamper with a runtime-writable EFI variable, leading to out-of-bounds memory reads and a denial of service. This is fixed in version 01.01.04.0016.7.1https://nvd.nist.gov/vuln/detail/CVE-2023-25600
CVE-2023-36876Reliability Analysis Metrics Calculation (RacTask) Elevation of Privilege Vulnerability7.1https://nvd.nist.gov/vuln/detail/CVE-2023-36876
CVE-2023-35391ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability7.1https://nvd.nist.gov/vuln/detail/CVE-2023-35391
CVE-2021-4083A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system. This flaw affects Linux kernel versions prior to 5.16-rc4.7https://nvd.nist.gov/vuln/detail/CVE-2021-4083
CVE-2021-4202A use-after-free flaw was found in nci_request in net/nfc/nci/core.c in NFC Controller Interface (NCI) in the Linux kernel. This flaw could allow a local attacker with user privileges to cause a data race problem while the device is getting removed, leading to a privilege escalation problem.7https://nvd.nist.gov/vuln/detail/CVE-2021-4202
CVE-2022-1048A use-after-free flaw was found in the Linux kernel’s sound subsystem in the way a user triggers concurrent calls of PCM hw_params. The hw_free ioctls or similar race condition happens inside ALSA PCM for other ioctls. This flaw allows a local user to crash or potentially escalate their privileges on the system.7https://nvd.nist.gov/vuln/detail/CVE-2022-1048
CVE-2022-1729A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kernel address information leak, arbitrary execution, etc.7https://nvd.nist.gov/vuln/detail/CVE-2022-1729
CVE-2023-35823An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in saa7134_finidev in drivers/media/pci/saa7134/saa7134-core.c.7https://nvd.nist.gov/vuln/detail/CVE-2023-35823
CVE-2023-35824An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105_remove in drivers/media/pci/dm1105/dm1105.c.7https://nvd.nist.gov/vuln/detail/CVE-2023-35824
CVE-2023-35826An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in cedrus_remove in drivers/staging/media/sunxi/cedrus/cedrus.c.7https://nvd.nist.gov/vuln/detail/CVE-2023-35826
CVE-2023-35827An issue was discovered in the Linux kernel through 6.3.8. A use-after-free was found in ravb_remove in drivers/net/ethernet/renesas/ravb_main.c.7https://nvd.nist.gov/vuln/detail/CVE-2023-35827
CVE-2023-35828An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in renesas_usb3_remove in drivers/usb/gadget/udc/renesas_usb3.c.7https://nvd.nist.gov/vuln/detail/CVE-2023-35828
CVE-2023-35829An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in rkvdec_remove in drivers/staging/media/rkvdec/rkvdec.c.7https://nvd.nist.gov/vuln/detail/CVE-2023-35829
CVE-2023-35378Windows Projected File System Elevation of Privilege Vulnerability7https://nvd.nist.gov/vuln/detail/CVE-2023-35378
CVE-2023-38176Azure Arc-Enabled Servers Elevation of Privilege Vulnerability7https://nvd.nist.gov/vuln/detail/CVE-2023-38176
CVE-2019-19527In the Linux kernel before 5.2.10, there is a use-after-free bug that can be caused by a malicious USB device in the drivers/hid/usbhid/hiddev.c driver, aka CID-9c09b214f30e.6.8https://nvd.nist.gov/vuln/detail/CVE-2019-19527
CVE-2023-33952A double-free vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of vmw_buffer_object objects. The issue results from the lack of validating the existence of an object prior to performing further free operations on the object. This flaw allows a local privileged user to escalate privileges and execute code in the context of the kernel.6.7https://nvd.nist.gov/vuln/detail/CVE-2023-33952
CVE-2021-31207Microsoft Exchange Server Security Feature Bypass Vulnerability6.6https://nvd.nist.gov/vuln/detail/CVE-2021-31207
CVE-2020-27736A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). The DNS domain name label parsing functionality does not properly validate the null-terminated name in DNS-responses. The parsing of malformed responses could result in a read past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to cause a denial-of-service condition or leak the read memory.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-27736
CVE-2020-27737A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). The DNS response parsing functionality does not properly validate various length and counts of the records. The parsing of malformed responses could result in a read past the end of an allocated structure. An attacker with a privileged position in the network could leverage this vulnerability to cause a denial-of-service condition or leak the memory past the allocated structure.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-27737
CVE-2021-26421Skype for Business and Lync Spoofing Vulnerability6.5https://nvd.nist.gov/vuln/detail/CVE-2021-26421
CVE-2021-31195Microsoft Exchange Server Remote Code Execution Vulnerability6.5https://nvd.nist.gov/vuln/detail/CVE-2021-31195
CVE-2021-31209Microsoft Exchange Server Spoofing Vulnerability6.5https://nvd.nist.gov/vuln/detail/CVE-2021-31209
CVE-2022-0579Missing Authorization in Packagist snipe/snipe-it prior to 5.3.9.\n\n6.5https://nvd.nist.gov/vuln/detail/CVE-2022-0579
CVE-2022-0588Missing Authorization in Packagist librenms/librenms prior to 22.2.0.\n\n6.5https://nvd.nist.gov/vuln/detail/CVE-2022-0588
CVE-2022-1223Incorrect Authorization in GitHub repository phpipam/phpipam prior to 1.4.6.\n\n6.5https://nvd.nist.gov/vuln/detail/CVE-2022-1223
CVE-2022-0404The Material Design for Contact Form 7 WordPress plugin through 2.6.4 does not check authorization or that the option mentioned in the notice param belongs to the plugin when processing requests to the cf7md_dismiss_notice action, allowing any logged in user (with roles as low as Subscriber) to set arbitrary options to true, potentially leading to Denial of Service by breaking the site.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-0404
CVE-2022-1551The SP Project & Document Manager WordPress plugin before 4.58 uses an easily guessable path to store user files, bad actors could use that to access other users' sensitive files.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-1551
CVE-2022-3423Allocation of Resources Without Limits or Throttling in GitHub repository nocodb/nocodb prior to 0.92.0.\n\n6.5https://nvd.nist.gov/vuln/detail/CVE-2022-3423
CVE-2021-35226An entity in Network Configuration Manager product is misconfigured and exposing password field to Solarwinds Information Service (SWIS). Exposed credentials are encrypted and require authenticated access with an NCM role.\n\n6.5https://nvd.nist.gov/vuln/detail/CVE-2021-35226
CVE-2022-3082The miniOrange Discord Integration WordPress plugin before 2.1.6 does not have authorisation and CSRF in some of its AJAX actions, allowing any logged in users, such as subscriber to call them, and disable the app for example6.5https://nvd.nist.gov/vuln/detail/CVE-2022-3082
CVE-2022-45937A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). A low privilege authenticated attacker with network access to the integrated web server could download sensitive information from the device containing user account credentials.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-45937
CVE-2023-21719Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability6.5https://nvd.nist.gov/vuln/detail/CVE-2023-21719
CVE-2022-3411A lack of length validation in GitLab CE/EE affecting all versions from 12.4 before 15.6.7, 15.7 before 15.7.6, and 15.8 before 15.8.1 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, saturates CPU usage.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-3411
CVE-2023-23838Directory traversal and file enumeration vulnerability which allowed users to enumerate to different folders of the server.\n\n6.5https://nvd.nist.gov/vuln/detail/CVE-2023-23838
CVE-2023-23839The SolarWinds Platform was susceptible to the Exposure of Sensitive Information Vulnerability. This vulnerability allows users to access Orion.WebCommunityStrings SWIS schema object and obtain sensitive information.\n\n6.5https://nvd.nist.gov/vuln/detail/CVE-2023-23839
CVE-2023-2886Missing Origin Validation in WebSockets vulnerability in CBOT Chatbot allows Content Spoofing Via Application API Manipulation.This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.\n\n6.5https://nvd.nist.gov/vuln/detail/CVE-2023-2886
CVE-2023-33460There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. which will cause out-of-memory in server and cause crash.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-33460
CVE-2023-33140Microsoft OneNote Spoofing Vulnerability6.5https://nvd.nist.gov/vuln/detail/CVE-2023-33140
CVE-2023-34462Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `SniHandler` can allocate up to 16MB of heap for each channel during the TLS handshake. When the handler or the channel does not have an idle timeout, it can be used to make a TCP server using the `SniHandler` to allocate 16MB of heap. The `SniHandler` class is a handler that waits for the TLS handshake to configure a `SslHandler` according to the indicated server name by the `ClientHello` record. For this matter it allocates a `ByteBuf` using the value defined in the `ClientHello` record. Normally the value of the packet should be smaller than the handshake packet but there are not checks done here and the way the code is written, it is possible to craft a packet that makes the `SslClientHelloHandler`. This vulnerability has been fixed in version 4.1.94.Final.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-34462
CVE-2023-3338A null pointer dereference flaw was found in the Linux kernel's DECnet networking protocol. This issue could allow a remote user to crash the system.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-3338
CVE-2023-2727Users may be able to launch containers using images that are restricted by ImagePolicyWebhook when using ephemeral containers. Kubernetes clusters are only affected if the ImagePolicyWebhook admission plugin is used together with ephemeral containers.\n\n6.5https://nvd.nist.gov/vuln/detail/CVE-2023-2727
CVE-2023-2728Users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using ephemeral containers. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the `kubernetes.io/enforce-mountable-secrets` annotation are used together with ephemeral containers.\n\n6.5https://nvd.nist.gov/vuln/detail/CVE-2023-2728
CVE-2023-3618A flaw was found in libtiff. A specially crafted tiff file can lead to a segmentation fault due to a buffer overflow in the Fax3Encode function in libtiff/tif_fax3.c, resulting in a denial of service.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-3618
CVE-2023-3019A DMA reentrancy issue leading to a use-after-free error was found in the e1000e NIC emulation code in QEMU. This issue could allow a privileged guest user to crash the QEMU process on the host, resulting in a denial of service.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-3019
CVE-2023-21405\nKnud from Fraktal.fi has found a flaw in some Axis Network Door Controllers and Axis Network\nIntercoms when communicating over OSDP, highlighting that the OSDP message parser crashes\nthe pacsiod process, causing a temporary unavailability of the door-controlling functionalities\nmeaning that doors cannot be opened or closed. No sensitive or customer data can be extracted\nas the Axis device is not further compromised. Please refer to the Axis security advisory for more information, mitigation and affected products and software versions.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-21405
CVE-2023-34189Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.7.0. The attacker could use general users to delete and update the process, which only the admin can operate occurrences. \n\nUsers are advised to upgrade to Apache InLong's 1.8.0 or cherry-pick https://github.com/apache/inlong/pull/8109  to solve it.\n\n6.5https://nvd.nist.gov/vuln/detail/CVE-2023-34189
CVE-2023-35942Envoy is an open source edge and service proxy designed for cloud-native applications. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, gRPC access loggers using listener's global scope can cause a `use-after-free` crash when the listener is drained. Versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12 have a fix for this issue. As a workaround, disable gRPC access log or stop listener update.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-35942
CVE-2023-36826Sentry is an error tracking and performance monitoring platform. Starting in version 8.21.0 and prior to version 23.5.2, an authenticated user can download a debug or artifact bundle from arbitrary organizations and projects with a known bundle ID. The user does not need to be a member of the organization or have permissions on the project. A patch was issued in version 23.5.2 to ensure authorization checks are properly scoped on requests to retrieve debug or artifact bundles. Authenticated users who do not have the necessary permissions on the particular project are no longer able to download them. Sentry SaaS users do not need to take any action. Self-Hosted Sentry users should upgrade to version 23.5.2 or higher.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-36826
CVE-2022-46900An issue was discovered in Vocera Report Server and Voice Server 5.x through 5.8. There is Path Traversal in the Task Exec filename. The Vocera Report Console contains various jobs that are executed on the server at specified intervals, e.g., backup, etc. An authenticated user has the ability to modify these entries and set the executable path and parameters.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-46900
CVE-2023-38502TDengine is an open source, time-series database optimized for Internet of Things devices. Prior to version 3.0.7.1, TDengine DataBase crashes on UDF nested query. This issue affects TDengine Databases which let users connect and run arbitrary queries. Version 3.0.7.1 has a patch for this issue.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-38502
CVE-2023-38503Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 10.3.0 and prior to version 10.5.0, the permission filters (i.e. `user_created IS $CURRENT_USER`) are not properly checked when using GraphQL subscription resulting in unauthorized users getting event on their subscription which they should not be receiving according to the permissions. This can be any collection but out-of-the box the `directus_users` collection is configured with such a permissions filter allowing you to get updates for other users when changes happen. Version 10.5.0 contains a patch. As a workaround, disable GraphQL subscriptions.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-38503
CVE-2023-20891The VMware Tanzu Application Service for VMs and Isolation Segment contain an information disclosure vulnerability due to the logging of credentials in hex encoding in platform system audit logs. A malicious non-admin user who has access to the platform system audit logs can access hex encoded CF API admin credentials and can push new malicious versions of an application. In a default deployment non-admin users do not have access to the platform system audit logs.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-20891
CVE-2022-43712POST requests to /web/mvc in GX Software XperienCentral version 10.36.0 and earlier were not blocked for uses that are not logged in. If an unauthorized user is able to bypass other security filters they are able to post unauthorized data to the server because of CVE-2022-22965.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-43712
CVE-2023-38133The issue was addressed with improved checks. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, iOS 16.6 and iPadOS 16.6, tvOS 16.6, macOS Ventura 13.5, Safari 16.6, watchOS 9.6. Processing web content may disclose sensitive information.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-38133
CVE-2023-0958Several plugins for WordPress by Inisev are vulnerable to unauthorized installation of plugins due to a missing capability check on the handle_installation function that is called via the inisev_installation AJAX aciton in various versions. This makes it possible for authenticated attackers with minimal permissions, such as subscribers, to install select plugins from Inisev on vulnerable sites. CVE-2023-38514 appears to be a duplicate of this vulnerability.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-0958
CVE-2023-32654A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.5. A user may be able to read information belonging to another user.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-32654
CVE-2023-38599A logic issue was addressed with improved state management. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. A website may be able to track sensitive user information.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-38599
CVE-2023-38498Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, a malicious user can prevent the defer queue from proceeding promptly on sites hosted in the same multisite installation. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. There are no known workarounds for this vulnerability. Users of multisite configurations should upgrade.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-38498
CVE-2021-4323Insufficient validation of untrusted input in Extensions in Google Chrome prior to 90.0.4430.72 allowed an attacker who convinced a user to install a malicious extension to access local files via a crafted Chrome Extension. (Chromium security severity: Medium)6.5https://nvd.nist.gov/vuln/detail/CVE-2021-4323
CVE-2021-4324Insufficient policy enforcement in Google Update in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to read arbitrary files via a malicious file. (Chromium security severity: Medium)6.5https://nvd.nist.gov/vuln/detail/CVE-2021-4324
CVE-2022-4911Insufficient data validation in DevTools in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)6.5https://nvd.nist.gov/vuln/detail/CVE-2022-4911
CVE-2022-4913Inappropriate implementation in Extensions in Google Chrome prior to 105.0.5195.52 allowed a remote attacker who had compromised the renderer process to spoof extension storage via a crafted HTML page. (Chromium security severity: High)6.5https://nvd.nist.gov/vuln/detail/CVE-2022-4913
CVE-2022-4915Inappropriate implementation in URL Formatting in Google Chrome prior to 103.0.5060.134 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Medium)6.5https://nvd.nist.gov/vuln/detail/CVE-2022-4915
CVE-2022-4922Inappropriate implementation in Blink in Google Chrome prior to 99.0.4844.51 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)6.5https://nvd.nist.gov/vuln/detail/CVE-2022-4922
CVE-2022-4925Insufficient validation of untrusted input in QUIC in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to perform header splitting via malicious network traffic. (Chromium security severity: Low)6.5https://nvd.nist.gov/vuln/detail/CVE-2022-4925
CVE-2022-4926Insufficient policy enforcement in Intents in Google Chrome on Android prior to 109.0.5414.119 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)6.5https://nvd.nist.gov/vuln/detail/CVE-2022-4926
CVE-2023-2311Insufficient policy enforcement in File System API in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium)6.5https://nvd.nist.gov/vuln/detail/CVE-2023-2311
CVE-2023-2314Insufficient data validation in DevTools in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)6.5https://nvd.nist.gov/vuln/detail/CVE-2023-2314
CVE-2023-32226Sysaid - CWE-552: Files or Directories Accessible to External Parties - \n\nAuthenticated users may exfiltrate files from the server via an unspecified method.\n\n6.5https://nvd.nist.gov/vuln/detail/CVE-2023-32226
CVE-2023-37216\n\n AnaSystem SensMini M4 – Using the configuration tool, an authenticated user can cause Denial of Service for the device\n\n6.5https://nvd.nist.gov/vuln/detail/CVE-2023-37216
CVE-2023-35016IBM Security Verify Governance, Identity Manager 10.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 257772.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-35016
CVE-2023-24971\nIBM B2B Advanced Communications 1.0.0.0 and IBM Multi-Enterprise Integration Gateway 1.0.0.1 could allow a user to cause a denial of service due to the deserializing of untrusted serialized Java objects. IBM X-Force ID: 246976.\n\n6.5https://nvd.nist.gov/vuln/detail/CVE-2023-24971
CVE-2022-4888The Checkout Fields Manager WordPress plugin before 1.0.2, Abandoned Cart Recovery WordPress plugin before 1.2.5, Custom Fields for WooCommerce WordPress plugin before 1.0.4, Custom Order Number WordPress plugin through 1.0.1, Custom Registration Forms Builder WordPress plugin before 1.0.2, Advanced Free Gifts WordPress plugin before 1.0.2, Gift Registry for WooCommerce WordPress plugin through 1.0.1, Image Watermark for WooCommerce WordPress plugin before 1.0.1, Order Approval for WooCommerce WordPress plugin before 1.1.0, Order Tracking for WooCommerce WordPress plugin before 1.0.2, Price Calculator for WooCommerce WordPress plugin through 1.0.3, Product Dynamic Pricing and Discounts WordPress plugin through 1.0.6, Product Labels and Stickers WordPress plugin through 1.0.1 have flawed CSRF checks in various places, which could allow attackers to make logged in users perform unwanted actions6.5https://nvd.nist.gov/vuln/detail/CVE-2022-4888
CVE-2023-3345The LMS by Masteriyo WordPress plugin before 1.6.8 does not properly safeguards sensitive user information, like other user's email addresses, making it possible for any students to leak them via some of the plugin's REST API endpoints.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-3345
CVE-2023-3507The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when canceling pre-orders, which could allow attackers to make logged in admins cancel arbitrary pre-orders via a CSRF attack6.5https://nvd.nist.gov/vuln/detail/CVE-2023-3507
CVE-2023-3508The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when processing its tab actions, which could allow attackers to make logged in admins email pre-orders customer, change the released date, mark all pre-orders of a specific product as complete or cancel via CSRF attacks6.5https://nvd.nist.gov/vuln/detail/CVE-2023-3508
CVE-2020-21881Cross Site Request Forgery (CSRF) vulnerability in admin.php in DuxCMS 2.1 allows remote attackers to modtify application data via article/admin/content/add.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-21881
CVE-2023-4052The Firefox updater created a directory writable by non-privileged users. When uninstalling Firefox, any files in that directory would be recursively deleted with the permissions of the uninstalling user account. This could be combined with creation of a junction (a form of symbolic link) to allow arbitrary file deletion controlled by the non-privileged user. \n*This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 116, Firefox ESR < 115.1, and Thunderbird < 115.1.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-4052
CVE-2023-4053A website could have obscured the full screen notification by using a URL with a scheme handled by an external program, such as a mailto URL. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 116.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-4053
CVE-2023-31426\n\n\nThe Brocade Fabric OS Commands “configupload” and “configdownload” before Brocade Fabric OS v9.1.1c, v8.2.3d, v9.2.0 print scp, sftp, ftp servers passwords in supportsave. This could allow a remote authenticated attacker to access sensitive information.\n\n\n\n\n\n6.5https://nvd.nist.gov/vuln/detail/CVE-2023-31426
CVE-2023-3385An issue has been discovered in GitLab affecting all versions starting from 8.10 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. Under specific circumstances, a user importing a project 'from export' could access and read unrelated files via uploading a specially crafted file. This was due to a bug in `tar`, fixed in [`tar-1.35`](https://lists.gnu.org/archive/html/info-gnu/2023-07/msg00005.html).6.5https://nvd.nist.gov/vuln/detail/CVE-2023-3385
CVE-2023-3401An issue has been discovered in GitLab affecting all versions before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. The main branch of a repository with a specially designed name allows an attacker to create repositories with malicious code.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-3401
CVE-2023-23476IBM Robotic Process Automation 21.0.0 through 21.0.7.latest is vulnerable to unauthorized access to data due to insufficient authorization validation on some API routes. IBM X-Force ID: 245425.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-23476
CVE-2023-29407A maliciously-crafted image can cause excessive CPU consumption in decoding. A tiled image with a height of 0 and a very large width can cause excessive CPU consumption, despite the image size (width * height) appearing to be zero.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-29407
CVE-2023-29408The TIFF decoder does not place a limit on the size of compressed tile data. A maliciously-crafted image can exploit this to cause a small image (both in terms of pixel width/height, and encoded size) to make the decoder decode large amounts of compressed data, consuming excessive memory and CPU.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-29408
CVE-2023-3329SpiderControl SCADA Webserver versions 2.08 and prior are vulnerable to path traversal. An attacker with administrative privileges could overwrite files on the webserver using the HMI's upload file feature. This could create size zero files anywhere on the webserver, potentially overwriting system files and creating a denial-of-service condition.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-3329
CVE-2023-33368Some API routes exists in Control ID IDSecure 4.7.26.0 and prior, exfiltrating sensitive information and passwords to users accessing these API routes.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-33368
CVE-2023-4124Missing Authorization in GitHub repository answerdev/answer prior to v1.1.1.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-4124
CVE-2023-3932An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-3932
CVE-2023-37545In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37546, CVE-2023-37547, CVE-2023-37548, CVE-2023-37549, CVE-2023-37550\n\n6.5https://nvd.nist.gov/vuln/detail/CVE-2023-37545
CVE-2023-37546In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37547, CVE-2023-37548, CVE-2023-37549 and CVE-2023-37550\n\n6.5https://nvd.nist.gov/vuln/detail/CVE-2023-37546
CVE-2023-37547In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37546, CVE-2023-37548, CVE-2023-37549 and CVE-2023-37550\n\n6.5https://nvd.nist.gov/vuln/detail/CVE-2023-37547
CVE-2023-37548In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37546, CVE-2023-37547, CVE-2023-37549 and CVE-2023-37550\n\n6.5https://nvd.nist.gov/vuln/detail/CVE-2023-37548
CVE-2023-37549In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37546, CVE-2023-37547, CVE-2023-37548 and CVE-2023-37550\n\n6.5https://nvd.nist.gov/vuln/detail/CVE-2023-37549
CVE-2023-37550In multiple Codesys products in multiple versions, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpApp component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37545, CVE-2023-37546, CVE-2023-37547, CVE-2023-37548 and CVE-2023-37549.\n\n6.5https://nvd.nist.gov/vuln/detail/CVE-2023-37550
CVE-2023-37551In multiple Codesys products in multiple versions, after successful authentication as a user, specially crafted network communication requests can utilize the CmpApp component to download files with any file extensions to the controller. In contrast to the regular file download via CmpFileTransfer, no filtering of certain file types is performed here. As a result, the integrity of the CODESYS control runtime system may be compromised by the files loaded onto the controller.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-37551
CVE-2023-37552In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37553, CVE-2023-37554, CVE-2023-37555 and CVE-2023-37556.\n\n6.5https://nvd.nist.gov/vuln/detail/CVE-2023-37552
CVE-2023-37553In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37552, CVE-2023-37554, CVE-2023-37555 and CVE-2023-37556.\n\n6.5https://nvd.nist.gov/vuln/detail/CVE-2023-37553
CVE-2023-37554In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37552, CVE-2023-37553, CVE-2023-37555 and CVE-2023-37556.\n\n6.5https://nvd.nist.gov/vuln/detail/CVE-2023-37554
CVE-2023-37555In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37552, CVE-2023-37553, CVE-2023-37554 and CVE-2023-37556.\n\n6.5https://nvd.nist.gov/vuln/detail/CVE-2023-37555
CVE-2023-37556In multiple versions of multiple Codesys products, after successful authentication as a user, specific crafted network communication requests with inconsistent content can cause the CmpAppBP component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-37552, CVE-2023-37553, CVE-2023-37554 and CVE-2023-37555.\n\n6.5https://nvd.nist.gov/vuln/detail/CVE-2023-37556
CVE-2023-37557After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted remote communication requests can cause the CmpAppBP component to overwrite a heap-based buffer, which can lead to a denial-of-service condition.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-37557
CVE-2023-37558After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-375596.5https://nvd.nist.gov/vuln/detail/CVE-2023-37558
CVE-2023-37559After successful authentication as a user in multiple Codesys products in multiple versions, specific crafted network communication requests with inconsistent content can cause the CmpAppForce component to read internally from an invalid address, potentially leading to a denial-of-service condition. This vulnerability is different to CVE-2023-375586.5https://nvd.nist.gov/vuln/detail/CVE-2023-37559
CVE-2022-26838Path traversal vulnerability in Importing Mobile Device Data of Cybozu Remote Service 3.1.2 allows a remote authenticated attacker to cause a denial-of-service (DoS) condition.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-26838
CVE-2023-3180A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of `src_len` and `dst_len` in virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the two values differ.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-3180
CVE-2023-4138Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.8.0.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-4138
CVE-2023-4002An issue has been discovered in GitLab EE affecting all versions starting from 14.1 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for EE-licensed users to link any security policy project by its ID to projects or groups the user has access to, potentially revealing the security projects's configured security policies.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-4002
CVE-2022-41401OpenRefine <= v3.5.2 contains a Server-Side Request Forgery (SSRF) vulnerability, which permits unauthorized users to exploit the system, potentially leading to unauthorized access to internal resources and sensitive file disclosure.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-41401
CVE-2023-39112ECShop v4.1.16 contains an arbitrary file deletion vulnerability in the Admin Panel.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-39112
CVE-2023-38157Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability6.5https://nvd.nist.gov/vuln/detail/CVE-2023-38157
CVE-2023-35376Microsoft Message Queuing Denial of Service Vulnerability6.5https://nvd.nist.gov/vuln/detail/CVE-2023-35376
CVE-2023-35377Microsoft Message Queuing Denial of Service Vulnerability6.5https://nvd.nist.gov/vuln/detail/CVE-2023-35377
CVE-2023-35389Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability6.5https://nvd.nist.gov/vuln/detail/CVE-2023-35389
CVE-2023-36890Microsoft SharePoint Server Information Disclosure Vulnerability6.5https://nvd.nist.gov/vuln/detail/CVE-2023-36890
CVE-2023-36893Microsoft Outlook Spoofing Vulnerability6.5https://nvd.nist.gov/vuln/detail/CVE-2023-36893
CVE-2023-36894Microsoft SharePoint Server Information Disclosure Vulnerability6.5https://nvd.nist.gov/vuln/detail/CVE-2023-36894
CVE-2023-36909Microsoft Message Queuing Denial of Service Vulnerability6.5https://nvd.nist.gov/vuln/detail/CVE-2023-36909
CVE-2023-36913Microsoft Message Queuing Information Disclosure Vulnerability6.5https://nvd.nist.gov/vuln/detail/CVE-2023-36913
CVE-2023-38254Microsoft Message Queuing Denial of Service Vulnerability6.5https://nvd.nist.gov/vuln/detail/CVE-2023-38254
CVE-2023-1611A use-after-free flaw was found in btrfs_search_slot in fs/btrfs/ctree.c in btrfs in the Linux Kernel.This flaw allows an attacker to crash the system and possibly cause a kernel information lea6.3https://nvd.nist.gov/vuln/detail/CVE-2023-1611
CVE-2023-1855A use-after-free flaw was found in xgene_hwmon_remove in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon). This flaw could allow a local attacker to crash the system due to a race problem. This vulnerability could even lead to a kernel information leak problem.6.3https://nvd.nist.gov/vuln/detail/CVE-2023-1855
CVE-2023-38745Pandoc before 3.1.6 allows arbitrary file write: this can be triggered by providing a crafted image element in the input when generating files via the --extract-media option or outputting to PDF format. This allows an attacker to create or overwrite arbitrary files, depending on the privileges of the process running Pandoc. It only affects systems that pass untrusted user input to Pandoc and allow Pandoc to be used to produce a PDF or with the --extract-media option. NOTE: this issue exists because of an incomplete fix for CVE-2023-35936 (failure to properly account for double encoded path names).6.3https://nvd.nist.gov/vuln/detail/CVE-2023-38745
CVE-2023-2685A vulnerability was found in AO-OPC server versions mentioned above. As the directory information for the service entry is not enclosed in quotation marks, potential attackers could possibly call up another application than the AO-OPC server by starting the service. The service might be started with system user privileges which could cause a shift in user access privileges.\n\nIt is unlikely to exploit the vulnerability in well maintained Windows installations since the attacker would need write access to system folders.\n\nAn update is available that resolves the vulnerability found during an internal review in the product AO-OPC = 3.2.1 \n6.3https://nvd.nist.gov/vuln/detail/CVE-2023-2685
CVE-2022-4909Inappropriate implementation in XML in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to potentially perform an ASLR bypass via a crafted HTML page. (Chromium security severity: Low)6.3https://nvd.nist.gov/vuln/detail/CVE-2022-4909
CVE-2023-3739Insufficient validation of untrusted input in Chromad in Google Chrome on ChromeOS prior to 115.0.5790.131 allowed a remote attacker to execute arbitrary code via a crafted shell script. (Chromium security severity: Low)6.3https://nvd.nist.gov/vuln/detail/CVE-2023-3739
CVE-2023-36869Azure DevOps Server Spoofing Vulnerability6.3https://nvd.nist.gov/vuln/detail/CVE-2023-36869
CVE-2018-20982The media-library-assistant plugin before 2.74 for WordPress has XSS via the Media/Assistant or Settings/Media Library assistant admin submenu screens.6.1https://nvd.nist.gov/vuln/detail/CVE-2018-20982
CVE-2020-11731The Media Library Assistant plugin before 2.82 for Wordpress suffers from multiple XSS vulnerabilities in all Settings/Media Library Assistant tabs, which allow remote authenticated users to execute arbitrary JavaScript.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-11731
CVE-2021-28359The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions <1.10.15 in 1.x series and affects 2.0.0 and 2.0.1 and 2.x series. This is the same as CVE-2020-13944 & CVE-2020-17515 but the implemented fix did not fix the issue completely. Update to Airflow 1.10.15 or 2.0.2. Please also update your Python version to the latest available PATCH releases of the installed MINOR versions, example update to Python 3.6.13 if you are on Python 3.6. (Those contain the fix for CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336).6.1https://nvd.nist.gov/vuln/detail/CVE-2021-28359
CVE-2021-28461Dynamics Finance and Operations Cross-site Scripting Vulnerability6.1https://nvd.nist.gov/vuln/detail/CVE-2021-28461
CVE-2021-35232Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability to steal the password hashes of the users or insert arbitrary data into the database.\n\n6.1https://nvd.nist.gov/vuln/detail/CVE-2021-35232
CVE-2021-24909The ACF Photo Gallery Field WordPress plugin before 1.7.5 does not sanitise and escape the post parameter in the includes/acf_photo_gallery_metabox_edit.php file before outputing back in an attribute, leading to a Reflected Cross-Site Scripting issue6.1https://nvd.nist.gov/vuln/detail/CVE-2021-24909
CVE-2022-36965Insufficient sanitization of inputs in QoE application input field could lead to stored and Dom based XSS attack. This issue is fixed and released in SolarWinds Platform (2022.3.0).\n\n6.1https://nvd.nist.gov/vuln/detail/CVE-2022-36965
CVE-2022-38114This vulnerability occurs when a web server fails to correctly process the Content-Length of POST requests. This can lead to HTTP request smuggling or XSS.\n\n6.1https://nvd.nist.gov/vuln/detail/CVE-2022-38114
CVE-2022-47509The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject HTML.\n\n6.1https://nvd.nist.gov/vuln/detail/CVE-2022-47509
CVE-2023-1890The Tablesome WordPress plugin before 1.0.9 does not escape various generated URLs, before outputting them in attributes when some notices are displayed, leading to Reflected Cross-Site Scripting6.1https://nvd.nist.gov/vuln/detail/CVE-2023-1890
CVE-2023-2605The wpbrutalai WordPress plugin before 2.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against a logged in high privilege users such as admin.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-2605
CVE-2023-3139The Protect WP Admin WordPress plugin before 4.0 discloses the URL of the admin panel via a redirection of a crafted URL, bypassing the protection offered.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3139
CVE-2023-37150Sourcecodester Online Pizza Ordering System v1.0 has a Cross-site scripting (XSS) vulnerability in "/admin/index.php?page=categories" Category item.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-37150
CVE-2023-37153KodExplorer 4.51 contains a Cross-Site Scripting (XSS) vulnerability in the Description box of the Light App creation feature. An attacker can exploit this vulnerability by injecting XSS syntax into the Description field.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-37153
CVE-2023-33231XSS attack was possible in DPA 2023.2 due to insufficient input validation6.1https://nvd.nist.gov/vuln/detail/CVE-2023-33231
CVE-2023-32624Cross-site scripting vulnerability in TS Webfonts for SAKURA 3.1.0 and earlier allows a remote unauthenticated attacker to inject an arbitrary script.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-32624
CVE-2023-25841\nThere is a stored Cross-site Scripting vulnerability in Esri ArcGIS Server versions 10.8.1 – 11.0 on Windows and Linux platforms that may allow a remote, unauthenticated attacker to create crafted content which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.\n\nMitigation: Disable anonymous access to ArcGIS Feature services with edit capabilities.\n\n\n6.1https://nvd.nist.gov/vuln/detail/CVE-2023-25841
CVE-2023-36501Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Michael Winkler teachPress plugin <= 9.0.2 versions.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-36501
CVE-2023-38435\nAn improper neutralization of input during web page generation ('Cross-site Scripting') [CWE-79] vulnerability in Apache Felix Healthcheck Webconsole Plugin version 2.0.2 and prior may allow an attacker to perform a reflected cross-site scripting (XSS) attack.\n\nUpgrade to Apache Felix Healthcheck Webconsole Plugin 2.1.0 or higher.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-38435
CVE-2020-35698Thinkific Thinkific Online Course Creation Platform 1.0 is affected by: Cross Site Scripting (XSS). The impact is: execute arbitrary code (remote). The component is: Affected Source code of the website CMS which is been used by many to host their online courses using the Thinkific Platform. The attack vector is: To exploit the vulnerability any user has to just visit the link - https://hacktify.thinkific.com/account/billing?success=%E2%80%AA%3Cscript%3Ealert(1)%3C/script%3E. ¶¶ Thinkific is a Website based Learning Platform Product which is used by thousands of users worldwide. There is a Cross Site Scripting (XSS) based vulnerability in the code of the CMS where any attacker can execute a XSS attack. Proof of Concept & Steps to Reproduce: Step1 : Go to Google.com Step 2 : Search for this Dork site:thinkific.com -www Step 3 : You will get a list of websites which are running on the thinkific domains. Step 4 : Create account and signin in any of the website Step 5 : Add this endpoint at the end of the domain and you will see that there is a XSS Alert /account/billing?success=%E2%80%AA--redacted-- Step 6 : Choose any domains from google for any website this exploit will work on all the websites as it is a code based flaw in the CMS Step 7 : Thousands of websites are vulnerable due to this vulnerable code in the CMS itself which is giving rise to the XSS attack6.1https://nvd.nist.gov/vuln/detail/CVE-2020-35698
CVE-2022-31458RTX TRAP v1.0 was discovered to be vulnerable to host header poisoning.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-31458
CVE-2023-38500TYPO3 HTML Sanitizer is an HTML sanitizer, written in PHP, aiming to provide cross-site-scripting-safe markup based on explicitly allowed tags, attributes and values. Starting in version 1.0.0 and prior to versions 1.5.1 and 2.1.2, due to an encoding issue in the serialization layer, malicious markup nested in a `noscript` element was not encoded correctly. `noscript` is disabled in the default configuration, but might have been enabled in custom scenarios. This allows bypassing the cross-site scripting mechanism of TYPO3 HTML Sanitizer. Versions 1.5.1 and 2.1.2 fix the problem.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-38500
CVE-2023-38501copyparty is file server software. Prior to version 1.8.7, the application contains a reflected cross-site scripting via URL-parameter `?k304=...` and `?setck=...`. The worst-case outcome of this is being able to move or delete existing files on the server, or upload new files, using the account of the person who clicks the malicious link. It is recommended to change the passwords of one's copyparty accounts, unless one have inspected one's logs and found no trace of attacks. Version 1.8.7 contains a patch for the issue.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-38501
CVE-2023-3945A vulnerability was found in phpscriptpoint Lawyer 1.6. It has been classified as problematic. This affects an unknown part of the file search.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The identifier VDB-235401 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3945
CVE-2023-3946\nA reflected cross-site scripting (XSS) vulnerability in ePO prior to 5.10 SP1 Update 1allows a remote unauthenticated attacker to potentially obtain access to an ePO administrator's session by convincing the authenticated ePO administrator to click on a carefully crafted link. This would lead to limited access to sensitive information and limited ability to alter some information in ePO.\n\n\n6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3946
CVE-2022-43711Interactive Forms (IAF) in GX Software XperienCentral versions 10.29.1 until 10.33.0 was vulnerable to cross site scripting attacks (XSS) because the CSP header uses eval() in the script-src.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-43711
CVE-2023-37624Netdisco before v2.063000 was discovered to contain an open redirect vulnerability. An attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-37624
CVE-2023-28013HCL Verse is susceptible to a Reflected Cross Site Scripting (XSS) vulnerability. By tricking a user into entering crafted markup a remote, unauthenticated attacker could execute script in a victim's web browser to perform operations as the victim and/or steal the victim's cookies, session tokens, or other sensitive information.\n6.1https://nvd.nist.gov/vuln/detail/CVE-2023-28013
CVE-2023-37981Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPKube Authors List plugin <= 2.0.2 versions.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-37981
CVE-2023-37894Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RadiusTheme Variation Images Gallery for WooCommerce plugin <= 2.3.3 versions.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-37894
CVE-2023-37975Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RadiusTheme Variation Swatches for WooCommerce plugin <= 2.3.7 versions.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-37975
CVE-2023-37976Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Radio Forge Muses Player with Skins plugin <= 2.5 versions.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-37976
CVE-2023-37977Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPFunnels Team Drag & Drop Sales Funnel Builder for WordPress – WPFunnels plugin <= 2.7.16 versions.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-37977
CVE-2023-37979Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Saturday Drive Ninja Forms Contact Form plugin <= 3.6.25 versions.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-37979
CVE-2023-3973Cross-site Scripting (XSS) - Reflected in GitHub repository jgraph/drawio prior to 21.6.3.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3973
CVE-2021-36580Open Redirect vulnerability exists in IceWarp MailServer IceWarp Server Deep Castle 2 Update 1 (13.0.1.2) via the referer parameter.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-36580
CVE-2023-36941A cross-site scripting (XSS) vulnerability in PHPGurukul Online Fire Reporting System Using PHP and MySQL 1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the team name, leader, and member fields.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-36941
CVE-2022-31200Atmail 5.62 allows XSS via the mail/parse.php?file=html/$this-%3ELanguage/help/filexp.html&FirstLoad=1&HelpFile=file.html Search Terms field.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-31200
CVE-2023-36942A cross-site scripting (XSS) vulnerability in PHPGurukul Online Fire Reporting System Using PHP and MySQL 1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the website title field.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-36942
CVE-2022-31454Yii 2 v2.0.45 was discovered to contain a cross-site scripting (XSS) vulnerability via the endpoint /books.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-31454
CVE-2023-32445This issue was addressed with improved checks. This issue is fixed in Safari 16.6, watchOS 9.6, iOS 15.7.8 and iPadOS 15.7.8, tvOS 16.6, iOS 16.6 and iPadOS 16.6, macOS Ventura 13.5. Processing a document may lead to a cross site scripting attack.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-32445
CVE-2023-3989A vulnerability was found in SourceCodester Jewelry Store System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file add_customer.php. The manipulation leads to cross site scripting. The attack may be launched remotely. VDB-235610 is the identifier assigned to this vulnerability.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3989
CVE-2023-3990A vulnerability classified as problematic has been found in Mingsoft MCMS up to 5.3.1. This affects an unknown part of the file search.do of the component HTTP POST Request Handler. The manipulation of the argument style leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-235611.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3990
CVE-2023-0602The Twittee Text Tweet WordPress plugin through 1.0.8 does not properly escape POST values which are printed back to the user inside one of the plugin's administrative page, which allows reflected XSS attacks targeting administrators to happen.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-0602
CVE-2023-3134The Forminator WordPress plugin before 1.24.4 does not properly escape values that are being reflected inside form fields that use pre-populated query parameters, which could lead to reflected XSS attacks.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3134
CVE-2023-3292The grid-kit-premium WordPress plugin before 2.2.0 does not escape some parameters as well as generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3292
CVE-2023-35791Vound Intella Connect 2.6.0.3 has an Open Redirect vulnerability.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-35791
CVE-2023-35792Vound Intella Connect 2.6.0.3 is vulnerable to stored Cross-site Scripting (XSS).6.1https://nvd.nist.gov/vuln/detail/CVE-2023-35792
CVE-2023-38305An issue was discovered in Webmin 2.021. The download functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a crafted download path containing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's browser when the download link is accessed.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-38305
CVE-2023-38306An issue was discovered in Webmin 2.021. A Cross-site Scripting (XSS) Bypass vulnerability was discovered in the file upload functionality. Normally, the application restricts the upload of certain file types such as .svg, .php, etc., and displays an error message if a prohibited file type is detected. However, by following certain steps, an attacker can bypass these restrictions and inject malicious code.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-38306
CVE-2023-38308An issue was discovered in Webmin 2.021. A Cross-Site Scripting (XSS) vulnerability was discovered in the HTTP Tunnel functionality when handling third-party domain URLs. By providing a crafted URL from a third-party domain, an attacker can inject malicious code. leading to the execution of arbitrary JavaScript code within the context of the victim's browser.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-38308
CVE-2023-38309An issue was discovered in Webmin 2.021. A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the package search functionality. The vulnerability allows an attacker to inject a malicious payload in the "Search for Package" field, which gets reflected back in the application's response, leading to the execution of arbitrary JavaScript code within the context of the victim's browser.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-38309
CVE-2023-34916Fuge CMS v1.0 contains an Open Redirect vulnerability via /front/ProcessAct.java.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-34916
CVE-2023-34917Fuge CMS v1.0 contains an Open Redirect vulnerability in member/RegisterAct.java.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-34917
CVE-2023-37580Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-37580
CVE-2023-23548Reflected XSS in business intelligence in Checkmk <2.2.0p8, <2.1.0p32, <2.0.0p38, <=1.6.0p30.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-23548
CVE-2023-33560There is a Cross Site Scripting (XSS) vulnerability in "cid" parameter of preview.php in PHPJabbers Time Slots Booking Calendar v3.3.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-33560
CVE-2023-33564There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Time Slots Booking Calendar v3.3.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-33564
CVE-2023-34869PHPJabbers Catering System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /index.php?controller=pjAdmin&action=pjActionForgot.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-34869
CVE-2023-31928\nA reflected cross-site scripting (XSS) vulnerability exists in Brocade Webtools PortSetting.html of Brocade Fabric OS version before Brocade Fabric OS v9.2.0 that could allow a remote unauthenticated attacker to execute arbitrary JavaScript code in a target user’s session with the Brocade Webtools application.\n\n6.1https://nvd.nist.gov/vuln/detail/CVE-2023-31928
CVE-2023-3500An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.0 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A reflected XSS was possible when creating specific PlantUML diagrams that allowed the attacker to perform arbitrary actions on behalf of victims.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3500
CVE-2023-4067The Bus Ticket Booking with Seat Reservation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab_date' and 'tab_date_r' parameters in versions up to, and including, 5.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-4067
CVE-2023-26316A XSS vulnerability exists in the Xiaomi cloud service Application product. The vulnerability is caused by Webview's whitelist checking function allowing javascript protocol to be loaded and can be exploited by attackers to steal Xiaomi cloud service account's cookies.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-26316
CVE-2023-38138\nA reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which allows an attacker to run JavaScript in the context of the currently logged-in user.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-38138
CVE-2023-3470\nSpecific F5 BIG-IP platforms with Cavium Nitrox FIPS HSM cards generate a deterministic password for the Crypto User account.  The predictable nature of the password allows an authenticated user with TMSH access to the BIG-IP system, or anyone with physical access to the FIPS HSM, the information required to generate the correct password.  On vCMP systems, all Guests share the same deterministic password, allowing those with TMSH access on one Guest to access keys of a different Guest.\n\nThe following BIG-IP hardware platforms are affected: 10350v-F, i5820-DF, i7820-DF, i15820-DF, 5250v-F, 7200v-F, 10200v-F, 6900-F, 8900-F, 11000-F, and 11050-F.\n\nThe BIG-IP rSeries r5920-DF and r10920-DF are not affected, nor does the issue affect software FIPS implementations or network HSM configurations.\n\n\n\nNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\n\n6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3470
CVE-2023-3978Text nodes not in the HTML namespace are incorrectly literally rendered, causing text which should be escaped to not be. This could lead to an XSS attack.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3978
CVE-2020-20808Cross Site Scripting vulnerability in Qibosoft qibosoft v.7 and before allows a remote attacker to execute arbitrary code via the eindtijd and starttijd parameters of do/search.php.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-20808
CVE-2023-4110A vulnerability has been found in PHP Jabbers Availability Booking Calendar 5.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument session_id leads to cross site scripting. The attack can be launched remotely. The identifier VDB-235957 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-4110
CVE-2023-4111A vulnerability was found in PHP Jabbers Bus Reservation System 1.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument index/pickup_id leads to cross site scripting. The attack may be launched remotely. VDB-235958 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-4111
CVE-2023-4112A vulnerability was found in PHP Jabbers Shuttle Booking Software 1.0. It has been classified as problematic. This affects an unknown part of the file /index.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-235959. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-4112
CVE-2023-4113A vulnerability was found in PHP Jabbers Service Booking Script 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-235960. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-4113
CVE-2023-4114A vulnerability was found in PHP Jabbers Night Club Booking Software 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-235961 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-4114
CVE-2023-4115A vulnerability classified as problematic has been found in PHP Jabbers Cleaning Business 1.0. Affected is an unknown function of the file /index.php. The manipulation of the argument index leads to cross site scripting. It is possible to launch the attack remotely. VDB-235962 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-4115
CVE-2023-4116A vulnerability classified as problematic was found in PHP Jabbers Taxi Booking 2.0. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-235963. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-4116
CVE-2023-4117A vulnerability, which was classified as problematic, has been found in PHP Jabbers Rental Property Booking 2.0. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument index leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-235964. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-4117
CVE-2023-4118A vulnerability, which was classified as problematic, was found in Cute Http File Server 2.0. This affects an unknown part of the component Search. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-235965 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-4118
CVE-2023-4119A vulnerability has been found in Academy LMS 6.0 and classified as problematic. This vulnerability affects unknown code of the file /academy/home/courses. The manipulation of the argument query/sort_by leads to cross site scripting. The attack can be initiated remotely. VDB-235966 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-4119
CVE-2023-4136Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrafterCMS Engine on Windows, MacOS, Linux, x86, ARM, 64 bit allows Reflected XSS.This issue affects CrafterCMS: from 4.0.0 through 4.0.2, from 3.1.0 through 3.1.27.\n\n6.1https://nvd.nist.gov/vuln/detail/CVE-2023-4136
CVE-2023-30958A security defect was identified in Foundry Frontend that enabled users to potentially conduct DOM XSS attacks if Foundry's CSP were to be bypassed.\n\nThis defect was resolved with the release of Foundry Frontend 6.225.0.\n\n6.1https://nvd.nist.gov/vuln/detail/CVE-2023-30958
CVE-2023-37499A Persistent Cross-site Scripting (XSS) vulnerability can be carried out in a certain field of the Unica Platform.  An attacker could hijack a user's session and perform other attacks.\n6.1https://nvd.nist.gov/vuln/detail/CVE-2023-37499
CVE-2023-37500A Persistent Cross-site Scripting (XSS) vulnerability can be carried out on certain pages of Unica Platform.  An attacker could hijack a user's session and perform other attacks.\n6.1https://nvd.nist.gov/vuln/detail/CVE-2023-37500
CVE-2023-37501A Persistent XSS vulnerability can be carried out in a certain field of Unica Campaign.  An attacker could hijack a user's session and perform other attacks.\n6.1https://nvd.nist.gov/vuln/detail/CVE-2023-37501
CVE-2023-36137There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Class Scheduling System 1.0.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-36137
CVE-2023-36138PHPJabbers Cleaning Business Software 1.0 is vulnerable to Cross Site Scripting (XSS) via the theme parameter of preview.php.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-36138
CVE-2023-36158Cross Site Scripting (XSS) vulnerability in sourcecodester Toll Tax Management System 1.0 allows remote attackers to run arbitrary code via the First Name and Last Name fields on the My Account page.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-36158
CVE-2023-36159Cross Site Scripting (XSS) vulnerability in sourcecodester Lost and Found Information System 1.0 allows remote attackers to run arbitrary code via the First Name, Middle Name and Last Name fields on the Create User page.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-36159
CVE-2023-38964Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting (XSS) vulnerability.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-38964
CVE-2023-39552PHPGurukul Online Security Guards Hiring System v.1.0 is vulnerable to Cross-Site Scripting (XSS).6.1https://nvd.nist.gov/vuln/detail/CVE-2023-39552
CVE-2023-3652Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digital Ant E-Commerce Software allows Reflected XSS.This issue affects E-Commerce Software: before 11.\n\n6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3652
CVE-2023-3653Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digital Ant E-Commerce Software allows Stored XSS.This issue affects E-Commerce Software: before 11.\n\n6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3653
CVE-2022-0536Improper Removal of Sensitive Information Before Storage or Transfer in NPM follow-redirects prior to 1.14.8.\n\n5.9https://nvd.nist.gov/vuln/detail/CVE-2022-0536
CVE-2022-2891The WP 2FA WordPress plugin before 2.3.0 uses comparison operators that don't mitigate time-based attacks, which could be abused to leak information about the authentication codes being compared.5.9https://nvd.nist.gov/vuln/detail/CVE-2022-2891
CVE-2022-3206The Passster WordPress plugin before 3.5.5.5.2 stores the password inside a cookie named "passster" using base64 encoding method which is easy to decode. This puts the password at risk in case the cookies get leaked.5.9https://nvd.nist.gov/vuln/detail/CVE-2022-3206
CVE-2023-28320A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using `alarm()` and `siglongjmp()`. When doing this, libcurl used a global buffer that was not mutex protected and a multi-threaded application might therefore crash or otherwise misbehave.5.9https://nvd.nist.gov/vuln/detail/CVE-2023-28320
CVE-2023-28321An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`.5.9https://nvd.nist.gov/vuln/detail/CVE-2023-28321
CVE-2021-31294Redis before 6cbea7d allows a replica to cause an assertion failure in a primary server by sending a non-administrative command (specifically, a SET command). NOTE: this was fixed for Redis 6.2.x and 7.x in 2021. Versions before 6.2 were not intended to have safety guarantees related to this.5.9https://nvd.nist.gov/vuln/detail/CVE-2021-31294
CVE-2023-3782DoS of the OkHttp client when using a BrotliInterceptor and surfing to a malicious web server, or when an attacker can perform MitM to inject a Brotli zip-bomb into an HTTP response\n\n5.9https://nvd.nist.gov/vuln/detail/CVE-2023-3782
CVE-2022-2127An out-of-bounds read vulnerability was found in Samba due to insufficient length checks in winbindd_pam_auth_crap.c. When performing NTLM authentication, the client replies to cryptographic challenges back to the server. These replies have variable lengths, and Winbind fails to check the lan manager response length. When Winbind is used for NTLM authentication, a maliciously crafted request can trigger an out-of-bounds read in Winbind, possibly resulting in a crash.5.9https://nvd.nist.gov/vuln/detail/CVE-2022-2127
CVE-2023-3347A vulnerability was found in Samba's SMB2 packet signing mechanism. The SMB2 packet signing is not enforced if an admin configured "server signing = required" or for SMB2 connections to Domain Controllers where SMB2 packet signing is mandatory. This flaw allows an attacker to perform attacks, such as a man-in-the-middle attack, by intercepting the network traffic and modifying the SMB2 messages between client and server, affecting the integrity of the data.5.9https://nvd.nist.gov/vuln/detail/CVE-2023-3347
CVE-2023-3242Allocation of Resources Without Limits or Throttling, Improper Initialization vulnerability in B&R Industrial Automation B&R Automation Runtime allows Flooding, Leveraging Race Conditions.This issue affects B&R Automation Runtime: <G4.93.\n\n5.9https://nvd.nist.gov/vuln/detail/CVE-2023-3242
CVE-2023-32427This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in Apple Music 4.2.0 for Android. An attacker in a privileged network position may be able to intercept network traffic.5.9https://nvd.nist.gov/vuln/detail/CVE-2023-32427
CVE-2023-4049Race conditions in reference counting code were found through code inspection. These could have resulted in potentially exploitable use-after-free vulnerabilities. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.5.9https://nvd.nist.gov/vuln/detail/CVE-2023-4049
CVE-2023-4127Race Condition within a Thread in GitHub repository answerdev/answer prior to v1.1.1.5.9https://nvd.nist.gov/vuln/detail/CVE-2023-4127
CVE-2022-3225Improper Control of Dynamically-Managed Code Resources in GitHub repository budibase/budibase prior to 1.3.20.\n\n5.7https://nvd.nist.gov/vuln/detail/CVE-2022-3225
CVE-2023-28261Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability5.7https://nvd.nist.gov/vuln/detail/CVE-2023-28261
CVE-2023-3348The Wrangler command line tool (<=wrangler@3.1.0) was affected by a directory traversal vulnerability when running a local development server for Pages (wrangler pages dev command). This vulnerability enabled an attacker in the same network as the victim to connect to the local development server and access the victim's files present outside of the directory for the development server.\n\n\n\n5.7https://nvd.nist.gov/vuln/detail/CVE-2023-3348
CVE-2023-36908Windows Hyper-V Information Disclosure Vulnerability5.7https://nvd.nist.gov/vuln/detail/CVE-2023-36908
CVE-2018-1002200plexus-archiver before 3.6.0 is vulnerable to directory traversal, allowing attackers to write to arbitrary files via a ../ (dot dot slash) in an archive entry that is mishandled during extraction. This vulnerability is also known as 'Zip-Slip'.5.5https://nvd.nist.gov/vuln/detail/CVE-2018-1002200
CVE-2021-28479Windows CSC Service Information Disclosure Vulnerability5.5https://nvd.nist.gov/vuln/detail/CVE-2021-28479
CVE-2021-31174Microsoft Excel Information Disclosure Vulnerability5.5https://nvd.nist.gov/vuln/detail/CVE-2021-31174
CVE-2021-31178Microsoft Office Information Disclosure Vulnerability5.5https://nvd.nist.gov/vuln/detail/CVE-2021-31178
CVE-2021-31184Microsoft Windows Infrared Data Association (IrDA) Information Disclosure Vulnerability5.5https://nvd.nist.gov/vuln/detail/CVE-2021-31184
CVE-2021-31185Windows Desktop Bridge Denial of Service Vulnerability5.5https://nvd.nist.gov/vuln/detail/CVE-2021-31185
CVE-2021-31191Windows Projected File System FS Filter Driver Information Disclosure Vulnerability5.5https://nvd.nist.gov/vuln/detail/CVE-2021-31191
CVE-2022-47512Sensitive information was stored in plain text in a file that is accessible by a user with a local account in Hybrid Cloud Observability (HCO)/ SolarWinds Platform 2022.4. No other versions are affected\n\n5.5https://nvd.nist.gov/vuln/detail/CVE-2022-47512
CVE-2022-41684A heap out of bounds read vulnerability exists in the OpenImageIO master-branch-9aeece7a when parsing the image file directory part of a PSD image file. A specially-crafted .psd file can cause a read of arbitrary memory address which can lead to denial of service. An attacker can provide a malicious file to trigger this vulnerability.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-41684
CVE-2023-1055A flaw was found in RHDS 11 and RHDS 12. While browsing entries LDAP tries to decode the userPassword attribute instead of the userCertificate attribute which could lead into sensitive information leaked. An attacker with a local account where the cockpit-389-ds is running can list the processes and display the hashed passwords. The highest threat from this vulnerability is to data confidentiality.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-1055
CVE-2023-1583A NULL pointer dereference was found in io_file_bitmap_get in io_uring/filetable.c in the io_uring sub-component in the Linux Kernel. When fixed files are unregistered, some context information (file_alloc_{start,end} and alloc_hint) is not cleared. A subsequent request that has auto index selection enabled via IORING_FILE_INDEX_ALLOC can cause a NULL pointer dereference. An unprivileged user can use the flaw to cause a system crash.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-1583
CVE-2022-24350An issue was discovered in IhisiSmm in Insyde InsydeH2O with kernel 5.0 through 5.5. IHISI function 0x17 verifies that the output buffer lies within the command buffer but does not verify that output data does not go beyond the end of the command buffer. In particular, the GetFlashTable function is called directly on the Command Buffer before the DataSize is check, leading to possible circumstances where the data immediately following the command buffer could be destroyed before returning a buffer size error.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-24350
CVE-2023-30985A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 3), Solid Edge SE2023 (All versions < V223.0 Update 2). Affected applications contain an out of bounds read past the end of an allocated buffer while parsing a specially crafted OBJ file. This vulnerability could allow an attacker to disclose sensitive information. (ZDI-CAN-19426)5.5https://nvd.nist.gov/vuln/detail/CVE-2023-30985
CVE-2023-2609NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-2609
CVE-2023-3355A NULL pointer dereference flaw was found in the Linux kernel's drivers/gpu/drm/msm/msm_gem_submit.c code in the submit_lookup_cmds function, which fails because it lacks a check of the return value of kmalloc(). This issue allows a local user to crash the system.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-3355
CVE-2023-2908A null pointer dereference issue was found in Libtiff's tif_dir.c file. This issue may allow an attacker to pass a crafted TIFF image file to the tiffcp utility which triggers a runtime error that causes undefined behavior. This will result in an application crash, eventually leading to a denial of service.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-2908
CVE-2023-3745A heap-based buffer overflow issue was found in ImageMagick's PushCharPixel() function in quantum-private.h. This issue may allow a local attacker to trick the user into opening a specially crafted file, triggering an out-of-bounds read error and allowing an application to crash, resulting in a denial of service.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-3745
CVE-2023-20593\nAn issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.\n\n\n\n\n\n\n5.5https://nvd.nist.gov/vuln/detail/CVE-2023-20593
CVE-2023-39128GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a stack overflow via the function ada_decode at /gdb/ada-lang.c.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-39128
CVE-2023-39129GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap use after free via the function add_pe_exported_sym() at /gdb/coff-pe-read.c.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-39129
CVE-2023-39130GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap buffer overflow via the function pe_as16() at /gdb/coff-pe-read.c.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-39130
CVE-2023-37732Yasm v1.3.0.78 was found prone to NULL Pointer Dereference in /libyasm/intnum.c and /elf/elf.c, which allows the attacker to cause a denial of service via a crafted file.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-37732
CVE-2023-35983This issue was addressed with improved data protection. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. An app may be able to modify protected parts of the file system.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-35983
CVE-2023-36862A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Ventura 13.5. An app may be able to determine a user’s current location.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-36862
CVE-2023-38258The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5, macOS Monterey 12.6.8. Processing a 3D model may result in disclosure of process memory.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-38258
CVE-2023-38259A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. An app may be able to access user-sensitive data.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-38259
CVE-2023-38421The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.5, macOS Monterey 12.6.8. Processing a 3D model may result in disclosure of process memory.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-38421
CVE-2023-38593A logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.6.8, iOS 16.6 and iPadOS 16.6, macOS Big Sur 11.7.9, macOS Ventura 13.5, watchOS 9.6. An app may be able to cause a denial-of-service.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-38593
CVE-2023-38602A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Monterey 12.6.8, macOS Ventura 13.5, macOS Big Sur 11.7.9. An app may be able to modify protected parts of the file system.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-38602
CVE-2023-38608The issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.5. An app may be able to access user-sensitive data.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-38608
CVE-2023-28203The issue was addressed with improved checks. This issue is fixed in Apple Music 4.2.0 for Android. An app may be able to access contacts.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-28203
CVE-2023-3488Uninitialized buffer in GBL parser in Silicon Labs GSDK v4.3.0 and earlier allows attacker to leak data from Secure stack via malformed GBL file.\n\n5.5https://nvd.nist.gov/vuln/detail/CVE-2023-3488
CVE-2023-34872A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-34872
CVE-2023-4054When opening appref-ms files, Firefox did not warn the user that these files may contain malicious code. \n*This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 116, Firefox ESR < 102.14, Firefox ESR < 115.1, Thunderbird < 102.14, and Thunderbird < 115.1.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-4054
CVE-2023-38559A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle() in ghostscript. This issue may allow a local attacker to cause a denial of service via outputting a crafted PDF file for a DEVN device with gs.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-38559
CVE-2023-38560An integer overflow flaw was found in pcl/pl/plfont.c:418 in pl_glyph_name in ghostscript. This issue may allow a local attacker to cause a denial of service via transforming a crafted PCL file to PDF format.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-38560
CVE-2023-31429\nBrocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a vulnerability when using various commands such as “chassisdistribute”, “reboot”, “rasman”, errmoduleshow, errfilterset, hassiscfgperrthreshold, supportshowcfgdisable and supportshowcfgenable commands that can cause the content of shell interpreted variables to be printed in the terminal.\n\n5.5https://nvd.nist.gov/vuln/detail/CVE-2023-31429
CVE-2023-31428Brocade Fabric OS before Brocade Fabric OS v9.1.1c, v9.2.0 contains a vulnerability in the command line that could allow a local user to dump files under user's home directory using grep.\n\n\n5.5https://nvd.nist.gov/vuln/detail/CVE-2023-31428
CVE-2023-31430A buffer overflow vulnerability in “secpolicydelete” command in Brocade Fabric OS before Brocade Fabric OS v9.1.1c and v9.2.0 could allow an authenticated privileged user to crash the Brocade Fabric OS switch leading to a denial of service.\n\n\n5.5https://nvd.nist.gov/vuln/detail/CVE-2023-31430
CVE-2023-31431A buffer overflow vulnerability in “diagstatus” command in Brocade Fabric OS before Brocade Fabric v9.2.0 and v9.1.1c could allow an authenticated user to crash the Brocade Fabric OS switch leading to a denial of service.\n\n\n5.5https://nvd.nist.gov/vuln/detail/CVE-2023-31431
CVE-2023-4016Under some circumstances, this weakness allows a user who has access to run the “ps” utility on a machine, the ability to write almost unlimited amounts of unfiltered data into the process heap.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-4016
CVE-2023-26441Cacheservice did not correctly check if relative cache object were pointing to the defined absolute location when accessing resources. An attacker with access to the database and a local or restricted network would be able to read arbitrary local file system resources that are accessible by the services system user account. We have improved path validation and make sure that any access is contained to the defined root directory. No publicly available exploits are known.\n\n5.5https://nvd.nist.gov/vuln/detail/CVE-2023-26441
CVE-2023-36858\nAn insufficient verification of data vulnerability exists in BIG-IP Edge Client for Windows and macOS that may allow an attacker to modify its configured server list.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-36858
CVE-2023-39113ngiflib commit fb271 was discovered to contain a segmentation violation via the function "main" at gif2tag.c. This vulnerability is triggered when running the program gif2tga.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-39113
CVE-2023-39114ngiflib commit 84a75 was discovered to contain a segmentation violation via the function SDL_LoadAnimatedGif at ngiflibSDL.c. This vulnerability is triggered when running the program SDLaffgif.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-39114
CVE-2023-4132A use-after-free vulnerability was found in the siano smsusb module in the Linux kernel. The bug occurs during device initialization when the siano device is plugged in. This flaw allows a local user to crash the system, causing a denial of service condition.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-4132
CVE-2023-4133A use-after-free vulnerability was found in the cxgb4 driver in the Linux kernel. The bug occurs when the cxgb4 device is detaching due to a possible rearming of the flower_stats_timer from the work queue. This flaw allows a local user to crash the system, causing a denial of service condition.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-4133
CVE-2023-36889Windows Group Policy Security Feature Bypass Vulnerability5.5https://nvd.nist.gov/vuln/detail/CVE-2023-36889
CVE-2023-36905Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability5.5https://nvd.nist.gov/vuln/detail/CVE-2023-36905
CVE-2023-36906Windows Cryptographic Services Information Disclosure Vulnerability5.5https://nvd.nist.gov/vuln/detail/CVE-2023-36906
CVE-2023-36907Windows Cryptographic Services Information Disclosure Vulnerability5.5https://nvd.nist.gov/vuln/detail/CVE-2023-36907
CVE-2023-36914Windows Smart Card Resource Management Server Security Feature Bypass Vulnerability5.5https://nvd.nist.gov/vuln/detail/CVE-2023-36914
CVE-2022-0178Missing Authorization vulnerability in snipe snipe/snipe-it.This issue affects snipe/snipe-i before 5.3.8.\n\n5.4https://nvd.nist.gov/vuln/detail/CVE-2022-0178
CVE-2022-23269Microsoft Dynamics GP Spoofing Vulnerability5.4https://nvd.nist.gov/vuln/detail/CVE-2022-23269
CVE-2022-0837The Amelia WordPress plugin before 1.0.48 does not have proper authorisation when handling Amelia SMS service, allowing any customer to send paid test SMS notification as well as retrieve sensitive information about the admin, such as the email, account balance and payment history. A malicious actor can abuse this vulnerability to drain out the account balance by keep sending SMS notification.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-0837
CVE-2022-0398The ThirstyAffiliates Affiliate Link Manager WordPress plugin before 3.10.5 does not have authorisation and CSRF checks when creating affiliate links, which could allow any authenticated user, such as subscriber to create arbitrary affiliate links, which could then be used to redirect users to an arbitrary website5.4https://nvd.nist.gov/vuln/detail/CVE-2022-0398
CVE-2022-36966Users with Node Management rights were able to view and edit all nodes due to Insufficient control on URL parameter causing insecure direct object reference (IDOR) vulnerability in SolarWinds Platform 2022.3 and previous.\n\n5.4https://nvd.nist.gov/vuln/detail/CVE-2022-36966
CVE-2022-38106\nThis vulnerability happens in the web client versions 15.3.0 to Serv-U 15.3.1. This vulnerability affects the directory creation function. \n\n5.4https://nvd.nist.gov/vuln/detail/CVE-2022-38106
CVE-2022-38110In Database Performance Analyzer (DPA) 2022.4 and older releases, certain URL vectors are susceptible to authenticated reflected cross-site scripting.\n\n5.4https://nvd.nist.gov/vuln/detail/CVE-2022-38110
CVE-2021-34475Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability5.4https://nvd.nist.gov/vuln/detail/CVE-2021-34475
CVE-2021-45094Imprivata Privileged Access Management (formally Xton Privileged Access Management) 2.3.202112051108 allows XSS.5.4https://nvd.nist.gov/vuln/detail/CVE-2021-45094
CVE-2023-25836\nThere is a Cross-site Scripting vulnerability in Esri Portal Sites in versions 10.8.1 – 10.9 that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victims browser.  The privileges required to execute this attack are low.\n\n\n\n5.4https://nvd.nist.gov/vuln/detail/CVE-2023-25836
CVE-2023-38057An improper input validation vulnerability in OTRS Survey modules allows any attacker with a link to a valid and unanswered survey request to inject javascript code in free text answers. This allows a cross site scripting attack while reading the replies as authenticated agent.\nThis issue affects OTRS Survey module from 7.0.X before 7.0.32, from 8.0.X before 8.0.13 and ((OTRS)) Community Edition Survey module from 6.0.X through 6.0.22.\n\n5.4https://nvd.nist.gov/vuln/detail/CVE-2023-38057
CVE-2022-28865An issue was discovered in Nokia NetAct 22 through the Site Configuration Tool website section. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims. Here, the /netact/sct filename parameter is used.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-28865
CVE-2022-28867An issue was discovered in Nokia NetAct 22 through the Administration of Measurements website section. A malicious user can edit or add the templateName parameter in order to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims. Here, the /aom/html/EditTemplate.jsf and /aom/html/ViewAllTemplatesPage.jsf templateName parameter is used.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-28867
CVE-2023-3384A flaw was found in the Quay registry. While the image labels created through Quay undergo validation both in the UI and backend by applying a regex (validation.py), the same validation is\r\nnot performed when the label comes from an image. This flaw allows an attacker to publish a malicious image to a public registry containing a script that can be executed via Cross-site scripting (XSS).5.4https://nvd.nist.gov/vuln/detail/CVE-2023-3384
CVE-2023-35929Tuleap is a free and open source suite to improve management of software development and collaboration. Prior to version 14.10.99.4 of Tuleap Community Edition and prior to versions 14.10-2 and 14.9-5 of Tuleap Enterprise Edition, content displayed in the "card fields" (visible in the kanban and PV2 apps) is not properly escaped. A malicious user with the capability to create an artifact or to edit a field used as a card field could force victim to execute uncontrolled code. Tuleap Community Edition 14.10.99.4, Tuleap Enterprise Edition 14.10-2, and Tuleap Enterprise Edition 14.9-5 contain a fix.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-35929
CVE-2023-36806Contao is an open source content management system. Starting in version 4.0.0 and prior to versions 4.9.42, 4.13.28, and 5.1.10, it is possible for untrusted backend users to inject malicious code into headline fields in the back end, which will be executed both in the element preview (back end) and on the website (front end). Installations are only affected if there are untrusted back end users who have the rights to modify headline fields, or other fields using the input unit widget. Contao 4.9.42, 4.13.28, and 5.1.10 have a patch for this issue. As a workaround, disable the login for all untrusted back end users.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-36806
CVE-2023-37919Cal.com is open-source scheduling software. A vulnerability allows active sessions associated with an account to remain active even after enabling 2FA. When activating 2FA on a Cal.com account that is logged in on two or more devices, the account stays logged in on the other device(s) stays logged in without having to verify the account owner's identity. As of time of publication, no known patches or workarounds exist.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-37919
CVE-2023-39151Jenkins 2.415 and earlier, LTS 2.401.2 and earlier does not sanitize or properly encode URLs in build logs when transforming them into hyperlinks, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control build log contents.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-39151
CVE-2023-31466An XSS issue was discovered in FSMLabs TimeKeeper 8.0.17. On the "Configuration -> Compliance -> Add a new compliance report" and "Configuration -> Timekeeper Configuration -> Add a new source there" screens, there are entry points to inject JavaScript code.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-31466
CVE-2023-37692An arbitrary file upload vulnerability in October CMS v3.4.4 allows attackers to execute arbitrary code via a crafted file.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-37692
CVE-2023-28014HCL BigFix Mobile is vulnerable to a cross-site scripting attack. An authenticated attacker could inject malicious scripts into the application.\n5.4https://nvd.nist.gov/vuln/detail/CVE-2023-28014
CVE-2023-3969A vulnerability, which was classified as problematic, has been found in GZ Scripts Availability Booking Calendar PHP 1.0. Affected by this issue is some unknown functionality of the file index.php of the component HTTP POST Request Handler. The manipulation of the argument promo_code leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-235568.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-3969
CVE-2023-3970A vulnerability, which was classified as problematic, was found in GZ Scripts Availability Booking Calendar PHP 1.0. This affects an unknown part of the file /index.php?controller=GzUser&action=edit&id=1 of the component Image Handler. The manipulation of the argument img leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-235569 was assigned to this vulnerability.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-3970
CVE-2023-37970Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Matthew Fries MF Gig Calendar plugin <= 1.2 versions.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-37970
CVE-2023-38491Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affects all Kirby sites that might have potential attackers in the group of authenticated Panel users or that allow external visitors to upload an arbitrary file to the content folder. Kirby sites are not affected if they don't allow file uploads for untrusted users or visitors or if the file extensions of uploaded files are limited to a fixed safe list. The attack requires user interaction by another user or visitor and cannot be automated.\n\nAn editor with write access to the Kirby Panel could upload a file with an unknown file extension like `.xyz` that contains HTML code including harmful content like `--redacted-- a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affects all Kirby sites that might have potential attackers in the group of authenticated Panel users or that allow external visitors to upload an arbitrary file to the content folder. Kirby sites are not affected if they don't allow file uploads for untrusted users or visitors or if the file extensions of uploaded files are limited to a fixed safe list. The attack requires user interaction by another user or visitor and cannot be automated.\n\nAn editor with write access to the Kirby Panel could upload a file with an unknown file extension like `.xyz` that contains HTML code including harmful content like `<script>` tags. The direct link to that file could be sent to other users or visitors of the site. If the victim opened that link in a browser where they are logged in to Kirby and the file had not been opened by anyone since the upload, Kirby would not be able to send the correct MIME content type, instead falling back to `text/html`. The browser would then run the script, which could for example trigger requests to Kirby's API with the permissions of the victim.\n\nThe issue was caused by the underlying `Kirby\\Http\\Response::file()` method, which didn't have an explicit fallback if the MIME type could not be determined from the file extension. If you use this method in site or plugin code, these uses may be affected by the same vulnerability.\n\nThe problem has been patched in Kirby 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6. In all of the mentioned releases, the maintainers have fixed the affected method to use a fallback MIME type of `text/plain` and set the `X-Content-Type-Options: nosniff` header if the MIME type of the file is unknown5.4https://nvd.nist.gov/vuln/detail/CVE-2023-38491
CVE-2023-38331Zoho ManageEngine Support Center Plus 14001 and below is vulnerable to stored XSS in the products module.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-38331
CVE-2023-37467Discourse is an open source discussion platform. Prior to version 3.1.0.beta7 of the `beta` and `tests-passed` branches, a CSP (Content Security Policy) nonce reuse vulnerability was discovered could allow cross-site scripting (XSS) attacks to bypass CSP protection for anonymous (i.e. unauthenticated) users. There are no known XSS vectors at the moment, but should one be discovered, this vulnerability would allow the XSS attack to bypass CSP and execute successfully. This vulnerability isn't applicable to logged-in users. Version 3.1.0.beta7 contains a patch. The stable branch doesn't have this vulnerability. A workaround to prevent the vulnerability is to disable Google Tag Manager, i.e., unset the `gtm container id` setting.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-37467
CVE-2022-4910Inappropriate implementation in Autofill in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)5.4https://nvd.nist.gov/vuln/detail/CVE-2022-4910
CVE-2023-4007Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.16.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-4007
CVE-2023-22595IBM B2B Advanced Communications 1.0.0.0 and IBM Multi-Enterprise Integration Gateway 1.0.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 244076.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-22595
CVE-2023-34360A stored cross-site scripting (XSS) issue was discovered within the Custom User Icons functionality of ASUS RT-AX88U running firmware versions 3.0.0.4.388.23110 and prior.  After a remote attacker logging in device with regular user privilege, the remote attacker can perform a Stored Cross-site Scripting (XSS) attack by uploading image which containing JavaScript code.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-34360
CVE-2023-38303An issue was discovered in Webmin 2.021. One can exploit a stored Cross-Site Scripting (XSS) attack to achieve Remote Command Execution (RCE) through the Users and Group's real name parameter.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-38303
CVE-2023-38304An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Users and Groups functionality, allowing an attacker to store a malicious payload in the Group Name field when creating a new group.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-38304
CVE-2023-38307An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Users and Groups functionality. The vulnerability occurs when an authenticated user adds a new user and inserts an XSS payload into the user's real name.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-38307
CVE-2023-38310An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the configuration settings of the system logs functionality. The vulnerability allows an attacker to store an XSS payload in the configuration settings of specific log files. This results in the execution of that payload whenever the affected log files are accessed.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-38310
CVE-2023-38311An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the System Logs Viewer functionality. The vulnerability allows an attacker to store a malicious payload in the configuration field, triggering the execution of the payload when saving the configuration or when accessing the System Logs Viewer page.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-38311
CVE-2020-36763Cross Site Scripting (XSS) vulnerability in DuxCMS 2.1 allows remote attackers to run arbitrary code via the content, time, copyfrom parameters when adding or editing a post.5.4https://nvd.nist.gov/vuln/detail/CVE-2020-36763
CVE-2023-37496HCL Verse is susceptible to a Stored Cross Site Scripting (XSS) vulnerability. An attacker could execute script in a victim's web browser to perform operations as the victim and/or steal the victim's cookies, session tokens, or other sensitive information.\n5.4https://nvd.nist.gov/vuln/detail/CVE-2023-37496
CVE-2023-36211The Barebones CMS v2.0.2 is vulnerable to Stored Cross-Site Scripting (XSS) when an authenticated user interacts with certain features on the admin panel.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-36211
CVE-2023-36118Cross Site Scripting vulnerability in Faculty Evaulation System using PHP/MySQLi v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the page parameter.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-36118
CVE-2023-2164An issue has been discovered in GitLab affecting all versions starting from 15.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for an attacker to trigger a stored XSS vulnerability via user interaction with a crafted URL in the WebIDE beta.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-2164
CVE-2023-36121Cross Site Scripting vulnerability in e107 v.2.3.2 allows a remote attacker to execute arbitrary code via the description function in the SEO project.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-36121
CVE-2023-26445Frontend themes are defined by user-controllable jslob settings and could point to a malicious resource which gets processed during login. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker would require temporary access to the users account or lure a user to a compromised account. We now sanitize the theme value and use a default fallback if no theme matches. No publicly available exploits are known.\n\n5.4https://nvd.nist.gov/vuln/detail/CVE-2023-26445
CVE-2023-26446The users clientID at "application passwords" was not sanitized or escaped before being added to DOM. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker would require temporary access to the users account or lure a user to a compromised account. We now sanitize the user-controllable clientID parameter. No publicly available exploits are known.\n\n5.4https://nvd.nist.gov/vuln/detail/CVE-2023-26446
CVE-2023-26447The "upsell" widget for the portal allows to specify a product description. This description taken from a user-controllable jslob did not get escaped before being added to DOM. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker would require temporary access to the users account or lure a user to a compromised account. We now sanitize jslob content. No publicly available exploits are known.\n\n5.4https://nvd.nist.gov/vuln/detail/CVE-2023-26447
CVE-2023-26448Custom log-in and log-out locations are used-defined as jslob but were not checked to contain malicious protocol handlers. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker would require temporary access to the users account or lure a user to a compromised account. We now sanitize jslob content for those locations to avoid redirects to malicious content. No publicly available exploits are known.\n\n5.4https://nvd.nist.gov/vuln/detail/CVE-2023-26448
CVE-2023-26449The "OX Chat" web service did not specify a media-type when processing responses by external resources. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker would require temporary access to the users account or lure a user to a compromised account. We are now defining the accepted media-type to avoid code execution. No publicly available exploits are known.\n\n5.4https://nvd.nist.gov/vuln/detail/CVE-2023-26449
CVE-2023-26450The "OX Count" web service did not specify a media-type when processing responses by external resources. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and API. To exploit this an attacker would require temporary access to the users account or lure a user to a compromised account. We are now defining the accepted media-type to avoid code execution. No publicly available exploits are known.\n\n5.4https://nvd.nist.gov/vuln/detail/CVE-2023-26450
CVE-2023-33257Verint Engagement Management 15.3 Update 2023R2 is vulnerable to HTML injection via the user data form in the live chat.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-33257
CVE-2023-38423\nA cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in user.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-38423
CVE-2023-36081Cross Site Scripting vulnerability in GatesAIr Flexiva FM Transmitter/Exciter v.FAX 150W allows a remote attacker to execute arbitrary code via a crafted script to the web application dashboard.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-36081
CVE-2023-39096WebBoss.io CMS v3.7.0.1 contains a stored Cross-Site Scripting (XSS) vulnerability due to lack of input validation and output encoding.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-39096
CVE-2023-39097WebBoss.io CMS v3.7.0.1 contains a stored cross-site scripting (XSS) vulnerability.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-39097
CVE-2023-4145Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/customer-data-framework prior to 3.4.2.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-4145
CVE-2023-20204A vulnerability in the web-based management interface of Cisco BroadWorks CommPilot Application Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.\r\n\r This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-20204
CVE-2023-38991An issue in the delete function in the ActModelController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete models created by the Administrator.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-38991
CVE-2023-4158Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.3.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-4158
CVE-2023-35384Windows HTML Platforms Security Feature Bypass Vulnerability5.4https://nvd.nist.gov/vuln/detail/CVE-2023-35384
CVE-2020-28388A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions < V5.2), Nucleus ReadyStart V3 (All versions < V2012.12), Nucleus Source Code (All versions), PLUSCONTROL 1st Gen (All versions), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). Initial Sequence Numbers (ISNs) for TCP connections are derived from an insufficiently random source. As a result, the ISN of current and future TCP connections could be predictable. An attacker could hijack existing sessions or spoof future ones.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-28388
CVE-2021-25677A vulnerability has been identified in APOGEE PXC Compact (BACnet) (All versions < V3.5.5), APOGEE PXC Compact (P2 Ethernet) (All versions < V2.8.20), APOGEE PXC Modular (BACnet) (All versions < V3.5.5), APOGEE PXC Modular (P2 Ethernet) (All versions < V2.8.20), Nucleus NET (All versions), Nucleus ReadyStart V3 (All versions < V2017.02.3), Nucleus ReadyStart V3 (All versions < V2017.02.4), Nucleus ReadyStart V4 (All versions < V4.1.0), Nucleus Source Code (Versions including affected DNS modules), SIMOTICS CONNECT 400 (All versions < V0.5.0.0), SIMOTICS CONNECT 400 (All versions >= V0.5.0.0 < V1.0.0.0), TALON TC Compact (BACnet) (All versions < V3.5.5), TALON TC Modular (BACnet) (All versions < V3.5.5). The DNS client does not properly randomize DNS transaction IDs. That could allow an attacker to poison the DNS cache or spoof DNS resolving.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-25677
CVE-2021-31173Microsoft SharePoint Server Information Disclosure Vulnerability5.3https://nvd.nist.gov/vuln/detail/CVE-2021-31173
CVE-2022-0140The Visual Form Builder WordPress plugin before 3.0.6 does not perform access control on entry form export, allowing unauthenticated users to see the form entries or export it as a CSV File using the vfb-export endpoint.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-0140
CVE-2022-1893Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository polonel/trudesk prior to 1.2.3.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-1893
CVE-2022-28666Broken Access Control vulnerability in YIKES Inc. Custom Product Tabs for WooCommerce plugin <= 1.7.7 at WordPress leading to &yikes-the-content-toggle option update.\n\n5.3https://nvd.nist.gov/vuln/detail/CVE-2022-28666
CVE-2022-2834The Helpful WordPress plugin before 4.5.26 puts the exported logs and feedbacks in a publicly accessible location and guessable names, which could allow attackers to download them and retrieve sensitive information such as IP, Names and Email Address depending on the plugin's settings5.3https://nvd.nist.gov/vuln/detail/CVE-2022-2834
CVE-2022-38107Sensitive information could be displayed when a detailed technical error message is posted. This information could disclose environmental details.\n\n5.3https://nvd.nist.gov/vuln/detail/CVE-2022-38107
CVE-2022-41618Unauthenticated Error Log Disclosure vulnerability in Media Library Assistant plugin <= 3.00 on WordPress.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-41618
CVE-2021-35246The application fails to prevent users from connecting to it over unencrypted connections. An attacker able to modify a legitimate user's network traffic could bypass the application's use of SSL/TLS encryption and use the application as a platform for attacks against its users.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-35246
CVE-2022-38113This vulnerability discloses build and services versions in the server response header.\n\n5.3https://nvd.nist.gov/vuln/detail/CVE-2022-38113
CVE-2022-38115Insecure method vulnerability in which allowed HTTP methods are disclosed. E.g., OPTIONS, DELETE, TRACE, and PUT\n\n5.3https://nvd.nist.gov/vuln/detail/CVE-2022-38115
CVE-2022-41717An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-41717
CVE-2022-3482An improper access control issue in GitLab CE/EE affecting all versions from 11.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allowed an unauthorized user to see release names even when releases we set to be restricted to project members only5.3https://nvd.nist.gov/vuln/detail/CVE-2022-3482
CVE-2023-1258Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ABB Flow-X firmware on Flow-X embedded hardware (web service modules) allows Footprinting.This issue affects Flow-X: before 4.0.\n\n5.3https://nvd.nist.gov/vuln/detail/CVE-2023-1258
CVE-2023-32675Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In contracts with more than one regular nonpayable function, it is possible to send funds to the default function, even if the default function is marked `nonpayable`. This applies to contracts compiled with vyper versions prior to 0.3.8. This issue was fixed by the removal of the global `calldatasize` check in commit `02339dfda`. Users are advised to upgrade to version 0.3.8. Users unable to upgrade should avoid use of nonpayable default functions.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-32675
CVE-2023-32732gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyond the commit in  https://github.com/grpc/grpc/pull/32309 https://www.google.com/url \n5.3https://nvd.nist.gov/vuln/detail/CVE-2023-32732
CVE-2023-33201Bouncy Castle For Java before 1.74 is affected by an LDAP injection vulnerability. The vulnerability only affects applications that use an LDAP CertStore from Bouncy Castle to validate X.509 certificates. During the certificate validation process, Bouncy Castle inserts the certificate's Subject Name into an LDAP search filter without any escaping, which leads to an LDAP injection vulnerability.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-33201
CVE-2023-2796The EventON WordPress plugin before 2.1.2 lacks authentication and authorization in its eventon_ics_download ajax action, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-2796
CVE-2023-3219The EventON WordPress plugin before 2.1.2 does not validate that the event_id parameter in its eventon_ics_download ajax action is a valid Event, allowing unauthenticated visitors to access any Post (including unpublished or protected posts) content via the ics export functionality by providing the numeric id of the post.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-3219
CVE-2023-3446Issue summary: Checking excessively long DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_check(), DH_check_ex()\nor EVP_PKEY_param_check() to check a DH key or DH parameters may experience long\ndelays. Where the key or parameters that are being checked have been obtained\nfrom an untrusted source this may lead to a Denial of Service.\n\nThe function DH_check() performs various checks on DH parameters. One of those\nchecks confirms that the modulus ('p' parameter) is not too large. Trying to use\na very large modulus is slow and OpenSSL will not normally use a modulus which\nis over 10,000 bits in length.\n\nHowever the DH_check() function checks numerous aspects of the key or parameters\nthat have been supplied. Some of those checks use the supplied modulus value\neven if it has already been found to be too large.\n\nAn application that calls DH_check() and supplies a key or parameters obtained\nfrom an untrusted source could be vulernable to a Denial of Service attack.\n\nThe function DH_check() is itself called by a number of other OpenSSL functions.\nAn application calling any of those other functions may similarly be affected.\nThe other functions affected by this are DH_check_ex() and\nEVP_PKEY_param_check().\n\nAlso vulnerable are the OpenSSL dhparam and pkeyparam command line applications\nwhen using the '-check' option.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-3446
CVE-2023-34967A Type Confusion vulnerability was found in Samba's mdssvc RPC service for Spotlight. When parsing Spotlight mdssvc RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the mdssvc protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a caller may trigger a crash in talloc_get_size() when talloc detects that the passed-in pointer is not a valid talloc pointer. With an RPC worker process shared among multiple client connections, a malicious client or attacker can trigger a process crash in a shared RPC mdssvc worker process, affecting all other clients this worker serves.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-34967
CVE-2023-34968A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search queries. This flaw allows a malicious client or an attacker with a targeted RPC request to view the information that is part of the disclosed path.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-34968
CVE-2023-33951A race condition vulnerability was found in the vmwgfx driver in the Linux kernel. The flaw exists within the handling of GEM objects. The issue results from improper locking when performing operations on an object. This flaw allows a local privileged user to disclose information in the context of the kernel.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-33951
CVE-2023-3750A flaw was found in libvirt. The virStoragePoolObjListSearch function does not return a locked pool as expected, resulting in a race condition and denial of service when attempting to lock the same object from another thread. This issue could allow clients connecting to the read-only socket to crash the libvirt daemon.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-3750
CVE-2023-3897\nUsername enumeration is possible through Bypassing CAPTCHA in On-premise SureMDM Solution on Windows deployment allows attacker to enumerate local user information via error message.\n\nThis issue affects SureMDM On-premise: 6.31 and below version \n\n5.3https://nvd.nist.gov/vuln/detail/CVE-2023-3897
CVE-2023-35944Envoy is an open source edge and service proxy designed for cloud-native applications. Envoy allows mixed-case schemes in HTTP/2, however, some internal scheme checks are case-sensitive. Prior to versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, this can lead to the rejection of requests with mixed-case schemes such as `htTp` or `htTps`, or the bypassing of some requests such as `https` in unencrypted connections. With a fix in versions 1.27.0, 1.26.4, 1.25.9, 1.24.10, and 1.23.12, Envoy will now lowercase scheme values by default, and change the internal scheme checks that were case-sensitive to be case-insensitive. There are no known workarounds for this issue.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-35944
CVE-2023-37902Vyper is a Pythonic programming language that targets the Ethereum Virtual Machine (EVM). Prior to version 0.3.10, the ecrecover precompile does not fill the output buffer if the signature does not verify. However, the ecrecover builtin will still return whatever is at memory location 0. This means that the if the compiler has been convinced to write to the 0 memory location with specially crafted data (generally, this can happen with a hashmap access or immutable read) just before the ecrecover, a signature check might pass on an invalid signature. Version 0.3.10 contains a patch for this issue.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-37902
CVE-2023-38499TYPO3 is an open source PHP based web content management system. Starting in version 9.4.0 and prior to versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, and 12.4.4, in multi-site scenarios, enumerating the HTTP query parameters `id` and `L` allowed out-of-scope access to rendered content in the website frontend. For instance, this allowed visitors to access content of an internal site by adding handcrafted query parameters to the URL of a site that was publicly available. TYPO3 versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, 12.4.4 fix the problem.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-38499
CVE-2023-3947The Video Conferencing with Zoom plugin for WordPress is vulnerable to Sensitive Information Exposure due to hardcoded encryption key on the 'vczapi_encrypt_decrypt' function in versions up to, and including, 4.2.1. This makes it possible for unauthenticated attackers to decrypt and view the meeting id and password.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-3947
CVE-2023-30949A missing origin validation in Slate sandbox could be exploited by a malicious user to modify the page's content, which could lead to phishing attacks.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-30949
CVE-2023-37217Tadiran Telecom Aeonix - CWE-204: Observable Response Discrepancy5.3https://nvd.nist.gov/vuln/detail/CVE-2023-37217
CVE-2020-4868IBM TRIRIGA 3.0, 4.0, and 4.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190744.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-4868
CVE-2023-3817Issue summary: Checking excessively long DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_check(), DH_check_ex()\nor EVP_PKEY_param_check() to check a DH key or DH parameters may experience long\ndelays. Where the key or parameters that are being checked have been obtained\nfrom an untrusted source this may lead to a Denial of Service.\n\nThe function DH_check() performs various checks on DH parameters. After fixing\nCVE-2023-3446 it was discovered that a large q parameter value can also trigger\nan overly long computation during some of these checks. A correct q value,\nif present, cannot be larger than the modulus p parameter, thus it is\nunnecessary to perform these checks if q is larger than p.\n\nAn application that calls DH_check() and supplies a key or parameters obtained\nfrom an untrusted source could be vulnerable to a Denial of Service attack.\n\nThe function DH_check() is itself called by a number of other OpenSSL functions.\nAn application calling any of those other functions may similarly be affected.\nThe other functions affected by this are DH_check_ex() and\nEVP_PKEY_param_check().\n\nAlso vulnerable are the OpenSSL dhparam and pkeyparam command line applications\nwhen using the "-check" option.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\n\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-3817
CVE-2022-42182Precisely Spectrum Spatial Analyst 20.01 is vulnerable to Directory Traversal.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-42182
CVE-2023-3462HashiCorp's Vault and Vault Enterprise are vulnerable to user enumeration when using the LDAP auth method. An attacker may submit requests of existent and non-existent LDAP users and observe the response from Vault to check if the account is valid on the LDAP server. This vulnerability is fixed in Vault 1.14.1 and 1.13.5.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-3462
CVE-2023-38357Session tokens in RWS WorldServer 11.7.3 and earlier have a low entropy and can be enumerated, leading to unauthorized access to user sessions.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-38357
CVE-2023-4045Offscreen Canvas did not properly track cross-origin tainting, which could have been used to access image data from another site in violation of same-origin policy. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-4045
CVE-2023-4046In some circumstances, a stale value could have been used for a global variable in WASM JIT analysis. This resulted in incorrect compilation and a potentially exploitable crash in the content process. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-4046
CVE-2023-31927An information disclosure in the web interface of Brocade Fabric OS versions before Brocade Fabric OS v9.2.0 and v9.1.1c, could allow a remote unauthenticated attacker to get technical details about the web interface.\n\n\n5.3https://nvd.nist.gov/vuln/detail/CVE-2023-31927
CVE-2023-38330OXID eShop Enterprise Edition 6.5.0 – 6.5.2 before 6.5.3 allows uploading files with modified headers in the administration area. An attacker can upload a file with a modified header to create a HTTP Response Splitting attack.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-38330
CVE-2023-38958An access control issue in ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to arbitrarily close and open the doors managed by the platform remotely via sending a crafted web request.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-38958
CVE-2023-25524\nNVIDIA Omniverse Workstation Launcher for Windows and Linux contains a vulnerability in the authentication flow, where a user’s access token is displayed in the browser user's address bar. An attacker could use this token to impersonate the user to access launcher resources. A successful exploit of this vulnerability may lead to information disclosure.\n\n5.3https://nvd.nist.gov/vuln/detail/CVE-2023-25524
CVE-2023-36141User enumeration is found in in PHPJabbers Cleaning Business Software 1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-36141
CVE-2023-32001libcurl can be told to save cookie, HSTS and/or alt-svc data to files. When\ndoing this, it called `stat()` followed by `fopen()` in a way that made it\nvulnerable to a TOCTOU race condition problem.\n\nBy exploiting this flaw, an attacker could trick the victim to create or\noverwrite protected files holding this data in ways it was not intended to.\n5https://nvd.nist.gov/vuln/detail/CVE-2023-32001
CVE-2022-3018An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 9.3 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 allows a project maintainer to access the DataDog integration API key from webhook logs.4.9https://nvd.nist.gov/vuln/detail/CVE-2022-3018
CVE-2022-3740An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. A group owner may be able to bypass External Authorization check, if it is enabled, to access git repositories and package registries by using Deploy tokens or Deploy keys .4.9https://nvd.nist.gov/vuln/detail/CVE-2022-3740
CVE-2023-32468\nDell ECS Streamer, versions prior to 2.0.7.1, contain an insertion of sensitive information in log files vulnerability. A remote malicious high-privileged user could potentially exploit this vulnerability leading to exposure of this sensitive data.\n\n4.9https://nvd.nist.gov/vuln/detail/CVE-2023-32468
CVE-2023-3981Server-Side Request Forgery (SSRF) in GitHub repository omeka/omeka-s prior to 4.0.2.4.9https://nvd.nist.gov/vuln/detail/CVE-2023-3981
CVE-2023-3774An unhandled error in Vault Enterprise's namespace creation may cause the Vault process to crash, potentially resulting in denial of service. Fixed in 1.14.1, 1.13.5, and 1.12.9.4.9https://nvd.nist.gov/vuln/detail/CVE-2023-3774
CVE-2023-3569In PHOENIX CONTACTs TC ROUTER and TC CLOUD CLIENT in versions prior to 2.07.2 as well as CLOUD CLIENT 1101T-TX/TX prior to 2.06.10 an authenticated remote attacker with admin privileges could upload a crafted XML file which causes a denial-of-service.4.9https://nvd.nist.gov/vuln/detail/CVE-2023-3569
CVE-2023-2223The Login rebuilder WordPress plugin before 2.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).4.8https://nvd.nist.gov/vuln/detail/CVE-2023-2223
CVE-2023-2224The SEO by 10Web WordPress plugin before 1.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).4.8https://nvd.nist.gov/vuln/detail/CVE-2023-2224
CVE-2023-3568Open Redirect in GitHub repository alextselegidis/easyappointments prior to 1.5.0.\n\n4.8https://nvd.nist.gov/vuln/detail/CVE-2023-3568
CVE-2023-25835\nThere is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.8.1 – 11.1 that may allow a remote, authenticated attacker to create a crafted link that is stored in the site configuration which when clicked could potentially execute arbitrary JavaScript code in the victims browser.  The privileges required to execute this attack are high.  The attack could disclose a privileged token which may result the attacker gaining full control of the Portal.\n\n4.8https://nvd.nist.gov/vuln/detail/CVE-2023-25835
CVE-2023-25837\nThere is a Cross-site Scripting vulnerability in Esri Portal Sites in versions 10.8.1 – 10.9 that may allow a remote, authenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victims browser.  The privileges required to execute this attack are high.  No security boundary can be crossed scope is unchanged, If an admin account fell victim to this attack Confidentiality, Integrity and Availability are all High. \n\n4.8https://nvd.nist.gov/vuln/detail/CVE-2023-25837
CVE-2023-37623Netdisco before v2.063000 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /Web/TypeAhead.pm.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-37623
CVE-2023-37980Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gravity Master Custom Field For WP Job Manager plugin <= 1.1 versions.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-37980
CVE-2023-37993Auth. Stored Cross-Site Scripting (XSS) vulnerability in maennchen1.De wpShopGermany IT-RECHT KANZLEI plugin <= 1.7 versions.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-37993
CVE-2023-3980Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.2.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-3980
CVE-2023-3982Cross-site Scripting (XSS) - Stored in GitHub repository omeka/omeka-s prior to 4.0.2.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-3982
CVE-2023-3986A vulnerability was found in SourceCodester Simple Online Mens Salon Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/?page=user/list. The manipulation of the argument First Name/Last Name/Username leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235607.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-3986
CVE-2023-31934Cross Site Scripting vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to obtain sensitive information via the adminname parameter of admin-profile.php.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-31934
CVE-2023-31935Cross Site Scripting vulnerability found in Rail Pass Management System v.1.0 allows a remote attacker to obtain sensitive information via the emial parameter of admin-profile.php.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-31935
CVE-2023-3130The Short URL WordPress plugin before 1.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).4.8https://nvd.nist.gov/vuln/detail/CVE-2023-3130
CVE-2021-31651Cross Site Scripting (XSS) vulnerability in neofarg-cms 0.2.3 allows remoate attacker to run arbitrary code via the copyright field in copyright settings.4.8https://nvd.nist.gov/vuln/detail/CVE-2021-31651
CVE-2023-2850NodeBB is affected by a Cross-Site WebSocket Hijacking vulnerability due to missing validation of the request origin. Exploitation of this vulnerability allows certain user information to be extracted by attacker.4.7https://nvd.nist.gov/vuln/detail/CVE-2023-2850
CVE-2023-20583A potential power side-channel vulnerability in\nAMD processors may allow an authenticated attacker to monitor the CPU power\nconsumption as the data in a cache line changes over time potentially resulting\nin a leak of sensitive information.\n\n\n\n\n\n\n\n\n\n\n\n\n\n4.7https://nvd.nist.gov/vuln/detail/CVE-2023-20583
CVE-2021-26418Microsoft SharePoint Server Spoofing Vulnerability4.6https://nvd.nist.gov/vuln/detail/CVE-2021-26418
CVE-2023-4010A flaw was found in the USB Host Controller Driver framework in the Linux kernel. The usb_giveback_urb function has a logic loophole in its implementation. Due to the inappropriate judgment condition of the goto statement, the function cannot return under the input of a specific malformed descriptor file, so it falls into an endless loop, resulting in a denial of service.4.6https://nvd.nist.gov/vuln/detail/CVE-2023-4010
CVE-2023-35394Azure HDInsight Jupyter Notebook Spoofing Vulnerability4.6https://nvd.nist.gov/vuln/detail/CVE-2023-35394
CVE-2023-35393Azure Apache Hive Spoofing Vulnerability4.5https://nvd.nist.gov/vuln/detail/CVE-2023-35393
CVE-2023-36877Azure Apache Oozie Spoofing Vulnerability4.5https://nvd.nist.gov/vuln/detail/CVE-2023-36877
CVE-2023-36881Azure Apache Ambari Spoofing Vulnerability4.5https://nvd.nist.gov/vuln/detail/CVE-2023-36881
CVE-2023-38188Azure Apache Hadoop Spoofing Vulnerability4.5https://nvd.nist.gov/vuln/detail/CVE-2023-38188
CVE-2023-2860An out-of-bounds read vulnerability was found in the SR-IPv6 implementation in the Linux kernel. The flaw exists within the processing of seg6 attributes. The issue results from the improper validation of user-supplied data, which can result in a read past the end of an allocated buffer. This flaw allows a privileged local user to disclose sensitive information on affected installations of the Linux kernel.4.4https://nvd.nist.gov/vuln/detail/CVE-2023-2860
CVE-2023-3772A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in xfrm_update_ae_params(), leading to a possible kernel crash and denial of service.4.4https://nvd.nist.gov/vuln/detail/CVE-2023-3772
CVE-2023-3773A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to cause a 4 byte out-of-bounds read of XFRMA_MTIMER_THRESH when parsing netlink attributes, leading to potential leakage of sensitive heap data to userspace.4.4https://nvd.nist.gov/vuln/detail/CVE-2023-3773
CVE-2023-36494\nAudit logs on F5OS-A may contain undisclosed sensitive information.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.4.4https://nvd.nist.gov/vuln/detail/CVE-2023-36494
CVE-2021-31205Windows SMB Client Security Feature Bypass Vulnerability4.3https://nvd.nist.gov/vuln/detail/CVE-2021-31205
CVE-2021-2369Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Library). Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N).4.3https://nvd.nist.gov/vuln/detail/CVE-2021-2369
CVE-2021-41122Vyper is a Pythonic Smart Contract Language for the EVM. In affected versions external functions did not properly validate the bounds of decimal arguments. The can lead to logic errors. This issue has been resolved in version 0.3.0.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-41122
CVE-2021-35237A missing HTTP header (X-Frame-Options) in Kiwi Syslog Server has left customers vulnerable to click jacking. Clickjacking is an attack that occurs when an attacker uses a transparent iframe in a window to trick a user into clicking on an actionable item, such as a button or link, to another server in which they have an identical webpage. The attacker essentially hijacks the user activity intended for the original server and sends them to the other server. This is an attack on both the user and the server.\n\n4.3https://nvd.nist.gov/vuln/detail/CVE-2021-35237
CVE-2021-35248It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings entity and enumerate users and their basic settings.\n\n4.3https://nvd.nist.gov/vuln/detail/CVE-2021-35248
CVE-2022-0174Improper Validation of Specified Quantity in Input vulnerability in dolibarr dolibarr/dolibarr.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-0174
CVE-2022-0338Insertion of Sensitive Information into Log File in Conda loguru prior to 0.5.3.\n\n4.3https://nvd.nist.gov/vuln/detail/CVE-2022-0338
CVE-2022-23258Microsoft Edge for Android Spoofing Vulnerability4.3https://nvd.nist.gov/vuln/detail/CVE-2022-23258
CVE-2022-0569Observable Discrepancy in Packagist snipe/snipe-it prior to v5.3.9.\n\n4.3https://nvd.nist.gov/vuln/detail/CVE-2022-0569
CVE-2022-0164The Coming soon and Maintenance mode WordPress plugin before 3.5.3 does not have authorisation and CSRF checks in its coming_soon_send_mail AJAX action, allowing any authenticated users, with a role as low as subscriber to send arbitrary emails to all subscribed users4.3https://nvd.nist.gov/vuln/detail/CVE-2022-0164
CVE-2022-0762Incorrect Authorization in GitHub repository microweber/microweber prior to 1.3.\n\n4.3https://nvd.nist.gov/vuln/detail/CVE-2022-0762
CVE-2022-0345The Customize WordPress Emails and Alerts WordPress plugin before 1.8.7 does not have authorisation and CSRF check in its bnfw_search_users AJAX action, allowing any authenticated users to call it and query for user e-mail prefixes (finding the first letter, then the second one, then the third one etc.).4.3https://nvd.nist.gov/vuln/detail/CVE-2022-0345
CVE-2022-0377Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar after the registration. After this process the user crops and saves the image. Then a "POST" request that contains user supplied name of the image is sent to the server for renaming and cropping of the image. As a result of this request, the name of the user-supplied image is changed with a MD5 value. This process can be conducted only when type of the image is JPG or PNG. An attacker can use this vulnerability in order to rename an arbitrary image file. By doing this, they could destroy the design of the web site.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-0377
CVE-2022-0384The Video Conferencing with Zoom WordPress plugin before 3.8.17 does not have authorisation in its vczapi_get_wp_users AJAX action, allowing any authenticated users, such as subscriber to download the list of email addresses registered on the blog4.3https://nvd.nist.gov/vuln/detail/CVE-2022-0384
CVE-2022-0287The myCred WordPress plugin before 2.4.4.1 does not have any authorisation in place in its mycred-tools-select-user AJAX action, allowing any authenticated user, such as subscriber to call and retrieve all email addresses from the blog4.3https://nvd.nist.gov/vuln/detail/CVE-2022-0287
CVE-2022-0363The myCred WordPress plugin before 2.4.3.1 does not have any authorisation and CSRF checks in the mycred-tools-import-export AJAX action, allowing any authenticated users, such as subscribers, to call it and import mycred setup, thus creating badges, managing points or creating arbitrary posts.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-0363
CVE-2022-0444The Backup, Restore and Migrate WordPress Sites With the XCloner Plugin WordPress plugin before 4.3.6 does not have authorisation and CSRF checks when resetting its settings, allowing unauthenticated attackers to reset them, including generating a new backup encryption key.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-0444
CVE-2022-3325Improper access control in the GitLab CE/EE API affecting all versions starting from 12.8 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. Allowed for editing the approval rules via the API by an unauthorised user.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-3325
CVE-2022-3330It was possible for a guest user to read a todo targeting an inaccessible note in Gitlab CE/EE affecting all versions from 15.0 prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-3330
CVE-2022-3351An issue has been discovered in GitLab EE affecting all versions starting from 13.7 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. A user's primary email may be disclosed to an attacker through group member events webhooks.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-3351
CVE-2022-3413Incorrect authorization during display of Audit Events in GitLab EE affecting all versions from 14.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allowed Developers to view the project's Audit Events and Developers or Maintainers to view the group's Audit Events. These should have been restricted to Project Maintainers, Group Owners, and above.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-3413
CVE-2022-3819An improper authorization issue in GitLab CE/EE affecting all versions from 15.0 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a malicious users to set emojis on internal notes they don't have access to.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-3819
CVE-2023-3700Authorization Bypass Through User-Controlled Key in GitHub repository alextselegidis/easyappointments prior to 1.5.0.\n\n4.3https://nvd.nist.gov/vuln/detail/CVE-2023-3700
CVE-2023-32625Cross-site request forgery (CSRF) vulnerability in TS Webfonts for SAKURA 3.1.2 and earlier allows a remote unauthenticated attacker to hijack the authentication of a user and to change settings by having a user view a malicious page.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-32625
CVE-2023-1401An issue has been discovered in GitLab DAST scanner affecting all versions starting from 3.0.29 before 4.0.5, in which the DAST scanner leak cross site cookies on redirect during authorization.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-1401
CVE-2023-3622\n Access Control Bypass Vulnerability in the SolarWinds Platform that allows an underprivileged user to read arbitrary resource4.3https://nvd.nist.gov/vuln/detail/CVE-2023-3622
CVE-2023-3957The ACF Photo Gallery Field plugin for WordPress is vulnerable to unauthorized modification of data due to an insufficient restriction on the 'apg_profile_update' function in versions up to, and including, 1.9. This makes it possible for authenticated attackers, with subscriber-level permissions or above, to update the user metas arbitrarily. The meta value can only be a string.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-3957
CVE-2023-3977Several plugins for WordPress by Inisev are vulnerable to Cross-Site Request Forgery to unauthorized installation of plugins due to a missing nonce check on the handle_installation function that is called via the inisev_installation AJAX aciton in various versions. This makes it possible for unauthenticated attackers to install plugins from the limited list via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-3977
CVE-2023-37906Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, a malicious user can edit a post in a topic and cause a DoS with a carefully crafted edit reason. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. There are no known workarounds for this vulnerability.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-37906
CVE-2023-38685Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, information about restricted-visibility topic tags could be obtained by unauthorized users. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-38685
CVE-2023-38988An issue in the delete function in the OaNotifyController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete notifications created by Administrators.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-38988
CVE-2021-4316Inappropriate implementation in Cast UI in Google Chrome prior to 96.0.4664.45 allowed a remote attacker to spoof browser UI via a crafted HTML page. (Chromium security severity: Low)4.3https://nvd.nist.gov/vuln/detail/CVE-2021-4316
CVE-2021-4321Policy bypass in Blink in Google Chrome prior to 91.0.4472.77 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)4.3https://nvd.nist.gov/vuln/detail/CVE-2021-4321
CVE-2022-4908Inappropriate implementation in iFrame Sandbox in Google Chrome prior to 107.0.5304.62 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)4.3https://nvd.nist.gov/vuln/detail/CVE-2022-4908
CVE-2022-4917Incorrect security UI in Notifications in Google Chrome on Android prior to 103.0.5060.53 allowed a remote attacker to obscure the full screen notification via a crafted HTML page. (Chromium security severity: Low)4.3https://nvd.nist.gov/vuln/detail/CVE-2022-4917
CVE-2023-38989An issue in the delete function in the UserController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete the Administrator's role information.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-38989
CVE-2023-3733Inappropriate implementation in WebApp Installs in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)4.3https://nvd.nist.gov/vuln/detail/CVE-2023-3733
CVE-2023-3734Inappropriate implementation in Picture In Picture in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)4.3https://nvd.nist.gov/vuln/detail/CVE-2023-3734
CVE-2023-3735Inappropriate implementation in Web API Permission Prompts in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)4.3https://nvd.nist.gov/vuln/detail/CVE-2023-3735
CVE-2023-3736Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 115.0.5790.98 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)4.3https://nvd.nist.gov/vuln/detail/CVE-2023-3736
CVE-2023-3737Inappropriate implementation in Notifications in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to spoof the contents of media notifications via a crafted HTML page. (Chromium security severity: Medium)4.3https://nvd.nist.gov/vuln/detail/CVE-2023-3737
CVE-2023-3738Inappropriate implementation in Autofill in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Medium)4.3https://nvd.nist.gov/vuln/detail/CVE-2023-3738
CVE-2023-3740Insufficient validation of untrusted input in Themes in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to potentially serve malicious content to a user via a crafted background URL. (Chromium security severity: Low)4.3https://nvd.nist.gov/vuln/detail/CVE-2023-3740
CVE-2023-1210An issue has been discovered in GitLab affecting all versions starting from 12.9 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible to leak a user's email via an error message for groups that restrict membership by email domain.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-1210
CVE-2023-38990An issue in the delete function in the MenuController class of jeesite v1.2.6 allows authenticated attackers to arbitrarily delete menus created by the Administrator.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-38990
CVE-2022-2346In affected versions of Octopus Deploy it is possible for a low privileged guest user to interact with extension endpoints.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-2346
CVE-2022-2416In affected versions of Octopus Deploy it is possible for a low privileged guest user to craft a request that allows enumeration/recon of an environment.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-2416
CVE-2023-2022An issue has been discovered in GitLab CE/EE affecting all versions starting before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2, which leads to developers being able to create pipeline schedules on protected branches even if they don't have access to merge4.3https://nvd.nist.gov/vuln/detail/CVE-2023-2022
CVE-2023-3426The organization selector in Liferay Portal 7.4.3.81 through 7.4.3.85, and Liferay DXP 7.4 update 81 through 85 does not check user permission, which allows remote authenticated users to obtain a list of all organizations.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-3426
CVE-2023-26430Attackers with access to user accounts can inject arbitrary control characters to SIEVE mail-filter rules. This could be abused to access SIEVE extension that are not allowed by App Suite or to inject rules which would break per-user filter processing, requiring manual cleanup of such rules. We have added sanitization to all mail-filter APIs to avoid forwardning control characters to subsystems. No publicly available exploits are known.\n\n4.3https://nvd.nist.gov/vuln/detail/CVE-2023-26430
CVE-2023-38419An authenticated attacker with guest privileges or higher can cause the iControl SOAP process to terminate by sending undisclosed requests.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-38419
CVE-2023-30952A security defect was discovered in Foundry Issues that enabled users to create convincing phishing links by editing the request sent when creating an Issue. This defect was resolved in Frontend release 6.228.0 .4.3https://nvd.nist.gov/vuln/detail/CVE-2023-30952
CVE-2023-39343Sulu is an open-source PHP content management system based on the Symfony framework. It allows over the Admin Login form to detect which user (username, email) exists and which one do not exist. Sulu Installation not using the old Symfony 5.4 security System and previous version are not impacted by this Security issue. The vulnerability has been patched in version 2.5.10. \n\n4.3https://nvd.nist.gov/vuln/detail/CVE-2023-39343
CVE-2021-31171Microsoft SharePoint Information Disclosure Vulnerability4.1https://nvd.nist.gov/vuln/detail/CVE-2021-31171
CVE-2023-28322An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.3.7https://nvd.nist.gov/vuln/detail/CVE-2023-28322
CVE-2023-23934Werkzeug is a comprehensive WSGI web application library. Browsers may allow "nameless" cookies that look like `=value` instead of `key=value`. A vulnerable browser may allow a compromised application on an adjacent subdomain to exploit this to set a cookie like `=__Host-test=bad` for another subdomain. Werkzeug prior to 2.2.3 will parse the cookie `=__Host-test=bad` as __Host-test=bad`. If a Werkzeug application is running next to a vulnerable or malicious subdomain which sets such a cookie using a vulnerable browser, the Werkzeug application will see the bad cookie value but the valid cookie key. The issue is fixed in Werkzeug 2.2.3.3.5https://nvd.nist.gov/vuln/detail/CVE-2023-23934
CVE-2023-33229The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject passive HTML.3.5https://nvd.nist.gov/vuln/detail/CVE-2023-33229
CVE-2020-8908A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured.\n\n3.3https://nvd.nist.gov/vuln/detail/CVE-2020-8908
CVE-2023-38496Apptainer is an open source container platform. Version 1.2.0-rc.2 introduced an ineffective privilege drop when requesting container network setup, therefore subsequent functions are called with root privileges, the attack surface is rather limited for users but an attacker could possibly craft a starter config to delete any directory on the host filesystems. A security fix has been included in Apptainer 1.2.1. There is no known workaround outside of upgrading to Apptainer 1.2.1.3.3https://nvd.nist.gov/vuln/detail/CVE-2023-38496
CVE-2023-3669A missing Brute-Force protection in CODESYS Development System prior to 3.5.19.20 allows a local attacker to have unlimited attempts of guessing the password within an import dialog.3.3https://nvd.nist.gov/vuln/detail/CVE-2023-3669
CVE-2023-26442In case Cacheservice was configured to use a sproxyd object-storage backend, it would follow HTTP redirects issued by that backend. An attacker with access to a local or restricted network with the capability to intercept and replay HTTP requests to sproxyd (or who is in control of the sproxyd service) could perform a server-side request-forgery attack and make Cacheservice connect to unexpected resources. We have disabled the ability to follow HTTP redirects when connecting to sproxyd resources. No publicly available exploits are known.\n\n3.2https://nvd.nist.gov/vuln/detail/CVE-2023-26442
CVE-2023-37904Discourse is an open source discussion platform. Prior to version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches, more users than permitted could be created from invite links. The issue is patched in version 3.0.6 of the `stable` branch and version 3.1.0.beta7 of the `beta` and `tests-passed` branches. As a workaround, use restrict to email address invites.3.1https://nvd.nist.gov/vuln/detail/CVE-2023-37904
CVE-2022-4923Inappropriate implementation in Omnibox in Google Chrome prior to 99.0.4844.51 allowed an attacker in a privileged network position to perform a man-in-the-middle attack via malicious network traffic. (Chromium security severity: Low)3.1https://nvd.nist.gov/vuln/detail/CVE-2022-4923
CVE-2023-26438External service lookups for a number of protocols were vulnerable to a time-of-check/time-of-use (TOCTOU) weakness, involving the JDK DNS cache. Attackers that were timing DNS cache expiry correctly were able to inject configuration that would bypass existing network deny-lists. Attackers could exploit this weakness to discover the existence of restricted network infrastructure and service availability. Improvements were made to include deny-lists not only during the check of the provided connection data, but also during use. No publicly available exploits are known.\n\n3.1https://nvd.nist.gov/vuln/detail/CVE-2023-26438
CVE-2023-26979Bluetens Electrostimulation Device BluetensQ device app version 4.3.15 is vulnerable to Man-in-the-middle attacks in the BLE channel. It allows attackers to decrease or increase the intensity of the stimulator by hijacking the BLE communication.3.1https://nvd.nist.gov/vuln/detail/CVE-2023-26979
CVE-2023-37900Crossplane is a framework for building cloud native control planes without needing to write code. In versions prior to 1.11.5, 1.12.3, and 1.13.0, a high-privileged user could create a Package referencing an arbitrarily large image containing that Crossplane would then parse, possibly resulting in exhausting all the available memory and therefore in the container being OOMKilled. The impact is limited due to the high privileges required to be able to create the Package and the eventually consistency nature of controller. This issue is fixed in versions 1.11.5, 1.12.3, and 1.13.0.2.7https://nvd.nist.gov/vuln/detail/CVE-2023-37900
CVE-2001-0084GTK+ library allows local users to specify arbitrary modules via the GTK_MODULES environmental variable, which could allow local users to gain privileges if GTK+ is used by a setuid/setgid program.https://nvd.nist.gov/vuln/detail/CVE-2001-0084
CVE-2002-1119os._execvpe from os.py in Python 2.2.1 and earlier creates temporary files with predictable names, which could allow local users to execute arbitrary code via a symlink attack.https://nvd.nist.gov/vuln/detail/CVE-2002-1119
CVE-2004-0150Buffer overflow in the getaddrinfo function in Python 2.2 before 2.2.2, when IPv6 support is disabled, allows remote attackers to execute arbitrary code via an IPv6 address that is obtained using DNS.https://nvd.nist.gov/vuln/detail/CVE-2004-0150
CVE-2005-0372Directory traversal vulnerability in gftp before 2.0.18 for GTK+ allows remote malicious FTP servers to read arbitrary files via .. (dot dot) sequences in filenames returned from a LIST command.https://nvd.nist.gov/vuln/detail/CVE-2005-0372
CVE-2005-0089The SimpleXMLRPCServer library module in Python 2.2, 2.3 before 2.3.5, and 2.4, when used by XML-RPC servers that use the register_instance method to register an object without a _dispatch method, allows remote attackers to read or modify globals of the associated module, and possibly execute arbitrary code, via dotted attributes.https://nvd.nist.gov/vuln/detail/CVE-2005-0089
CVE-2005-2976Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 allows attackers to cause a denial of service (crash) or execute arbitrary code via an XPM file with large height, width, and colour values, a different vulnerability than CVE-2005-3186.https://nvd.nist.gov/vuln/detail/CVE-2005-2976
CVE-2006-1542Stack-based buffer overflow in Python 2.4.2 and earlier, running on Linux 2.6.12.5 under gcc 4.0.3 with libc 2.3.5, allows local users to cause a "stack overflow," and possibly gain privileges, by running a script from a current working directory that has a long name, related to the realpath function. NOTE: this might not be a vulnerability. However, the fact that it appears in a programming language interpreter could mean that some applications are affected, although attack scenarios might be limited because the attacker might already need to cross privilege boundaries to cause an exploitable program to be placed in a directory with a long name; or, depending on the method that Python uses to determine the current working directory, setuid applications might be affected.https://nvd.nist.gov/vuln/detail/CVE-2006-1542
CVE-2006-4980Buffer overflow in the repr function in Python 2.3 through 2.6 before 20060822 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via crafted wide character UTF-32/UCS-4 strings to certain scripts.https://nvd.nist.gov/vuln/detail/CVE-2006-4980
CVE-2007-2052Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination.https://nvd.nist.gov/vuln/detail/CVE-2007-2052
CVE-2007-4165Cross-site scripting (XSS) vulnerability in index.php in the Blue Memories theme 1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter, possibly a related issue to CVE-2007-2757 and CVE-2007-4014. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.https://nvd.nist.gov/vuln/detail/CVE-2007-4165
CVE-2007-4559Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.https://nvd.nist.gov/vuln/detail/CVE-2007-4559
CVE-2007-4965Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) the tovideo method, and unspecified other vectors related to (2) imageop.c, (3) rbgimgmodule.c, and other files, which trigger heap-based buffer overflows.https://nvd.nist.gov/vuln/detail/CVE-2007-4965
CVE-2008-0198Multiple cross-site request forgery (CSRF) vulnerabilities in wp-contact-form/options-contactform.php in the WP-ContactForm 1.5 alpha and earlier plugin for WordPress allow remote attackers to perform actions as administrators via the (1) wpcf_question, (2) wpcf_success_msg, or (3) wpcf_error_msg parameter to wp-admin/admin.php.https://nvd.nist.gov/vuln/detail/CVE-2008-0198
CVE-2007-6677Cross-site scripting (XSS) vulnerability in Peter's Random Anti-Spam Image 0.2.4 and earlier plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the comment field in the comment form.https://nvd.nist.gov/vuln/detail/CVE-2007-6677
CVE-2008-0491SQL injection vulnerability in fim_rss.php in the fGallery 2.4.1 plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the album parameter.https://nvd.nist.gov/vuln/detail/CVE-2008-0491
CVE-2008-0618Multiple cross-site scripting (XSS) vulnerabilities in the DMSGuestbook 1.8.0 and 1.7.0 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) gbname, (2) gbemail, (3) gburl, and (4) gbmsg parameters to unspecified programs. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.https://nvd.nist.gov/vuln/detail/CVE-2008-0618
CVE-2008-0617Multiple cross-site scripting (XSS) vulnerabilities in the DMSGuestbook 1.7.0 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) file parameter to wp-admin/admin.php, or the (2) messagefield parameter in the guestbook page, and the (3) title parameter in the messagearea.https://nvd.nist.gov/vuln/detail/CVE-2008-0617
CVE-2008-0616SQL injection vulnerability in the administration panel in the DMSGuestbook 1.7.0 plugin for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors. NOTE: it is not clear whether this issue crosses privilege boundaries.https://nvd.nist.gov/vuln/detail/CVE-2008-0616
CVE-2008-0615Directory traversal vulnerability in wp-admin/admin.php in the DMSGuestbook 1.8.0 and 1.7.0 plugin for WordPress allows remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) folder and (2) file parameters.https://nvd.nist.gov/vuln/detail/CVE-2008-0615
CVE-2008-1679Multiple integer overflows in imageop.c in Python before 2.5.3 allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows. NOTE: this issue is due to an incomplete fix for CVE-2007-4965.https://nvd.nist.gov/vuln/detail/CVE-2008-1679
CVE-2008-3144Multiple integer overflows in the PyOS_vsnprintf function in Python/mysnprintf.c in Python 2.5.2 and earlier allow context-dependent attackers to cause a denial of service (memory corruption) or have unspecified other impact via crafted input to string formatting operations. NOTE: the handling of certain integer values is also affected by related integer underflows and an off-by-one error.https://nvd.nist.gov/vuln/detail/CVE-2008-3144
CVE-2008-3143Multiple integer overflows in Python before 2.5.2 might allow context-dependent attackers to have an unknown impact via vectors related to (1) Include/pymem.h; (2) _csv.c, (3) _struct.c, (4) arraymodule.c, (5) audioop.c, (6) binascii.c, (7) cPickle.c, (8) cStringIO.c, (9) cjkcodecs/multibytecodec.c, (10) datetimemodule.c, (11) md5.c, (12) rgbimgmodule.c, and (13) stropmodule.c in Modules/; (14) bufferobject.c, (15) listobject.c, and (16) obmalloc.c in Objects/; (17) Parser/node.c; and (18) asdl.c, (19) ast.c, (20) bltinmodule.c, and (21) compile.c in Python/, as addressed by "checks for integer overflows, contributed by Google."https://nvd.nist.gov/vuln/detail/CVE-2008-3143
CVE-2008-2316Integer overflow in _hashopenssl.c in the hashlib module in Python 2.5.2 and earlier might allow context-dependent attackers to defeat cryptographic digests, related to "partial hashlib hashing of data exceeding 4GB."https://nvd.nist.gov/vuln/detail/CVE-2008-2316
CVE-2008-2315Multiple integer overflows in Python 2.5.2 and earlier allow context-dependent attackers to have an unknown impact via vectors related to the (1) stringobject, (2) unicodeobject, (3) bufferobject, (4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and (8) mmapmodule modules. NOTE: The expandtabs integer overflows in stringobject and unicodeobject in 2.5.2 are covered by CVE-2008-5031.https://nvd.nist.gov/vuln/detail/CVE-2008-2315
CVE-2010-0732gdk/gdkwindow.c in GTK+ before 2.18.5, as used in gnome-screensaver before 2.28.1, performs implicit paints on windows of type GDK_WINDOW_FOREIGN, which triggers an X error in certain circumstances and consequently allows physically proximate attackers to bypass screen locking and access an unattended workstation by pressing the Enter key many times.https://nvd.nist.gov/vuln/detail/CVE-2010-0732
CVE-2010-1685Stack-based buffer overflow in CursorArts ZipWrangler 1.20 allows user-assisted remote attackers to execute arbitrary code via a ZIP file containing a file with a long filename.https://nvd.nist.gov/vuln/detail/CVE-2010-1685
CVE-2010-4831Untrusted search path vulnerability in gdk/win32/gdkinput-win32.c in GTK+ before 2.21.8 allows local users to gain privileges via a Trojan horse Wintab32.dll file in the current working directory.https://nvd.nist.gov/vuln/detail/CVE-2010-4831
CVE-2010-4833Untrusted search path vulnerability in modules/engines/ms-windows/xp_theme.c in GTK+ before 2.24.0 allows local users to gain privileges via a Trojan horse uxtheme.dll file in the current working directory, a different vulnerability than CVE-2010-4831.https://nvd.nist.gov/vuln/detail/CVE-2010-4833
CVE-2012-4242Cross-site scripting (XSS) vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page.https://nvd.nist.gov/vuln/detail/CVE-2012-4242
CVE-2014-4872BMC Track-It! 11.3.0.355 does not require authentication on TCP port 9010, which allows remote attackers to upload arbitrary files, execute arbitrary code, or obtain sensitive credential and configuration information via a .NET Remoting request to (1) FileStorageService or (2) ConfigurationService.https://nvd.nist.gov/vuln/detail/CVE-2014-4872
CVE-2014-4873SQL injection vulnerability in TrackItWeb/Grid/GetData in BMC Track-It! 11.3.0.355 allows remote authenticated users to execute arbitrary SQL commands via crafted POST data.https://nvd.nist.gov/vuln/detail/CVE-2014-4873
CVE-2014-4874BMC Track-It! 11.3.0.355 allows remote authenticated users to read arbitrary files by visiting the TrackItWeb/Attachment page.https://nvd.nist.gov/vuln/detail/CVE-2014-4874
CVE-2014-8270BMC Track-It! 11.3 allows remote attackers to gain privileges and execute arbitrary code by creating an account whose name matches that of a local system account, then performing a password reset.https://nvd.nist.gov/vuln/detail/CVE-2014-8270
CVE-2014-1949GTK+ 3.10.9 and earlier, as used in cinnamon-screensaver, gnome-screensaver, and other applications, allows physically proximate attackers to bypass the lock screen by pressing the menu button.https://nvd.nist.gov/vuln/detail/CVE-2014-1949
CVE-2023-30986A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 3), Solid Edge SE2023 (All versions < V223.0 Update 2). Affected applications contain a memory corruption vulnerability while parsing specially crafted STP files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-19561)https://nvd.nist.gov/vuln/detail/CVE-2023-30986
CVE-2023-33383Shelly 4PM Pro four-channel smart switch 0.11.0 allows an attacker to trigger a BLE out of bounds read fault condition that results in a device reload.https://nvd.nist.gov/vuln/detail/CVE-2023-33383
CVE-2023-29409Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable.https://nvd.nist.gov/vuln/detail/CVE-2023-29409
CVE-2023-38744Denial-of-service (DoS) vulnerability due to improper validation of specified type of input issue exists in the built-in EtherNet/IP port of the CJ Series CJ2 CPU unit and the communication function of the CS/CJ Series EtherNet/IP unit. If an affected product receives a packet which is specially crafted by a remote unauthenticated attacker, the unit of the affected product may fall into a denial-of-service (DoS) condition. Affected products/versions are as follows: CJ2M CPU Unit CJ2M-CPU3[] Unit version of the built-in EtherNet/IP section Ver. 2.18 and earlier, CJ2H CPU Unit CJ2H-CPU6[]-EIP Unit version of the built-in EtherNet/IP section Ver. 3.04 and earlier, CS/CJ Series EtherNet/IP Unit CS1W-EIP21 V3.04 and earlier, and CS/CJ Series EtherNet/IP Unit CJ1W-EIP21 V3.04 and earlier.https://nvd.nist.gov/vuln/detail/CVE-2023-38744
CVE-2023-3346Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in MITSUBSHI CNC Series allows a remote unauthenticated attacker to cause Denial of Service (DoS) condition and execute arbitrary code on the product by sending specially crafted packets. In addition, system reset is required for recovery.https://nvd.nist.gov/vuln/detail/CVE-2023-3346
CVE-2023-28468An issue was discovered in FvbServicesRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. The FvbServicesRuntimeDxe SMM module exposes an SMI handler that allows an attacker to interact with the SPI flash at run-time from the OS.https://nvd.nist.gov/vuln/detail/CVE-2023-28468
CVE-2023-2754The Cloudflare WARP client for Windows assigns loopback IPv4 addresses for the DNS Servers, since WARP acts as local DNS server that performs DNS queries in a secure manner, however, if a user is connected to WARP over an IPv6-capable network, te WARP client did not assign loopback IPv6 addresses but Unique Local Addresses, which under certain conditions could point towards unknown devices in the same local network which enables an Attacker to view DNS queries made by the device.\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-2754
CVE-2023-3766A vulnerability was discovered in the odoh-rs rust crate that stems from faulty logic during the parsing of encrypted queries. This issue specifically occurs when processing encrypted query data received from remote clients and enables an attacker with knowledge of this vulnerability to craft and send specially designed encrypted queries to targeted ODOH servers running with odoh-rs. Upon successful exploitation, the server will crash abruptly, disrupting its normal operation and rendering the service temporarily unavailable.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-3766
CVE-2023-33365A path traversal vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows unauthenticated attackers to fetch arbitrary files from the server's web server.https://nvd.nist.gov/vuln/detail/CVE-2023-33365
CVE-2023-33366A SQL injection vulnerability exists in Suprema BioStar 2 before 2.9.1, which allows authenticated users to inject arbitrary SQL directives into an SQL statement and execute arbitrary SQL commands.https://nvd.nist.gov/vuln/detail/CVE-2023-33366
CVE-2023-38947An arbitrary file upload vulnerability in the /languages/install.php component of WBCE CMS v1.6.1 allows attackers to execute arbitrary code via a crafted PHP file.https://nvd.nist.gov/vuln/detail/CVE-2023-38947
CVE-2023-39075Renault Zoe EV 2021 automotive infotainment system versions 283C35202R to 283C35519R (builds 11.10.2021 to 16.01.2023) allows attackers to crash the infotainment system by sending arbitrary USB data via a USB device.https://nvd.nist.gov/vuln/detail/CVE-2023-39075
CVE-2023-38942Dango-Translator v4.5.5 was discovered to contain a remote command execution (RCE) vulnerability via the component app/config/cloud_config.json.https://nvd.nist.gov/vuln/detail/CVE-2023-38942
CVE-2023-3749A local user could edit the VideoEdge configuration file and interfere with VideoEdge operation.https://nvd.nist.gov/vuln/detail/CVE-2023-3749
CVE-2023-20181A vulnerability in the web-based management interface of Cisco Small Business SPA500 Series IP Phones could allow an unauthenticated, remote attacker to conduct XSS attacks. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.https://nvd.nist.gov/vuln/detail/CVE-2023-20181
CVE-2023-20214A vulnerability in the request authentication validation for the REST API of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to gain read permissions or limited write permissions to the configuration of an affected Cisco SD-WAN vManage instance.\r\n\r This vulnerability is due to insufficient request validation when using the REST API feature. An attacker could exploit this vulnerability by sending a crafted API request to an affected vManage instance. A successful exploit could allow the attacker to retrieve information from and send information to the configuration of the affected Cisco vManage instance. This vulnerability only affects the REST API and does not affect the web-based management interface or the CLI.https://nvd.nist.gov/vuln/detail/CVE-2023-20214
CVE-2023-20215A vulnerability in the scanning engines of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass a configured rule, allowing traffic onto a network that should have been blocked.\r\n\r This vulnerability is due to improper detection of malicious traffic when the traffic is encoded with a specific content format. An attacker could exploit this vulnerability by using an affected device to connect to a malicious server and receiving crafted HTTP responses. A successful exploit could allow the attacker to bypass an explicit block rule and receive traffic that should have been rejected by the device.https://nvd.nist.gov/vuln/detail/CVE-2023-20215
CVE-2023-20216A vulnerability in the privilege management functionality of all Cisco BroadWorks server types could allow an authenticated, local attacker to elevate privileges to root on an affected system. \r\n\r This vulnerability is due to incorrect implementation of user role permissions. An attacker could exploit this vulnerability by authenticating to the application as a user with the BWORKS or BWSUPERADMIN role and issuing crafted commands on an affected system. A successful exploit could allow the attacker to execute commands beyond the sphere of their intended access level, including initiating installs or running operating system commands with elevated permissions.\r\n\r There are workarounds that address this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-20216
CVE-2023-20218A vulnerability in web-based management interface of Cisco SPA500 Series Analog Telephone Adapters (ATAs) could allow an authenticated, remote attacker to to modify a web page in the context of a user's browser.\r\n\r This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to alter the contents of a web page to redirect the user to potentially malicious websites, or the attacker could use this vulnerability to conduct further client-side attacks.\r\n\r Cisco will not release software updates that address this vulnerability. \r\n\r {{value}} ["%7b%7bvalue%7d%7d"])}]]https://nvd.nist.gov/vuln/detail/CVE-2023-20218
CVE-2023-30950The foundry campaigns service was found to be vulnerable to an unauthenticated information disclosure in a rest endpointhttps://nvd.nist.gov/vuln/detail/CVE-2023-30950
CVE-2023-30951The Foundry Magritte plugin rest-source was found to be vulnerable to an an XML external Entity attack (XXE).https://nvd.nist.gov/vuln/detail/CVE-2023-30951
CVE-2023-0525Weak Encoding for Password vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT27 model versions 01.49.000 and prior, GT25 model versions 01.49.000 and prior, GT23 model versions 01.49.000 and prior, GT21 model versions 01.49.000 and prior, GOT SIMPLE Series GS25 model versions 01.49.000 and prior, GS21 model versions 01.49.000 and prior, GT Designer3 Version1 (GOT2000) versions 1.295H and prior and GT SoftGOT2000 versions 1.295H and prior allows a remote unauthenticated attacker to obtain plaintext passwords by sniffing packets containing encrypted passwords and decrypting the encrypted passwords, in the case of transferring data with GT Designer3 Version1(GOT2000) and GOT2000 Series or GOT SIMPLE Series with the Data Transfer Security function enabled, or in the case of transferring data by the SoftGOT-GOT link function with GT SoftGOT2000 and GOT2000 series with the Data Transfer Security function enabled.https://nvd.nist.gov/vuln/detail/CVE-2023-0525
CVE-2023-30297An issue found in N-able Technologies N-central Server before 2023.4 allows a local attacker to execute arbitrary code via the monitoring function of the server.https://nvd.nist.gov/vuln/detail/CVE-2023-30297
CVE-2023-38941django-sspanel v2022.2.2 was discovered to contain a remote command execution (RCE) vulnerability via the component sspanel/admin_view.py -> GoodsCreateView._post.https://nvd.nist.gov/vuln/detail/CVE-2023-38941
CVE-2023-3373Predictable Exact Value from Previous Values vulnerability in Mitsubishi Electric Corporation GOT2000 Series GT21 model versions 01.49.000 and prior and GOT SIMPLE Series GS21 model versions 01.49.000 and prior allows a remote unauthenticated attacker to hijack data connections (session hijacking) or prevent legitimate users from establishing data connections (to cause DoS condition) by guessing the listening port of the data connection on FTP server and connecting to it.https://nvd.nist.gov/vuln/detail/CVE-2023-3373
CVE-2023-38708Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. A path traversal vulnerability exists in the `AssetController::importServerFilesAction`, which allows an attacker to overwrite or modify sensitive files by manipulating the pimcore_log parameter.This can lead to potential denial of service---key file overwrite.\nThe impact of this vulnerability allows attackers to: overwrite or modify sensitive files, potentially leading to unauthorized access, privilege escalation, or disclosure of confidential information. This could also cause a denial of service (DoS) if critical system files are overwritten or deleted.https://nvd.nist.gov/vuln/detail/CVE-2023-38708
CVE-2023-39379Fujitsu Software Infrastructure Manager (ISM) stores sensitive information at the product's maintenance data (ismsnap) in cleartext form. As a result, the password for the proxy server that is configured in ISM may be retrieved. Affected products and versions are as follows: Fujitsu Software Infrastructure Manager Advanced Edition V2.8.0.060, Fujitsu Software Infrastructure Manager Advanced Edition for PRIMEFLEX V2.8.0.060, and Fujitsu Software Infrastructure Manager Essential Edition V2.8.0.060.\r\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-39379
CVE-2023-34037VMware Horizon Server contains a HTTP request smuggling vulnerability. A malicious actor with network access may be able to perform HTTP smuggle requests.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-34037
CVE-2023-34038VMware Horizon Server contains an information disclosure vulnerability. A malicious actor with network access may be able to access information relating to the internal network configuration.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-34038
CVE-2023-4135A heap out-of-bounds memory read flaw was found in the virtual nvme device in QEMU. The QEMU process does not validate an offset provided by the guest before computing a host heap pointer, which is used for copying data back to the guest. Arbitrary heap memory relative to an allocated buffer can be disclosed.https://nvd.nist.gov/vuln/detail/CVE-2023-4135
CVE-2023-29505An issue was discovered in Zoho ManageEngine Network Configuration Manager 12.6.165. The WebSocket endpoint allows Cross-site WebSocket hijacking.https://nvd.nist.gov/vuln/detail/CVE-2023-29505
CVE-2023-29689PyroCMS 3.9 contains a remote code execution (RCE) vulnerability that can be exploited through a server-side template injection (SSTI) flaw. This vulnerability allows a malicious attacker to send customized commands to the server and execute arbitrary code on the affected system.https://nvd.nist.gov/vuln/detail/CVE-2023-29689
CVE-2023-36480The Aerospike Java client is a Java application that implements a network protocol to communicate with an Aerospike server. Prior to versions 7.0.0, 6.2.0, 5.2.0, and 4.5.0 some of the messages received from the server contain Java objects that the client deserializes when it encounters them without further validation. Attackers that manage to trick clients into communicating with a malicious server can include especially crafted objects in its responses that, once deserialized by the client, force it to execute arbitrary code. This can be abused to take control of the machine the client is running on. Versions 7.0.0, 6.2.0, 5.2.0, and 4.5.0 contain a patch for this issue.https://nvd.nist.gov/vuln/detail/CVE-2023-36480
CVE-2023-37470Metabase is an open-source business intelligence and analytics platform. Prior to versions 0.43.7.3, 0.44.7.3, 0.45.4.3, 0.46.6.4, 1.43.7.3, 1.44.7.3, 1.45.4.3, and 1.46.6.4, a vulnerability could potentially allow remote code execution on one's Metabase server. The core issue is that one of the supported data warehouses (an embedded in-memory database H2), exposes a number of ways for a connection string to include code that is then executed by the process running the embedded database. Because Metabase allows users to connect to databases, this means that a user supplied string can be used to inject executable code. Metabase allows users to validate their connection string before adding a database (including on setup), and this validation API was the primary vector used as it can be called without validation. Versions 0.43.7.3, 0.44.7.3, 0.45.4.3, 0.46.6.4, 1.43.7.3, 1.44.7.3, 1.45.4.3, and 1.46.6.4 fix this issue by removing the ability of users to add H2 databases entirely. As a workaround, it is possible to block these vulnerabilities at the network level by blocking the endpoints `POST /api/database`, `PUT /api/database/:id`, and `POST /api/setup/validateuntil`. Those who use H2 as a file-based database should migrate to SQLite.https://nvd.nist.gov/vuln/detail/CVE-2023-37470
CVE-2023-37896Nuclei is a vulnerability scanner. Prior to version 2.9.9, a security issue in the Nuclei project affected users utilizing Nuclei as Go code (SDK) running custom templates. This issue did not affect CLI users. The problem was related to sanitization issues with payload loading in sandbox mode. There was a potential risk with payloads loading in sandbox mode. The issue occurred due to relative paths not being converted to absolute paths before doing the check for `sandbox` flag allowing arbitrary files to be read on the filesystem in certain cases when using Nuclei from `Go` SDK implementation. \n\nThis issue has been fixed in version 2.9.9. The maintainers have also enabled sandbox by default for filesystem loading. This can be optionally disabled if required. The `-sandbox` option has been deprecated and is now divided into two new options: `-lfa` (allow local file access) which is enabled by default and `-lna` (restrict local network access) which can be enabled by users optionally. The `-lfa` allows file (payload) access anywhere on the system (disabling sandbox effectively), and `-lna` blocks connections to the local/private network.https://nvd.nist.gov/vuln/detail/CVE-2023-37896
CVE-2023-38487HedgeDoc is software for creating real-time collaborative markdown notes. Prior to version 1.9.9, the API of HedgeDoc 1 can be used to create notes with an alias matching the ID of existing notes. The affected existing note can then not be accessed anymore and is effectively hidden by the new one.\n\nWhen the freeURL feature is enabled (by setting the `allowFreeURL` config option or the `CMD_ALLOW_FREEURL` environment variable to `true`), any user with the appropriate permissions can create a note by making a POST request to the `/new/<ALIAS>` API endpoint. The `<ALIAS>` parameter can be set to the ID of an existing note. HedgeDoc did not verify whether the provided `<ALIAS>` value corresponds to a valid ID of an existing note and always allowed creation of the new note. When a visitor tried to access the existing note, HedgeDoc will first search for a note with a matching alias before it searches using the ID, therefore only the new note can be accessed.\n\nDepending on the permission settings of the HedgeDoc instance, the issue can be exploited only by logged-in users or by all (including non-logged-in) users. The exploit requires knowledge of the ID of the target note. Attackers could use this issue to present a manipulated copy of the original note to the user, e.g. by replacing the links with malicious ones. Attackers can also use this issue to prevent access to the original note, causing a denial of service. No data is lost, as the original content of the affected notes is still present in the database.\n\nThis issue was fixed in version 1.9.9. As a workaround, disabling freeURL mode prevents the exploitation of this issue. The impact can be limited by restricting freeURL note creation to trusted, logged-in users by enabling `requireFreeURLAuthentication`/`CMD_REQUIRE_FREEURL_AUTHENTICATION`.https://nvd.nist.gov/vuln/detail/CVE-2023-38487
CVE-2023-38497Cargo downloads the Rust project’s dependencies and compiles the project. Cargo prior to version 0.72.2, bundled with Rust prior to version 1.71.1, did not respect the umask when extracting crate archives on UNIX-like systems. If the user downloaded a crate containing files writeable by any local user, another local user could exploit this to change the source code compiled and executed by the current user. To prevent existing cached extractions from being exploitable, the Cargo binary version 0.72.2 included in Rust 1.71.1 or later will purge caches generated by older Cargo versions automatically. As a workaround, configure one's system to prevent other local users from accessing the Cargo directory, usually located in `~/.cargo`.https://nvd.nist.gov/vuln/detail/CVE-2023-38497
CVE-2023-38686Sydent is an identity server for the Matrix communications protocol. Prior to version 2.5.6, if configured to send emails using TLS, Sydent does not verify SMTP servers' certificates. This makes Sydent's emails vulnerable to interception via a man-in-the-middle (MITM) attack. Attackers with privileged access to the network can intercept room invitations and address confirmation emails. This is patched in Sydent 2.5.6. When patching, make sure that Sydent trusts the certificate of the server it is connecting to. This should happen automatically when using properly issued certificates. Those who use self-signed certificates should make sure to copy their Certification Authority certificate, or their self signed certificate if using only one, to the trust store of your operating system. As a workaround, one can ensure Sydent's emails fail to send by setting the configured SMTP server to a loopback or non-routable address under one's control which does not have a listening SMTP server.https://nvd.nist.gov/vuln/detail/CVE-2023-38686
CVE-2023-38688twitch-tui provides Twitch chat in a terminal. Prior to version 2.4.1, the connection is not using TLS for communication. In the configuration of the irc connection, the software disables TLS, which makes all communication to Twitch IRC servers unencrypted. As a result, communication, including auth tokens, can be sniffed. Version 2.4.1 has a patch for this issue.https://nvd.nist.gov/vuln/detail/CVE-2023-38688
CVE-2023-38689Logistics Pipes is a modification (a.k.a. mod) for the computer game Minecraft Java Edition. The mod used Java's `ObjectInputStream#readObject` on untrusted data coming from clients or servers over the network resulting in possible remote code execution when sending specifically crafted network packets after connecting. The affected versions were released between 2013 and 2016 and the issue (back then unknown) was fixed in 2016 by a refactoring of the network IO code. \nThe issue is present in all Logistics Pipes versions ranged from 0.7.0.91 prior to 0.10.0.71, which were downloaded from different platforms summing up to multi-million downloads. For Minecraft version 1.7.10 the issue was fixed in build 0.10.0.71. Everybody on Minecraft 1.7.10 should check their version number of Logistics Pipes in their modlist and update, if the version number is smaller than 0.10.0.71. Any newer supported Minecraft version (like 1.12.2) never had a Logistics Pipes version with vulnerable code. The best available workaround for vulnerable versions is to play in singleplayer only or update to newer Minecraft versions and modpacks.https://nvd.nist.gov/vuln/detail/CVE-2023-38689
CVE-2023-38690matrix-appservice-irc is a Node.js IRC bridge for Matrix. Prior to version 1.0.1, it is possible to craft a command with newlines which would not be properly parsed. This would mean you could pass a string of commands as a channel name, which would then be run by the IRC bridge bot. Versions 1.0.1 and above are patched. There are no robust workarounds to the bug. One may disable dynamic channels in the config to disable the most common execution method but others may exist.https://nvd.nist.gov/vuln/detail/CVE-2023-38690
CVE-2023-38691matrix-appservice-bridge provides an API for setting up bridges. Starting in version 4.0.0 and prior to versions 8.1.2 and 9.0.1, a malicious Matrix server can use a foreign user's MXID in an OpenID exchange, allowing a bad actor to impersonate users when using the provisioning API. The library does not check that the servername part of the `sub` parameter (containing the user's *claimed* MXID) is the the same as the servername we are talking to. A malicious actor could spin up a server on any given domain, respond with a `sub` parameter according to the user they want to act as and use the resulting token to perform provisioning requests. Versions 8.1.2 and 9.0.1 contain a patch. As a workaround, disable the provisioning API.https://nvd.nist.gov/vuln/detail/CVE-2023-38691
CVE-2023-0264A flaw was found in Keycloaks OpenID Connect user authentication, which may incorrectly authenticate requests. An authenticated attacker who could obtain information from a user request within the same realm could use that data to impersonate the victim and generate new session tokens. This issue could impact confidentiality, integrity, and availability.https://nvd.nist.gov/vuln/detail/CVE-2023-0264
CVE-2023-33379Connected IO v2.1.0 and prior has a misconfiguration in their MQTT broker used for management and device communication, which allows devices to connect to the broker and issue commands to other device, impersonating Connected IO management platform and sending commands to all of Connected IO's devices.https://nvd.nist.gov/vuln/detail/CVE-2023-33379
CVE-2023-38332Zoho ManageEngine ADManager Plus through 7201 allow authenticated users to take over another user's account via sensitive information disclosure.https://nvd.nist.gov/vuln/detail/CVE-2023-38332
CVE-2023-38692CloudExplorer Lite is an open source, lightweight cloud management platform. Versions prior to 1.3.1 contain a command injection vulnerability in the installation function in module management. The vulnerability has been fixed in v1.3.1. There are no known workarounds aside from upgrading.https://nvd.nist.gov/vuln/detail/CVE-2023-38692
CVE-2023-38695cypress-image-snapshot shows visual regressions in Cypress with jest-image-snapshot. Prior to version 8.0.2, it's possible for a user to pass a relative file path for the snapshot name and reach outside of the project directory into the machine running the test. This issue has been patched in version 8.0.2.\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-38695
CVE-2023-38697protocol-http1 provides a low-level implementation of the HTTP/1 protocol. RFC 9112 Section 7.1 defined the format of chunk size, chunk data and chunk extension. The value of Content-Length header should be a string of 0-9 digits, the chunk size should be a string of hex digits and should split from chunk data using CRLF, and the chunk extension shouldn't contain any invisible character. However, Falcon has following behaviors while disobey the corresponding RFCs: accepting Content-Length header values that have `+` prefix, accepting Content-Length header values that written in hexadecimal with `0x` prefix, accepting `0x` and `+` prefixed chunk size, and accepting LF in chunk extension. This behavior can lead to desync when forwarding through multiple HTTP parsers, potentially results in HTTP request smuggling and firewall bypassing. This issue is fixed in `protocol-http1` v0.15.1. There are no known workarounds.https://nvd.nist.gov/vuln/detail/CVE-2023-38697
CVE-2023-38698Ethereum Name Service (ENS) is a distributed, open, and extensible naming system based on the Ethereum blockchain. According to the documentation, controllers are allowed to register new domains and extend the expiry of existing domains, but they cannot change the ownership or reduce the expiration time of existing domains. However, a preliminary analysis suggests that an attacker-controlled controller may be able to reduce the expiration time of existing domains due to an integer overflow in the renew function. The vulnerability resides `@ensdomains/ens-contracts` prior to version 0.0.22.\n\nIf successfully exploited, this vulnerability would enable attackers to force the expiration of any ENS record, ultimately allowing them to claim the affected domains for themselves. Currently, it would require a malicious DAO to exploit it. Nevertheless, any vulnerability present in the controllers could potentially render this issue exploitable in the future. An additional concern is the possibility of renewal discounts. Should ENS decide to implement a system that offers unlimited .eth domains for a fixed fee in the future, the vulnerability could become exploitable by any user due to the reduced attack cost.\n\nVersion 0.0.22 contains a patch for this issue. As long as registration cost remains linear or superlinear based on registration duration, or limited to a reasonable maximum (eg, 1 million years), this vulnerability could only be exploited by a malicious DAO. The interim workaround is thus to take no action.\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-38698
CVE-2023-38699MindsDB's AI Virtual Database allows developers to connect any AI/ML model to any datasource. Prior to version 23.7.4.0, a call to requests with `verify=False` disables SSL certificate checks. This rule enforces always verifying SSL certificates for methods in the Requests library. In version 23.7.4.0, certificates are validated by default, which is the desired behavior.https://nvd.nist.gov/vuln/detail/CVE-2023-38699
CVE-2023-39107An arbitrary file overwrite vulnerability in NoMachine Free Edition and Enterprise Client for macOS before v8.8.1 allows attackers to overwrite root-owned files by using hardlinks.https://nvd.nist.gov/vuln/detail/CVE-2023-39107
CVE-2023-4157Improper Input Validation in GitHub repository omeka/omeka-s prior to 4.0.3.https://nvd.nist.gov/vuln/detail/CVE-2023-4157
CVE-2023-4159Unrestricted Upload of File with Dangerous Type in GitHub repository omeka/omeka-s prior to 4.0.3.https://nvd.nist.gov/vuln/detail/CVE-2023-4159
CVE-2023-38700matrix-appservice-irc is a Node.js IRC bridge for Matrix. Prior to version 1.0.1, it was possible to craft an event such that it would leak part of a targeted message event from another bridged room. This required knowing an event ID to target. Version 1.0.1n fixes this issue. As a workaround, set the `matrixHandler.eventCacheSize` config value to `0`. This workaround may impact performance.https://nvd.nist.gov/vuln/detail/CVE-2023-38700
CVE-2023-38702Knowage is an open source analytics and business intelligence suite. Starting in the 6.x.x branch and prior to version 8.1.8, the endpoint `/knowage/restful-services/dossier/importTemplateFile` allows authenticated users to upload `template file` on the server, but does not need any authorization to be reached. When the JSP file is uploaded, the attacker just needs to connect to `/knowageqbeengine/foo.jsp` to gain code execution on the server. By exploiting this vulnerability, an attacker with low privileges can upload a JSP file to the `knowageqbeengine` directory and gain code execution capability on the server. This issue has been patched in Knowage version 8.1.8.https://nvd.nist.gov/vuln/detail/CVE-2023-38702
CVE-2022-4955Inappropriate implementation in DevTools in Google Chrome prior to 108.0.5359.71 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)https://nvd.nist.gov/vuln/detail/CVE-2022-4955
CVE-2023-39344social-media-skeleton is an uncompleted social media project. A SQL injection vulnerability in the project allows UNION based injections, which indirectly leads to remote code execution. Commit 3cabdd35c3d874608883c9eaf9bf69b2014d25c1 contains a fix for this issue.https://nvd.nist.gov/vuln/detail/CVE-2023-39344
CVE-2020-26064A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system.\r\n The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by persuading a user to import a crafted XML file with malicious entries. A successful exploit could allow the attacker to read and write files within the affected application.https://nvd.nist.gov/vuln/detail/CVE-2020-26064
CVE-2020-26065A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system.\r\n The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to view arbitrary files on the affected system.https://nvd.nist.gov/vuln/detail/CVE-2020-26065
CVE-2020-26082A vulnerability in the zip decompression engine of Cisco AsyncOS Software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to bypass content filters that are configured on an affected device.\r\n The vulnerability is due to improper handling of password-protected zip files. An attacker could exploit this vulnerability by sending a malicious file inside a crafted zip-compressed file to an affected device. A successful exploit could allow the attacker to bypass configured content filters that would normally drop the email.https://nvd.nist.gov/vuln/detail/CVE-2020-26082
CVE-2023-39346LinuxASMCallGraph is software for drawing the call graph of the programming code. Linux ASMCallGraph before commit 20dba06bd1a3cf260612d4f21547c25002121cd5 allows attackers to cause a remote code execution on the server side via uploading a crafted ZIP file due to incorrect filtering rules of uploaded file. The problem has been patched in commit 20dba06bd1a3cf260612d4f21547c25002121cd5. There are no known workarounds.https://nvd.nist.gov/vuln/detail/CVE-2023-39346
CVE-2020-23564File Upload vulnerability in SEMCMS 3.9 allows remote attackers to run arbitrary code via SEMCMS_Upfile.php.https://nvd.nist.gov/vuln/detail/CVE-2020-23564
CVE-2022-46782An issue was discovered in Stormshield SSL VPN Client before 3.2.0. A logged-in user, able to only launch the VPNSSL Client, can use the OpenVPN instance to execute malicious code as administrator on the local machine.https://nvd.nist.gov/vuln/detail/CVE-2022-46782
CVE-2023-33367A SQL injection vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing unauthenticated attackers to write PHP files on the server's root directory, resulting in remote code execution.https://nvd.nist.gov/vuln/detail/CVE-2023-33367
CVE-2023-38943ShuiZe_0x727 v1.0 was discovered to contain a remote command execution (RCE) vulnerability via the component /iniFile/config.ini.https://nvd.nist.gov/vuln/detail/CVE-2023-38943
CVE-2023-36095An issue in Harrison Chase langchain v.0.0.194 allows an attacker to execute arbitrary code via the PALChain,from_math_prompt(llm).run in the python exec method.https://nvd.nist.gov/vuln/detail/CVE-2023-36095
CVE-2023-39508Execution with Unnecessary Privileges, : Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Airflow.The "Run Task" feature enables authenticated user to bypass some of the restrictions put in place. It allows to execute code in the webserver context as well as allows to bypas limitation of access the user has to certain DAGs. The "Run Task" feature is considered dangerous and it has been removed entirely in Airflow 2.6.0\n\nThis issue affects Apache Airflow: before 2.6.0.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-39508
CVE-2023-4165A vulnerability, which was classified as critical, was found in Tongda OA. This affects an unknown part of the file general/system/seal_manage/iweboffice/delete_seal.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-236181 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.https://nvd.nist.gov/vuln/detail/CVE-2023-4165
CVE-2023-4166A vulnerability has been found in Tongda OA and classified as critical. This vulnerability affects unknown code of the file general/system/seal_manage/dianju/delete_log.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-236182 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.https://nvd.nist.gov/vuln/detail/CVE-2023-4166
CVE-2023-4167A vulnerability was found in Media Browser Emby Server 4.7.13.0 and classified as problematic. This issue affects some unknown processing of the file /web/. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-236183.https://nvd.nist.gov/vuln/detail/CVE-2023-4167
CVE-2023-4168A vulnerability was found in Templatecookie Adlisting 2.14.0. It has been classified as problematic. Affected is an unknown function of the file /ad-list of the component Redirect Handler. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-236184. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.https://nvd.nist.gov/vuln/detail/CVE-2023-4168
CVE-2023-4169A vulnerability was found in Ruijie RG-EW1200G 1.0(1)B1P5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /api/sys/set_passwd of the component Administrator Password Handler. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-236185 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.https://nvd.nist.gov/vuln/detail/CVE-2023-4169
CVE-2023-4187Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1-git.https://nvd.nist.gov/vuln/detail/CVE-2023-4187
CVE-2023-4170A vulnerability was found in DedeBIZ 6.2.10. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Article Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-236186 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.https://nvd.nist.gov/vuln/detail/CVE-2023-4170
CVE-2023-4188SQL Injection in GitHub repository instantsoft/icms2 prior to 2.16.1-git.https://nvd.nist.gov/vuln/detail/CVE-2023-4188
CVE-2023-4189Cross-site Scripting (XSS) - Reflected in GitHub repository instantsoft/icms2 prior to 2.16.1-git.https://nvd.nist.gov/vuln/detail/CVE-2023-4189
CVE-2023-4171A vulnerability classified as problematic was found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. This vulnerability affects unknown code of the file \\Service\\FileDownload.ashx. The manipulation of the argument Files leads to path traversal: '../filedir'. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-236206 is the identifier assigned to this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-4171
CVE-2023-30491Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CodeBard CodeBard's Patron Button and Widgets for Patreon plugin <= 2.1.8 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-30491
CVE-2023-34010Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in submodule of David Lingren Media Library Assistant plugin  <= 3.0.7 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-34010
CVE-2023-34377Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Joseph C Dolson My Content Management plugin <= 1.7.6 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-34377
CVE-2023-36678Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WP-buy WP Content Copy Protection & No Right Click plugin <= 3.5.5 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-36678
CVE-2023-36686Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CartFlows Pro plugin <= 1.11.11 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-36686
CVE-2023-36689Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WPFactory WPFactory Helper plugin <= 1.5.2 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-36689
CVE-2023-37873Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WooCommerce Shipping Multiple Addresses plugin <= 3.8.5 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-37873
CVE-2023-37874Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Dimitar Ivanov HTTP Headers plugin <= 1.18.11 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-37874
CVE-2023-4172A vulnerability, which was classified as problematic, has been found in Chengdu Flash Flood Disaster Monitoring and Warning System 2.0. This issue affects some unknown processing of the file \\Service\\FileHandler.ashx. The manipulation of the argument FileDirectory leads to absolute path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-236207.https://nvd.nist.gov/vuln/detail/CVE-2023-4172
CVE-2023-32600Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Rank Math SEO plugin <= 1.0.119 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-32600
CVE-2023-4173A vulnerability, which was classified as problematic, was found in mooSocial mooStore 3.1.6. Affected is an unknown function of the file /search/index. The manipulation of the argument q leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-236208.https://nvd.nist.gov/vuln/detail/CVE-2023-4173
CVE-2023-4174A vulnerability has been found in mooSocial mooStore 3.1.6 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. The attack can be launched remotely. The identifier VDB-236209 was assigned to this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-4174
CVE-2023-4190Insufficient Session Expiration in GitHub repository admidio/admidio prior to 4.2.11.https://nvd.nist.gov/vuln/detail/CVE-2023-4190
CVE-2023-4175A vulnerability was found in mooSocial mooTravel 3.1.8 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. The attack may be launched remotely. VDB-236210 is the identifier assigned to this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-4175
CVE-2023-4176A vulnerability was found in SourceCodester Hospital Management System 1.0. It has been classified as critical. This affects an unknown part of the file appointmentapproval.php. The manipulation of the argument time leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-236211.https://nvd.nist.gov/vuln/detail/CVE-2023-4176
CVE-2023-4177A vulnerability was found in EmpowerID up to 7.205.0.0. It has been rated as problematic. This issue affects some unknown processing of the component Multi-Factor Authentication Code Handler. The manipulation leads to information disclosure. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 7.205.0.1 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-236213 was assigned to this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-4177
CVE-2023-37581Insufficient input validation and sanitation in Weblog Category name, Website About and File Upload features in all versions of Apache Roller on all platforms allows an authenticated user to perform an XSS attack. Mitigation: if you do not have Roller configured for untrusted users, then you need to do nothing because you trust your users to author raw HTML and other web content. If you are running with untrusted users then you should upgrade to Roller 6.1.2 and you should disable Roller's File Upload feature.?\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-37581
CVE-2023-4179A vulnerability classified as critical has been found in SourceCodester Free Hospital Management System for Small Practices 1.0. Affected is an unknown function of the file /vm/doctor/doctors.php?action=view. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-236214 is the identifier assigned to this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-4179
CVE-2023-4180A vulnerability classified as critical was found in SourceCodester Free Hospital Management System for Small Practices 1.0. Affected by this vulnerability is an unknown functionality of the file /vm/login.php. The manipulation of the argument useremail/userpassword leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-236215.https://nvd.nist.gov/vuln/detail/CVE-2023-4180
CVE-2023-4181A vulnerability, which was classified as critical, has been found in SourceCodester Free Hospital Management System for Small Practices 1.0. Affected by this issue is some unknown functionality of the file /vm/admin/delete-doctor.php?id=2 of the component Redirect Handler. The manipulation leads to enforcement of behavioral workflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-236216.https://nvd.nist.gov/vuln/detail/CVE-2023-4181
CVE-2023-4182A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. This affects an unknown part of the file edit_sell.php. The manipulation of the argument up_pid leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-236217 was assigned to this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-4182
CVE-2023-4183A vulnerability has been found in SourceCodester Inventory Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file edit_update.php of the component Password Handler. The manipulation of the argument user_id leads to improper access controls. The attack can be initiated remotely. VDB-236218 is the identifier assigned to this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-4183
CVE-2023-4184A vulnerability was found in SourceCodester Inventory Management System 1.0 and classified as critical. This issue affects some unknown processing of the file sell_return.php. The manipulation of the argument pid leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-236219.https://nvd.nist.gov/vuln/detail/CVE-2023-4184
CVE-2023-4185A vulnerability was found in SourceCodester Online Hospital Management System 1.0. It has been classified as critical. Affected is an unknown function of the file patientlogin.php. The manipulation of the argument loginid/password leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-236220.https://nvd.nist.gov/vuln/detail/CVE-2023-4185
CVE-2023-4186A vulnerability was found in SourceCodester Pharmacy Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file manage_website.php. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-236221 was assigned to this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-4186
CVE-2023-4195PHP Remote File Inclusion in GitHub repository cockpit-hq/cockpit prior to 2.6.3.https://nvd.nist.gov/vuln/detail/CVE-2023-4195
CVE-2023-4196Cross-site Scripting (XSS) - Stored in GitHub repository cockpit-hq/cockpit prior to 2.6.3.https://nvd.nist.gov/vuln/detail/CVE-2023-4196
CVE-2023-4191A vulnerability, which was classified as critical, has been found in SourceCodester Resort Reservation System 1.0. Affected by this issue is some unknown functionality of the file index.php. The manipulation of the argument page leads to file inclusion. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-236234 is the identifier assigned to this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-4191
CVE-2023-4192A vulnerability, which was classified as critical, was found in SourceCodester Resort Reservation System 1.0. This affects an unknown part of the file manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-236235.https://nvd.nist.gov/vuln/detail/CVE-2023-4192
CVE-2023-4193A vulnerability has been found in SourceCodester Resort Reservation System 1.0 and classified as critical. This vulnerability affects unknown code of the file view_fee.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-236236.https://nvd.nist.gov/vuln/detail/CVE-2023-4193
CVE-2022-47350In camera driver, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges neededhttps://nvd.nist.gov/vuln/detail/CVE-2022-47350
CVE-2022-47351In camera driver, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges neededhttps://nvd.nist.gov/vuln/detail/CVE-2022-47351
CVE-2023-33906In Contacts Service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privilegeshttps://nvd.nist.gov/vuln/detail/CVE-2023-33906
CVE-2023-33907In Contacts Service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privilegeshttps://nvd.nist.gov/vuln/detail/CVE-2023-33907
CVE-2023-33908In ims service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privilegeshttps://nvd.nist.gov/vuln/detail/CVE-2023-33908
CVE-2023-33909In Contacts service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privilegeshttps://nvd.nist.gov/vuln/detail/CVE-2023-33909
CVE-2023-33910In Contacts Service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privilegeshttps://nvd.nist.gov/vuln/detail/CVE-2023-33910
CVE-2023-33911In vowifi service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privilegeshttps://nvd.nist.gov/vuln/detail/CVE-2023-33911
CVE-2023-33912In Contacts service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privilegeshttps://nvd.nist.gov/vuln/detail/CVE-2023-33912
CVE-2023-33913In DRM/oemcrypto, there is a possible out of bounds write due to an incorrect calculation of buffer size.This could lead to remote escalation of privilege with System execution privileges neededhttps://nvd.nist.gov/vuln/detail/CVE-2023-33913
CVE-2022-48579UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains.https://nvd.nist.gov/vuln/detail/CVE-2022-48579
CVE-2023-20780In keyinstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08017756; Issue ID: ALPS08017756.https://nvd.nist.gov/vuln/detail/CVE-2023-20780
CVE-2023-20781In keyinstall, there is a possible memory corruption due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08017756; Issue ID: ALPS07905323.https://nvd.nist.gov/vuln/detail/CVE-2023-20781
CVE-2023-20782In keyinstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07550104; Issue ID: ALPS07550103.https://nvd.nist.gov/vuln/detail/CVE-2023-20782
CVE-2023-20783In keyinstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07826905; Issue ID: ALPS07826905.https://nvd.nist.gov/vuln/detail/CVE-2023-20783
CVE-2023-20784In keyinstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07826989; Issue ID: ALPS07826989.https://nvd.nist.gov/vuln/detail/CVE-2023-20784
CVE-2023-20785In audio, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628524; Issue ID: ALPS07628524.https://nvd.nist.gov/vuln/detail/CVE-2023-20785
CVE-2023-20786In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767811; Issue ID: ALPS07767811.https://nvd.nist.gov/vuln/detail/CVE-2023-20786
CVE-2023-20787In thermal, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07648734; Issue ID: ALPS07648734.https://nvd.nist.gov/vuln/detail/CVE-2023-20787
CVE-2023-20788In thermal, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07648734; Issue ID: ALPS07648735.https://nvd.nist.gov/vuln/detail/CVE-2023-20788
CVE-2023-20789In jpeg, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07693193; Issue ID: ALPS07693193.https://nvd.nist.gov/vuln/detail/CVE-2023-20789
CVE-2023-20790In nvram, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07740194; Issue ID: ALPS07740194.https://nvd.nist.gov/vuln/detail/CVE-2023-20790
CVE-2023-20793In apu, there is a possible memory corruption due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767818; Issue ID: ALPS07767818.https://nvd.nist.gov/vuln/detail/CVE-2023-20793
CVE-2023-20795In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07864900; Issue ID: ALPS07864900.https://nvd.nist.gov/vuln/detail/CVE-2023-20795
CVE-2023-20796In power, there is a possible memory corruption due to an incorrect bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07929790; Issue ID: ALPS07929790.https://nvd.nist.gov/vuln/detail/CVE-2023-20796
CVE-2023-20797In camera middleware, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629582; Issue ID: ALPS07629582.https://nvd.nist.gov/vuln/detail/CVE-2023-20797
CVE-2023-20798In pda, there is a possible out of bounds read due to an incorrect calculation of buffer size. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07147572; Issue ID: ALPS07421076.https://nvd.nist.gov/vuln/detail/CVE-2023-20798
CVE-2023-20800In imgsys, there is a possible system crash due to a mssing ptr check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07420968; Issue ID: ALPS07420955.https://nvd.nist.gov/vuln/detail/CVE-2023-20800
CVE-2023-20801In imgsys, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07420968; Issue ID: ALPS07420968.https://nvd.nist.gov/vuln/detail/CVE-2023-20801
CVE-2023-20802In imgsys, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07420968; Issue ID: ALPS07420976.https://nvd.nist.gov/vuln/detail/CVE-2023-20802
CVE-2023-20803In imgsys, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07326455; Issue ID: ALPS07326374.https://nvd.nist.gov/vuln/detail/CVE-2023-20803
CVE-2023-20804In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07199773; Issue ID: ALPS07326384.https://nvd.nist.gov/vuln/detail/CVE-2023-20804
CVE-2023-20805In imgsys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07199773; Issue ID: ALPS07326411.https://nvd.nist.gov/vuln/detail/CVE-2023-20805
CVE-2023-20806In hcp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07340433; Issue ID: ALPS07537437.https://nvd.nist.gov/vuln/detail/CVE-2023-20806
CVE-2023-20807In dpe, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07608433; Issue ID: ALPS07608433.https://nvd.nist.gov/vuln/detail/CVE-2023-20807
CVE-2023-20808In OPTEE, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03645895; Issue ID: DTV03645895.https://nvd.nist.gov/vuln/detail/CVE-2023-20808
CVE-2023-20809In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03751198; Issue ID: DTV03751198.https://nvd.nist.gov/vuln/detail/CVE-2023-20809
CVE-2023-20810In IOMMU, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03692061; Issue ID: DTV03692061.https://nvd.nist.gov/vuln/detail/CVE-2023-20810
CVE-2023-20811In IOMMU, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03692061; Issue ID: DTV03692061.https://nvd.nist.gov/vuln/detail/CVE-2023-20811
CVE-2023-20812In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07944987; Issue ID: ALPS07944987.https://nvd.nist.gov/vuln/detail/CVE-2023-20812
CVE-2023-20813In wlan service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07453549; Issue ID: ALPS07453549.https://nvd.nist.gov/vuln/detail/CVE-2023-20813
CVE-2023-20814In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07453560; Issue ID: ALPS07453560.https://nvd.nist.gov/vuln/detail/CVE-2023-20814
CVE-2023-20815In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07453587; Issue ID: ALPS07453587.https://nvd.nist.gov/vuln/detail/CVE-2023-20815
CVE-2023-20816In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07453589; Issue ID: ALPS07453589.https://nvd.nist.gov/vuln/detail/CVE-2023-20816
CVE-2023-20817In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07453600; Issue ID: ALPS07453600.https://nvd.nist.gov/vuln/detail/CVE-2023-20817
CVE-2023-20818In wlan service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07460540; Issue ID: ALPS07460540.https://nvd.nist.gov/vuln/detail/CVE-2023-20818
CVE-2023-39903An issue was discovered in Fujitsu Software Infrastructure Manager (ISM) before 2.8.0.061. The ismsnap component (in this specific case at /var/log/fujitsu/ServerViewSuite/ism/FirmwareManagement/FirmwareManagement.log) allows insecure collection and storage of authorization credentials in cleartext. That occurs when users perform any ISM Firmware Repository Address setup test (Test the Connection), or regularly authorize against an already configured remote firmware repository site, as set up in ISM Firmware Repository Address. A privileged attacker is therefore able to potentially gather the associated ismsnap maintenance data, in the same manner as a trusted party allowed to export ismsnap data from ISM. The preconditions for an ISM installation to be generally vulnerable are that the Download Firmware (Firmware Repository Server) function is enabled and configured, and that the character \\ (backslash) is used in a user credential (i.e., user/ID or password) of the remote proxy host / firmware repository server. NOTE: this may overlap CVE-2023-39379.https://nvd.nist.gov/vuln/detail/CVE-2023-39903
CVE-2023-0425\nABB is aware of vulnerabilities in the product versions listed below. An update is available that resolves\nthe reported vulnerabilities in the product versions under maintenance.\nAn attacker who successfully exploited one or more of these vulnerabilities could cause the product to\nstop or make the product inaccessible. \n\nNumeric Range Comparison Without Minimum Check vulnerability in ABB Freelance controllers AC 700F (Controller modules), ABB Freelance controllers AC 900F (controller modules).This issue affects:\n\nFreelance controllers AC 700F: \n\nfrom 9.0;0 through V9.2 SP2, through Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019, through Freelance 2019 SP1, through Freelance 2019 SP1 FP1; \n\nFreelance controllers AC 900F: \n\nFreelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019, through Freelance 2019 SP1, through Freelance 2019 SP1 FP1.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-0425
CVE-2023-0426\nABB is aware of vulnerabilities in the product versions listed below. An update is available that resolves\nthe reported vulnerabilities in the product versions under maintenance.\nAn attacker who successfully exploited one or more of these vulnerabilities could cause the product to\nstop or make the product inaccessible. \n\n\n\nStack-based Buffer Overflow vulnerability in ABB Freelance controllers AC 700F (conroller modules), ABB Freelance controllers AC 900F (controller modules).This issue affects:\n\n Freelance controllers AC 700F: \n\nfrom 9.0;0 through V9.2 SP2, through Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019 , through Freelance 2019 SP1, through Freelance 2019 SP1 FP1; \n\n\n\n\nFreelance controllers AC 900F: \n\nthrough Freelance 2013, through Freelance 2013SP1, through Freelance 2016, through Freelance 2016SP1, through Freelance 2019, through Freelance 2019 SP1, through Freelance 2019 SP1 FP1.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-0426
CVE-2023-32090Pega platform clients who are using versions 6.1 through 7.3.1 may be\nutilizing default credentials\n\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-32090
CVE-2023-38392Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Hiroaki Miyashita Custom Field Template plugin <= 2.5.9 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-38392
CVE-2023-3896Divide By Zero in vim/vim from 9.0.1367-1 to 9.0.1367-3\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-3896
CVE-2022-38795In Gitea through 1.17.1, repo cloning can occur in the migration function.https://nvd.nist.gov/vuln/detail/CVE-2022-38795
CVE-2023-36220Directory Traversal vulnerability in Textpattern CMS v4.8.8 allows a remote authenticated attacker to execute arbitrary code and gain access to sensitive information via the plugin Upload function.https://nvd.nist.gov/vuln/detail/CVE-2023-36220
CVE-2023-4147A use-after-free flaw was found in the Linux kernel’s Netfilter functionality when adding a rule with NFTA_RULE_CHAIN_ID. This flaw allows a local user to crash or escalate their privileges on the system.https://nvd.nist.gov/vuln/detail/CVE-2023-4147
CVE-2023-4194A flaw was found in the Linux kernel's TUN/TAP functionality. This issue could allow a local user to bypass network filters and gain unauthorized access to some resources. The original patches fixing CVE-2023-1076 are incorrect or incomplete. The problem is that the following upstream commits - a096ccca6e50 ("tun: tun_chr_open(): correctly initialize socket uid"), - 66b2c338adce ("tap: tap_open(): correctly initialize socket uid"), pass "inode->i_uid" to sock_init_data_uid() as the last parameter and that turns out to not be accurate.https://nvd.nist.gov/vuln/detail/CVE-2023-4194
CVE-2023-4205An out-of-bounds memory access flaw was found in the Linux kernel’s do_journal_end function when the fails array-index-out-of-bounds in fs/reiserfs/journal.c could happen. This flaw allows a local user to crash the system.https://nvd.nist.gov/vuln/detail/CVE-2023-4205
CVE-2021-24916The Qubely WordPress plugin before 1.8.6 allows unauthenticated user to send arbitrary e-mails to arbitrary addresses via the qubely_send_form_data AJAX action.https://nvd.nist.gov/vuln/detail/CVE-2021-24916
CVE-2023-0604The WP Food Manager WordPress plugin before 1.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)https://nvd.nist.gov/vuln/detail/CVE-2023-0604
CVE-2023-27373An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. Due to insufficient input validation, an attacker can tamper with a runtime-accessible EFI variable to cause a dynamic BAR setting to overlap SMRAM.https://nvd.nist.gov/vuln/detail/CVE-2023-27373
CVE-2023-2843The MultiParcels Shipping For WooCommerce WordPress plugin before 1.14.15 does not properly sanitize and escape a parameter before using it in an SQL statement, which could allow any authenticated users, such as subscribers, to perform SQL Injection attacks.https://nvd.nist.gov/vuln/detail/CVE-2023-2843
CVE-2023-3365The MultiParcels Shipping For WooCommerce WordPress plugin before 1.14.14 does not have authorisation when deleting shipment, allowing any authenticated users, such as subscriber to delete arbitrary shipmenthttps://nvd.nist.gov/vuln/detail/CVE-2023-3365
CVE-2023-3492The WP Shopping Pages WordPress plugin through 1.14 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.https://nvd.nist.gov/vuln/detail/CVE-2023-3492
CVE-2023-3524The WPCode WordPress plugin before 2.0.13.1 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scriptinghttps://nvd.nist.gov/vuln/detail/CVE-2023-3524
CVE-2023-3575The Quiz And Survey Master WordPress plugin before 8.1.11 does not properly sanitize and escape question titles, which could allow users with the Contributor role and above to perform Stored Cross-Site Scripting attackshttps://nvd.nist.gov/vuln/detail/CVE-2023-3575
CVE-2023-3650The Bubble Menu WordPress plugin before 3.0.5 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup).https://nvd.nist.gov/vuln/detail/CVE-2023-3650
CVE-2023-3671The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.4 does not sanitise and escape various parameters before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as adminhttps://nvd.nist.gov/vuln/detail/CVE-2023-3671
CVE-2023-23757Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection.https://nvd.nist.gov/vuln/detail/CVE-2023-23757
CVE-2023-23758Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection.https://nvd.nist.gov/vuln/detail/CVE-2023-23758
CVE-2023-32783The event analysis component in Zoho ManageEngine ADAudit Plus 7.1.1 allows an attacker to bypass audit detection by creating or renaming user accounts with a "$" symbol suffix.https://nvd.nist.gov/vuln/detail/CVE-2023-32783
CVE-2023-34476Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection.https://nvd.nist.gov/vuln/detail/CVE-2023-34476
CVE-2023-34477Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection.https://nvd.nist.gov/vuln/detail/CVE-2023-34477
CVE-2023-38044Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability allows SQL Injection.https://nvd.nist.gov/vuln/detail/CVE-2023-38044
CVE-2023-38045Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in advcomsys.com oneVote component for Joomla. It allows XSS Targeting Non-Script Elements.https://nvd.nist.gov/vuln/detail/CVE-2023-38045
CVE-2023-4012ntpd will crash if the server is not NTS-enabled (no certificate) and it receives an NTS-enabled client request (mode 3).https://nvd.nist.gov/vuln/detail/CVE-2023-4012
CVE-2023-4199A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. This affects an unknown part of the file catagory_data.php. The manipulation of the argument columns[1][data] leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-236289 was assigned to this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-4199
CVE-2023-36054lib/kadm5/kadm_rpc_xdr.c in MIT Kerberos 5 (aka krb5) before 1.20.2 and 1.21.x before 1.21.1 frees an uninitialized pointer. A remote authenticated user can trigger a kadmind crash. This occurs because _xdr_kadm5_principal_ent_rec does not validate the relationship between n_key_data and the key_data array count.https://nvd.nist.gov/vuln/detail/CVE-2023-36054
CVE-2023-36499Netgear XR300 v1.0.3.78 was discovered to contain multiple buffer overflows via the wla_ssid and wlg_ssid parameters at genie_ap_wifi_change.cgi.https://nvd.nist.gov/vuln/detail/CVE-2023-36499
CVE-2023-38412Netgear R6900P v1.3.3.154 was discovered to contain multiple buffer overflows via the wla_ssid and wlg_ssid parameters at ia_ap_setting.cgi.https://nvd.nist.gov/vuln/detail/CVE-2023-38412
CVE-2023-38591Netgear DG834Gv5 1.6.01.34 was discovered to contain multiple buffer overflows via the wla_ssid and wla_temp_ssid parameters at bsw_ssid.cgi.https://nvd.nist.gov/vuln/detail/CVE-2023-38591
CVE-2023-38921Netgear WG302v2 v5.2.9 and WAG302v2 v5.1.19 were discovered to contain multiple command injection vulnerabilities in the upgrade_handler function via the firmwareRestore and firmwareServerip parameters.https://nvd.nist.gov/vuln/detail/CVE-2023-38921
CVE-2023-38922Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the http_passwd and http_username parameters in the update_auth function.https://nvd.nist.gov/vuln/detail/CVE-2023-38922
CVE-2023-38924Netgear DGN3500 1.1.00.37 was discovered to contain a buffer overflow via the http_password parameter at setup.cgi.https://nvd.nist.gov/vuln/detail/CVE-2023-38924
CVE-2023-38925Netgear DC112A 1.0.0.64, EX6200 1.0.3.94 and R6300v2 1.0.4.8 were discovered to contain a buffer overflow via the http_passwd parameter in password.cgi.https://nvd.nist.gov/vuln/detail/CVE-2023-38925
CVE-2023-38926Netgear EX6200 v1.0.3.94 was discovered to contain a buffer overflow via the wla_temp_ssid parameter at acosNvramConfig_set.https://nvd.nist.gov/vuln/detail/CVE-2023-38926
CVE-2023-38928Netgear R7100LG 1.0.0.78 was discovered to contain a command injection vulnerability via the password parameter at usb_remote_invite.cgi.https://nvd.nist.gov/vuln/detail/CVE-2023-38928
CVE-2023-38929Tenda 4G300 v1.01.42 was discovered to contain a stack overflow via the page parameter at /VirtualSer.https://nvd.nist.gov/vuln/detail/CVE-2023-38929
CVE-2023-38930Tenda AC7 V1.0,V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0,V15.03.06.28, AC9 V3.0,V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the addWifiMacFilter function.https://nvd.nist.gov/vuln/detail/CVE-2023-38930
CVE-2023-38931Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and FH1203 V2.0.1.6 were discovered to contain a stack overflow via the list parameter in the setaccount function.https://nvd.nist.gov/vuln/detail/CVE-2023-38931
CVE-2023-38932Tenda F1202 V1.2.0.9, PA202 V1.1.2.5, PW201A V1.1.2.5 and FH1202 V1.2.0.9 were discovered to contain a stack overflow via the page parameter in the SafeEmailFilter function.https://nvd.nist.gov/vuln/detail/CVE-2023-38932
CVE-2023-38933Tenda AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, F1203 V2.0.1.6, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6 and AC9 V3.0 V15.03.06.42_multi, and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the deviceId parameter in the formSetClientState function.https://nvd.nist.gov/vuln/detail/CVE-2023-38933
CVE-2023-38934Tenda F1203 V2.0.1.6, FH1203 V2.0.1.6 and FH1205 V2.0.0.7(775) was discovered to contain a stack overflow via the deviceId parameter in the formSetDeviceName function.https://nvd.nist.gov/vuln/detail/CVE-2023-38934
CVE-2023-38935Tenda AC1206 V15.03.06.23, AC8 V4 V16.03.34.06, AC5 V1.0 V15.03.06.28, AC10 v4.0 V16.03.10.13 and AC9 V3.0 V15.03.06.42_multi were discovered to contain a tack overflow via the list parameter in the formSetQosBand function.https://nvd.nist.gov/vuln/detail/CVE-2023-38935
CVE-2023-38936Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, FH1203 V2.0.1.6, AC9 V3.0 V15.03.06.42_multi and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function.https://nvd.nist.gov/vuln/detail/CVE-2023-38936
CVE-2023-38937Tenda AC10 V1.0 V15.03.06.23, AC1206 V15.03.06.23, AC8 v4 V16.03.34.06, AC6 V2.0 V15.03.06.23, AC7 V1.0 V15.03.06.44, AC5 V1.0 V15.03.06.28, AC9 V3.0 V15.03.06.42_multi and AC10 v4.0 V16.03.10.13 were discovered to contain a stack overflow via the list parameter in the formSetVirtualSer function.https://nvd.nist.gov/vuln/detail/CVE-2023-38937
CVE-2023-38938Tenda F1202 V1.2.0.9, PA202 V1.1.2.5, PW201A V1.1.2.5 and FH1202 V1.2.0.9 were discovered to contain a stack overflow via the page parameter at /L7Im.https://nvd.nist.gov/vuln/detail/CVE-2023-38938
CVE-2023-38939Tenda F1202 V1.2.0.9 and FH1202 V1.2.0.9 were discovered to contain a stack overflow via the mit_ssid parameter in the formWrlsafeset function.https://nvd.nist.gov/vuln/detail/CVE-2023-38939
CVE-2023-38940Tenda F1203 V2.0.1.6, FH1203 V2.0.1.6 and FH1205 V2.0.0.7(775) were discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function.https://nvd.nist.gov/vuln/detail/CVE-2023-38940
CVE-2023-39349Sentry is an error tracking and performance monitoring platform. Starting in version 22.1.0 and prior to version 23.7.2, an attacker with access to a token with few or no scopes can query `/api/0/api-tokens/` for a list of all tokens created by a user, including tokens with greater scopes, and use those tokens in other requests. There is no evidence that the issue was exploited on `sentry.io`. For self-hosted users, it is advised to rotate user auth tokens. A fix is available in version 23.7.2 of `sentry` and `self-hosted`. There are no known workarounds.https://nvd.nist.gov/vuln/detail/CVE-2023-39349
CVE-2023-39363Vyer is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). In versions 0.2.15, 0.2.16 and 0.3.0, named re-entrancy locks are allocated incorrectly. Each function using a named re-entrancy lock gets a unique lock regardless of the key, allowing cross-function re-entrancy in contracts compiled with the susceptible versions. A specific set of conditions is required to result in misbehavior of affected contracts, specifically: a `.vy` contract compiled with `vyper` versions `0.2.15`, `0.2.16`, or `0.3.0`; a primary function that utilizes the `@nonreentrant` decorator with a specific `key` and does not strictly follow the check-effects-interaction pattern (i.e. contains an external call to an untrusted party before storage updates); and a secondary function that utilizes the same `key` and would be affected by the improper state caused by the primary function. Version 0.3.1 contains a fix for this issue.https://nvd.nist.gov/vuln/detail/CVE-2023-39363
CVE-2023-39550Netgear JWNR2000v2 v1.0.0.11, XWN5001 v0.4.1.1, and XAVN2001v2 v0.4.0.7 were discovered to contain multiple buffer overflows via the http_passwd and http_username parameters in the check_auth function.https://nvd.nist.gov/vuln/detail/CVE-2023-39550
CVE-2023-4200A vulnerability has been found in SourceCodester Inventory Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file product_data.php.. The manipulation of the argument columns[1][data] leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-236290 is the identifier assigned to this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-4200
CVE-2023-38704import-in-the-middle is a module loading interceptor specifically for ESM modules. The import-in-the-middle loader works by generating a wrapper module on the fly. The wrapper uses the module specifier to load the original module and add some wrapping code. Prior to version 1.4.2, it allows for remote code execution in cases where an application passes user-supplied input directly to the `import()` function. This vulnerability has been patched in import-in-the-middle version 1.4.2.\n\nSome workarounds are available. Do not pass any user-supplied input to `import()`. Instead, verify it against a set of allowed values. If using import-in-the-middle, directly or indirectly, and support for EcmaScript Modules is not needed, ensure that no options are set, either via command-line or the `NODE_OPTIONS` environment variable, that would enable loader hooks.https://nvd.nist.gov/vuln/detail/CVE-2023-38704
CVE-2023-39520Cryptomator encrypts data being stored on cloud infrastructure. The MSI installer provided on the homepage for Cryptomator version 1.9.2 allows local privilege escalation for low privileged users, via the `repair` function. The problem occurs as the repair function of the MSI is spawning an SYSTEM Powershell without the `-NoProfile` parameter. Therefore the profile of the user starting the repair will be loaded. Version 1.9.3 contains a fix for this issue. Adding a `-NoProfile` to the powershell is a possible workaround.https://nvd.nist.gov/vuln/detail/CVE-2023-39520
CVE-2023-39524PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, SQL injection possible in the product search field, in BO's product page. Version 8.1.1 contains a patch for this issue. There are no known workarounds.https://nvd.nist.gov/vuln/detail/CVE-2023-39524
CVE-2023-4201A vulnerability was found in SourceCodester Inventory Management System 1.0 and classified as critical. This issue affects some unknown processing of the file ex_catagory_data.php. The manipulation of the argument columns[1][data] leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-236291.https://nvd.nist.gov/vuln/detail/CVE-2023-4201
CVE-2023-39523ScanCode.io is a server to script and automate software composition analysis with ScanPipe pipelines. Prior to version 32.5.1, the software has a possible command injection vulnerability in the docker fetch process as it allows to append malicious commands in the `docker_reference` parameter.\n\nIn the function `scanpipe/pipes/fetch.py:fetch_docker_image` the parameter `docker_reference` is user controllable. The `docker_reference` variable is then passed to the vulnerable function `get_docker_image_platform`. However, the `get_docker_image_plaform` function constructs a shell command with the passed `docker_reference`. The `pipes.run_command` then executes the shell command without any prior sanitization, making the function vulnerable to command injections. A malicious user who is able to create or add inputs to a project can inject commands. Although the command injections are blind and the user will not receive direct feedback without logs, it is still possible to cause damage to the server/container. The vulnerability appears for example if a malicious user adds a semicolon after the input of `docker://;`, it would allow appending malicious commands.\n\nVersion 32.5.1 contains a patch for this issue. The `docker_reference` input should be sanitized to avoid command injections and, as a workaround, one may avoid creating commands with user controlled input directly.https://nvd.nist.gov/vuln/detail/CVE-2023-39523
CVE-2023-39525PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, in the back office, files can be compromised using path traversal by replaying the import file deletion query with a specified file path that uses the traversal path. Version 8.1.1 contains a patch for this issue. There are no known workarounds.https://nvd.nist.gov/vuln/detail/CVE-2023-39525
CVE-2023-39526PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to remote code execution through SQL injection and arbitrary file write in the back office. Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a patch. There are no known workarounds.https://nvd.nist.gov/vuln/detail/CVE-2023-39526
CVE-2023-39527PrestaShop is an open source e-commerce web application. Versions prior to 1.7.8.10, 8.0.5, and 8.1.1 are vulnerable to cross-site scripting through the `isCleanHTML` method. Versions 1.7.8.10, 8.0.5, and 8.1.1 contain a patch. There are no known workarounds.https://nvd.nist.gov/vuln/detail/CVE-2023-39527
CVE-2023-39528PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, the `displayAjaxEmailHTML` method can be used to read any file on the server, potentially even outside of the project if the server is not correctly configured. Version 8.1.1 contains a patch for this issue. There are no known workarounds.https://nvd.nist.gov/vuln/detail/CVE-2023-39528
CVE-2023-39529PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, it is possible to delete a file from the server by using the Attachments controller and the Attachments API. Version 8.1.1 contains a patch for this issue. There are no known workarounds.https://nvd.nist.gov/vuln/detail/CVE-2023-39529
CVE-2023-39530PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, it is possible to delete files from the server via the CustomerMessage API. Version 8.1.1 contains a patch for this issue. There are no known workarounds.https://nvd.nist.gov/vuln/detail/CVE-2023-39530
CVE-2023-33993B1i module of SAP Business One - version 10.0, application allows an authenticated user with deep knowledge to send crafted queries over the network to read or modify the SQL data. On successful exploitation, the attacker can cause high impact on confidentiality, integrity and availability of the application.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-33993
CVE-2023-36923SAP SQLA for PowerDesigner 17 bundled with SAP PowerDesigner 16.7 SP06 PL03, allows an attacker with local access to the system, to place a malicious library, that can be executed by the application. An attacker could thereby control the behavior of the application.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-36923
CVE-2023-36926Due to missing authentication check in SAP Host Agent - version 7.22, an unauthenticated attacker can set an undocumented parameter to a particular compatibility value and in turn call read functions. This allows the attacker to gather some non-sensitive information about the server.  There is no impact on integrity or availability.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-36926
CVE-2023-37483SAP PowerDesigner - version 16.7, has improper access control which might allow an unauthenticated attacker to run arbitrary queries against the back-end database via Proxy.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-37483
CVE-2023-37484SAP PowerDesigner - version 16.7, queries all password hashes in the backend database and compares it with the user provided one during login attempt, which might allow an attacker to access password hashes from the client's memory.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-37484
CVE-2023-37486Under certain conditions SAP Commerce (OCC API) - versions HY_COM 2105, HY_COM 2205, COM_CLOUD 2211, endpoints allow an attacker to access information which would otherwise be restricted. On successful exploitation there could be a high impact on confidentiality with no impact on integrity and availability of the application.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-37486
CVE-2023-37487SAP Business One (Service Layer) - version 10.0, allows an authenticated attacker with deep knowledge perform certain operation to access unintended data over the network which could lead to high impact on confidentiality with no impact on integrity and availability of the application\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-37487
CVE-2023-37488In SAP NetWeaver Process Integration - versions SAP_XIESR 7.50, SAP_XITOOL 7.50, SAP_XIAF 7.50, user-controlled inputs, if not sufficiently encoded, could result in Cross-Site Scripting (XSS) attack. On successful exploitation the attacker can cause limited impact on confidentiality and integrity of the system.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-37488
CVE-2023-37490SAP Business Objects Installer - versions 420, 430, allows an authenticated attacker within the network to overwrite an executable file created in a temporary directory during the installation process. On replacing this executable with a malicious file, an attacker can completely compromise the confidentiality, integrity, and availability of the system\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-37490
CVE-2023-37491The ACL (Access Control List) of SAP Message Server - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, RNL64UC 7.22, RNL64UC 7.22EXT, RNL64UC 7.53, KRNL64NUC 7.22, KRNL64NUC 7.22EXT, can be bypassed in certain conditions, which may enable an authenticated malicious user to enter the network of the SAP systems served by the attacked SAP Message server. This may lead to unauthorized read and write of data as well as rendering the system unavailable.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-37491
CVE-2023-37492SAP NetWeaver Application Server ABAP and ABAP Platform - versions SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, SAP_BASIS 740, SAP_BASIS 750, SAP_BASIS 752, SAP_BASIS 753, SAP_BASIS 754, SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, SAP_BASIS 793, SAP_BASIS 804, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This could allow an attacker to read sensitive information which can be used in a subsequent serious attack.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-37492
CVE-2023-39436SAP Supplier Relationship Management -versions 600, 602, 603, 604, 605, 606, 616, 617, allows an unauthorized attacker to discover information relating to SRM within Vendor Master Data for Business Partners replication functionality.This information could be used to allow the attacker to specialize their attacks against SRM.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-39436
CVE-2023-39437SAP business One allows - version 10.0, allows an attacker to insert malicious code into the content of a web page or application and gets it delivered to the client, resulting to Cross-site scripting. This could lead to harmful action affecting the Confidentiality, Integrity and Availability of the application.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-39437
CVE-2023-39439SAP Commerce Cloud may accept an empty passphrase for user ID and passphrase authentication, allowing users to log into the system without a passphrase.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-39439
CVE-2023-39440In SAP BusinessObjects Business Intelligence - version 420, If a user logs in to a particular program, under certain specific conditions memory might not be cleared up properly, due to which attacker might be able to get access to user credentials. For a successful attack, the attacker needs to have local access to the system. There is no impact on availability and integrity.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-39440
CVE-2023-39976log_blackbox.c in libqb before 2.0.8 allows a buffer overflow via long log messages because the header size is not considered.https://nvd.nist.gov/vuln/detail/CVE-2023-39976
CVE-2023-39978ImageMagick before 6.9.12-91 allows attackers to cause a denial of service (memory consumption) in Magick::Draw.https://nvd.nist.gov/vuln/detail/CVE-2023-39978
CVE-2023-37569This vulnerability exists in ESDS Emagic Data Center Management Suit due to lack of input sanitization in its Ping component. A remote authenticated attacker could exploit this by injecting OS commands on the targeted system.\n\nSuccessful exploitation of this vulnerability could allow the attacker to execute arbitrary code on targeted system.\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-37569
CVE-2023-37570This vulnerability exists in ESDS Emagic Data Center Management Suit due to non-expiry of session cookie. \nBy reusing the stolen cookie, a remote attacker could gain unauthorized access to the targeted system.\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-37570
CVE-2023-4009In MongoDB Ops Manager v5.0 prior to 5.0.22 and v6.0 prior to 6.0.17 it is possible for an authenticated user with project owner or project user admin access to generate an API key with the privileges of org owner resulting in privilege escalation.\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-4009
CVE-2021-41544A vulnerability has been identified in Siemens Software Center (All versions < V3.0). A DLL Hijacking vulnerability could allow a local attacker to execute code with elevated privileges by placing a malicious DLL in one of the directories on the DLL search path.https://nvd.nist.gov/vuln/detail/CVE-2021-41544
CVE-2022-39062A vulnerability has been identified in SICAM TOOLBOX II (All versions < V07.10). Affected applications do not properly set permissions for product folders. This could allow an authenticated attacker with low privileges to replace DLLs and conduct a privilege escalation.https://nvd.nist.gov/vuln/detail/CVE-2022-39062
CVE-2022-40510Memory corruption due to buffer copy without checking size of input in Audio while voice call with EVS vocoder.https://nvd.nist.gov/vuln/detail/CVE-2022-40510
CVE-2023-21625Information disclosure in Network Services due to buffer over-read while the device receives DNS response.https://nvd.nist.gov/vuln/detail/CVE-2023-21625
CVE-2023-21626Cryptographic issue in HLOS due to improper authentication while performing key velocity checks using more than one key.https://nvd.nist.gov/vuln/detail/CVE-2023-21626
CVE-2023-21627Memory corruption in Trusted Execution Environment while calling service API with invalid address.https://nvd.nist.gov/vuln/detail/CVE-2023-21627
CVE-2023-21643Memory corruption due to untrusted pointer dereference in automotive during system call.https://nvd.nist.gov/vuln/detail/CVE-2023-21643
CVE-2023-21647Information disclosure in Bluetooth when an GATT packet is received due to improper input validation.https://nvd.nist.gov/vuln/detail/CVE-2023-21647
CVE-2023-21648Memory corruption in RIL while trying to send apdu packet.https://nvd.nist.gov/vuln/detail/CVE-2023-21648
CVE-2023-21649Memory corruption in WLAN while running doDriverCmd for an unspecific command.https://nvd.nist.gov/vuln/detail/CVE-2023-21649
CVE-2023-21650Memory Corruption in GPS HLOS Driver when injectFdclData receives data with invalid data length.https://nvd.nist.gov/vuln/detail/CVE-2023-21650
CVE-2023-21651Memory Corruption in Core due to incorrect type conversion or cast in secure_io_read/write function in TEE.https://nvd.nist.gov/vuln/detail/CVE-2023-21651
CVE-2023-21652Cryptographic issue in HLOS as derived keys used to encrypt/decrypt information is present on stack after use.https://nvd.nist.gov/vuln/detail/CVE-2023-21652
CVE-2023-22666Memory Corruption in Audio while playing amrwbplus clips with modified content.https://nvd.nist.gov/vuln/detail/CVE-2023-22666
CVE-2023-24845A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M2200NC, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM M969NC, RUGGEDCOM RMC30, RUGGEDCOM RMC30NC, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RMC8388NC V4.X, RUGGEDCOM RMC8388NC V5.X, RUGGEDCOM RP110, RUGGEDCOM RP110NC, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600FNC, RUGGEDCOM RS1600NC, RUGGEDCOM RS1600T, RUGGEDCOM RS1600TNC, RUGGEDCOM RS400, RUGGEDCOM RS400F, RUGGEDCOM RS400NC, RUGGEDCOM RS401, RUGGEDCOM RS401NC, RUGGEDCOM RS416, RUGGEDCOM RS416F, RUGGEDCOM RS416NC, RUGGEDCOM RS416NC v2, RUGGEDCOM RS416P, RUGGEDCOM RS416PF, RUGGEDCOM RS416PNC, RUGGEDCOM RS416PNC v2, RUGGEDCOM RS416Pv2, RUGGEDCOM RS416v2, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000ANC, RUGGEDCOM RS8000H, RUGGEDCOM RS8000HNC, RUGGEDCOM RS8000NC, RUGGEDCOM RS8000T, RUGGEDCOM RS8000TNC, RUGGEDCOM RS900, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900F, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GF, RUGGEDCOM RS900GNC, RUGGEDCOM RS900GNC(32M) V4.X, RUGGEDCOM RS900GNC(32M) V5.X, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPF, RUGGEDCOM RS900GPNC, RUGGEDCOM RS900L, RUGGEDCOM RS900L, RUGGEDCOM RS900LNC, RUGGEDCOM RS900LNC, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900MNC-GETS-C01, RUGGEDCOM RS900MNC-GETS-XX, RUGGEDCOM RS900MNC-STND-XX, RUGGEDCOM RS900MNC-STND-XX-C01, RUGGEDCOM RS900NC, RUGGEDCOM RS900NC, RUGGEDCOM RS900NC(32M) V4.X, RUGGEDCOM RS900NC(32M) V5.X, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910LNC, RUGGEDCOM RS910NC, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920LNC, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930LNC, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GF, RUGGEDCOM RS940GNC, RUGGEDCOM RS969, RUGGEDCOM RS969NC, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100F, RUGGEDCOM RSG2100NC, RUGGEDCOM RSG2100NC(32M) V4.X, RUGGEDCOM RSG2100NC(32M) V5.X, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100PF, RUGGEDCOM RSG2100PNC, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200F, RUGGEDCOM RSG2200NC, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2288NC V4.X, RUGGEDCOM RSG2288NC V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300F, RUGGEDCOM RSG2300NC V4.X, RUGGEDCOM RSG2300NC V5.X, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PF, RUGGEDCOM RSG2300PNC V4.X, RUGGEDCOM RSG2300PNC V5.X, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488F, RUGGEDCOM RSG2488NC V4.X, RUGGEDCOM RSG2488NC V5.X, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSG920PNC V4.X, RUGGEDCOM RSG920PNC V5.X, RUGGEDCOM RSL910, RUGGEDCOM RSL910NC, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. The affected products insufficiently block data from being forwarded over the mirror port into the mirrored network.\r\n\r\nAn attacker could use this behavior to transmit malicious packets to systems in the mirrored network, possibly influencing their configuration and runtime behavior.https://nvd.nist.gov/vuln/detail/CVE-2023-24845
CVE-2023-27411A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.4). The affected applications is vulnerable to SQL injection. This could allow an authenticated remote attackers to execute arbitrary SQL queries on the server database and escalate privileges.https://nvd.nist.gov/vuln/detail/CVE-2023-27411
CVE-2023-28537Memory corruption while allocating memory in COmxApeDec module in Audio.https://nvd.nist.gov/vuln/detail/CVE-2023-28537
CVE-2023-28555Transient DOS in Audio while remapping channel buffer in media codec decoding.https://nvd.nist.gov/vuln/detail/CVE-2023-28555
CVE-2023-28561Memory corruption in QESL while processing payload from external ESL device to firmware.https://nvd.nist.gov/vuln/detail/CVE-2023-28561
CVE-2023-28575The cam_get_device_priv function does not check the type of handle being returned (device/session/link). This would lead to invalid type usage if a wrong handle is passed to it.https://nvd.nist.gov/vuln/detail/CVE-2023-28575
CVE-2023-28576The buffer obtained from kernel APIs such as cam_mem_get_cpu_buf() may be readable/writable in userspace after kernel accesses it. In other words, user mode may race and modify the packet header (e.g. header.count), causing checks (e.g. size checks) in kernel code to be invalid. This may lead to out-of-bounds read/write issues.https://nvd.nist.gov/vuln/detail/CVE-2023-28576
CVE-2023-28577In the function call related to CAM_REQ_MGR_RELEASE_BUF there is no check if the buffer is being used. So when a function called cam_mem_get_cpu_buf to get the kernel va to use, another thread can call CAM_REQ_MGR_RELEASE_BUF to unmap the kernel va which cause UAF of the kernel address.https://nvd.nist.gov/vuln/detail/CVE-2023-28577
CVE-2023-28830A vulnerability has been identified in JT2Go (All versions < V14.2.0.5), Solid Edge SE2022 (All versions < V222.0 Update 13), Solid Edge SE2023 (All versions < V223.0 Update 4), Teamcenter Visualization V13.2 (All versions < V13.2.0.15), Teamcenter Visualization V13.3 (All versions < V13.3.0.11), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.5). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted ASM file. An attacker could leverage this vulnerability to execute code in the context of the current process.https://nvd.nist.gov/vuln/detail/CVE-2023-28830
CVE-2023-30795A vulnerability has been identified in JT Open (All versions < V11.4), JT Utilities (All versions < V13.4), Parasolid V34.0 (All versions < V34.0.253), Parasolid V34.1 (All versions < V34.1.243), Parasolid V35.0 (All versions < V35.0.177), Parasolid V35.1 (All versions < V35.1.073). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process.https://nvd.nist.gov/vuln/detail/CVE-2023-30795
CVE-2023-30796A vulnerability has been identified in JT Open (All versions < V11.4), JT Utilities (All versions < V13.4). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted JT files. This could allow an attacker to execute code in the context of the current process.https://nvd.nist.gov/vuln/detail/CVE-2023-30796
CVE-2023-37372A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.4). The affected applications is vulnerable to SQL injection. This could allow an unauthenticated remote attackers to execute arbitrary SQL queries on the server database.https://nvd.nist.gov/vuln/detail/CVE-2023-37372
CVE-2023-37373A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.4). The affected applications accept unauthenticated file write messages. An unauthenticated remote attacker could write arbitrary files to the affected application's file system.https://nvd.nist.gov/vuln/detail/CVE-2023-37373
CVE-2023-38524A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions). The affected applications contain null pointer dereference while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.https://nvd.nist.gov/vuln/detail/CVE-2023-38524
CVE-2023-38525A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.https://nvd.nist.gov/vuln/detail/CVE-2023-38525
CVE-2023-38526A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.https://nvd.nist.gov/vuln/detail/CVE-2023-38526
CVE-2023-38527A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.https://nvd.nist.gov/vuln/detail/CVE-2023-38527
CVE-2023-38528A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.197), Parasolid V35.1 (All versions < V35.1.184), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted X_T file. This could allow an attacker to execute code in the context of the current process.https://nvd.nist.gov/vuln/detail/CVE-2023-38528
CVE-2023-38529A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.184), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.https://nvd.nist.gov/vuln/detail/CVE-2023-38529
CVE-2023-38530A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.https://nvd.nist.gov/vuln/detail/CVE-2023-38530
CVE-2023-38531A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.184), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process.https://nvd.nist.gov/vuln/detail/CVE-2023-38531
CVE-2023-38532A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.254), Parasolid V35.1 (All versions < V35.1.171), Teamcenter Visualization V14.1 (All versions), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions). The affected application contains a stack exhaustion vulnerability while parsing a specially crafted X_T file. This could allow an attacker to cause denial of service condition.https://nvd.nist.gov/vuln/detail/CVE-2023-38532
CVE-2023-38641A vulnerability has been identified in SICAM TOOLBOX II (All versions < V07.10). The affected application's database service is executed as `NT AUTHORITY\\SYSTEM`.\r\nThis could allow a local attacker to execute operating system commands with elevated privileges.https://nvd.nist.gov/vuln/detail/CVE-2023-38641
CVE-2023-38679A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21106)https://nvd.nist.gov/vuln/detail/CVE-2023-38679
CVE-2023-38680A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21132)https://nvd.nist.gov/vuln/detail/CVE-2023-38680
CVE-2023-38681A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted IGS file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21270)https://nvd.nist.gov/vuln/detail/CVE-2023-38681
CVE-2023-38682A vulnerability has been identified in JT2Go (All versions < V14.2.0.5), Teamcenter Visualization V13.2 (All versions < V13.2.0.14), Teamcenter Visualization V14.1 (All versions < V14.1.0.10), Teamcenter Visualization V14.2 (All versions < V14.2.0.5). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted TIFF files. This could allow an attacker to execute code in the context of the current process.https://nvd.nist.gov/vuln/detail/CVE-2023-38682
CVE-2023-38683A vulnerability has been identified in JT2Go (All versions < V14.2.0.5), Teamcenter Visualization V13.2 (All versions < V13.2.0.14), Teamcenter Visualization V14.1 (All versions < V14.1.0.10), Teamcenter Visualization V14.2 (All versions < V14.2.0.5). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted TIFF file. This could allow an attacker to execute code in the context of the current process.https://nvd.nist.gov/vuln/detail/CVE-2023-38683
CVE-2023-39181A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted PAR file. This could allow an attacker to execute code in the context of the current process.https://nvd.nist.gov/vuln/detail/CVE-2023-39181
CVE-2023-39182A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted DFT files. This could allow an attacker to execute code in the context of the current process.https://nvd.nist.gov/vuln/detail/CVE-2023-39182
CVE-2023-39183A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PSM files. This could allow an attacker to execute code in the context of the current process.https://nvd.nist.gov/vuln/detail/CVE-2023-39183
CVE-2023-39184A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PSM files. This could allow an attacker to execute code in the context of the current process.https://nvd.nist.gov/vuln/detail/CVE-2023-39184
CVE-2023-39185A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.https://nvd.nist.gov/vuln/detail/CVE-2023-39185
CVE-2023-39186A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted DFT files. This could allow an attacker to execute code in the context of the current process.https://nvd.nist.gov/vuln/detail/CVE-2023-39186
CVE-2023-39187A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted DFT files. This could allow an attacker to execute code in the context of the current process.https://nvd.nist.gov/vuln/detail/CVE-2023-39187
CVE-2023-39188A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted DFT files. This could allow an attacker to execute code in the context of the current process.https://nvd.nist.gov/vuln/detail/CVE-2023-39188
CVE-2023-39269A vulnerability has been identified in RUGGEDCOM i800, RUGGEDCOM i800NC, RUGGEDCOM i801, RUGGEDCOM i801NC, RUGGEDCOM i802, RUGGEDCOM i802NC, RUGGEDCOM i803, RUGGEDCOM i803NC, RUGGEDCOM M2100, RUGGEDCOM M2100F, RUGGEDCOM M2100NC, RUGGEDCOM M2200, RUGGEDCOM M2200F, RUGGEDCOM M2200NC, RUGGEDCOM M969, RUGGEDCOM M969F, RUGGEDCOM M969NC, RUGGEDCOM RMC30, RUGGEDCOM RMC30NC, RUGGEDCOM RMC8388 V4.X, RUGGEDCOM RMC8388 V5.X, RUGGEDCOM RMC8388NC V4.X, RUGGEDCOM RMC8388NC V5.X, RUGGEDCOM RP110, RUGGEDCOM RP110NC, RUGGEDCOM RS1600, RUGGEDCOM RS1600F, RUGGEDCOM RS1600FNC, RUGGEDCOM RS1600NC, RUGGEDCOM RS1600T, RUGGEDCOM RS1600TNC, RUGGEDCOM RS400, RUGGEDCOM RS400F, RUGGEDCOM RS400NC, RUGGEDCOM RS401, RUGGEDCOM RS401NC, RUGGEDCOM RS416, RUGGEDCOM RS416F, RUGGEDCOM RS416NC, RUGGEDCOM RS416NC v2, RUGGEDCOM RS416P, RUGGEDCOM RS416PF, RUGGEDCOM RS416PNC, RUGGEDCOM RS416PNC v2, RUGGEDCOM RS416Pv2, RUGGEDCOM RS416v2, RUGGEDCOM RS8000, RUGGEDCOM RS8000A, RUGGEDCOM RS8000ANC, RUGGEDCOM RS8000H, RUGGEDCOM RS8000HNC, RUGGEDCOM RS8000NC, RUGGEDCOM RS8000T, RUGGEDCOM RS8000TNC, RUGGEDCOM RS900, RUGGEDCOM RS900 (32M) V4.X, RUGGEDCOM RS900 (32M) V5.X, RUGGEDCOM RS900F, RUGGEDCOM RS900G, RUGGEDCOM RS900G (32M) V4.X, RUGGEDCOM RS900G (32M) V5.X, RUGGEDCOM RS900GF, RUGGEDCOM RS900GNC, RUGGEDCOM RS900GNC(32M) V4.X, RUGGEDCOM RS900GNC(32M) V5.X, RUGGEDCOM RS900GP, RUGGEDCOM RS900GPF, RUGGEDCOM RS900GPNC, RUGGEDCOM RS900L, RUGGEDCOM RS900LNC, RUGGEDCOM RS900M-GETS-C01, RUGGEDCOM RS900M-GETS-XX, RUGGEDCOM RS900M-STND-C01, RUGGEDCOM RS900M-STND-XX, RUGGEDCOM RS900MNC-GETS-C01, RUGGEDCOM RS900MNC-GETS-XX, RUGGEDCOM RS900MNC-STND-XX, RUGGEDCOM RS900MNC-STND-XX-C01, RUGGEDCOM RS900NC, RUGGEDCOM RS900NC(32M) V4.X, RUGGEDCOM RS900NC(32M) V5.X, RUGGEDCOM RS900W, RUGGEDCOM RS910, RUGGEDCOM RS910L, RUGGEDCOM RS910LNC, RUGGEDCOM RS910NC, RUGGEDCOM RS910W, RUGGEDCOM RS920L, RUGGEDCOM RS920LNC, RUGGEDCOM RS920W, RUGGEDCOM RS930L, RUGGEDCOM RS930LNC, RUGGEDCOM RS930W, RUGGEDCOM RS940G, RUGGEDCOM RS940GF, RUGGEDCOM RS940GNC, RUGGEDCOM RS969, RUGGEDCOM RS969NC, RUGGEDCOM RSG2100, RUGGEDCOM RSG2100 (32M) V4.X, RUGGEDCOM RSG2100 (32M) V5.X, RUGGEDCOM RSG2100F, RUGGEDCOM RSG2100NC, RUGGEDCOM RSG2100NC(32M) V4.X, RUGGEDCOM RSG2100NC(32M) V5.X, RUGGEDCOM RSG2100P, RUGGEDCOM RSG2100PF, RUGGEDCOM RSG2100PNC, RUGGEDCOM RSG2200, RUGGEDCOM RSG2200F, RUGGEDCOM RSG2200NC, RUGGEDCOM RSG2288 V4.X, RUGGEDCOM RSG2288 V5.X, RUGGEDCOM RSG2288NC V4.X, RUGGEDCOM RSG2288NC V5.X, RUGGEDCOM RSG2300 V4.X, RUGGEDCOM RSG2300 V5.X, RUGGEDCOM RSG2300F, RUGGEDCOM RSG2300NC V4.X, RUGGEDCOM RSG2300NC V5.X, RUGGEDCOM RSG2300P V4.X, RUGGEDCOM RSG2300P V5.X, RUGGEDCOM RSG2300PF, RUGGEDCOM RSG2300PNC V4.X, RUGGEDCOM RSG2300PNC V5.X, RUGGEDCOM RSG2488 V4.X, RUGGEDCOM RSG2488 V5.X, RUGGEDCOM RSG2488F, RUGGEDCOM RSG2488NC V4.X, RUGGEDCOM RSG2488NC V5.X, RUGGEDCOM RSG907R, RUGGEDCOM RSG908C, RUGGEDCOM RSG909R, RUGGEDCOM RSG910C, RUGGEDCOM RSG920P V4.X, RUGGEDCOM RSG920P V5.X, RUGGEDCOM RSG920PNC V4.X, RUGGEDCOM RSG920PNC V5.X, RUGGEDCOM RSL910, RUGGEDCOM RSL910NC, RUGGEDCOM RST2228, RUGGEDCOM RST2228P, RUGGEDCOM RST916C, RUGGEDCOM RST916P. The web server of the affected devices contains a vulnerability that may lead to a denial of service condition.\r\nAn attacker may cause total loss of availability of the web server, which might recover after the attack is over.https://nvd.nist.gov/vuln/detail/CVE-2023-39269
CVE-2023-39419A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 7). The affected applications contain an out of bounds write past the end of an allocated structure while parsing specially crafted DFT files. This could allow an attacker to execute code in the context of the current process.https://nvd.nist.gov/vuln/detail/CVE-2023-39419
CVE-2023-39549A vulnerability has been identified in Solid Edge SE2023 (All versions < V223.0 Update 2). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted DWG file. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-19562)https://nvd.nist.gov/vuln/detail/CVE-2023-39549
CVE-2023-27412Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest themes Mocho Blog theme <= 1.0.4 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-27412
CVE-2023-27416Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Decon Digital Decon WP SMS plugin <= 1.1 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-27416
CVE-2023-27421Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest themes Everest News theme <= 1.1.0 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-27421
CVE-2023-27422Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in NsThemes NS Coupon To Become Customer plugin <= 1.2.2 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-27422
CVE-2023-29099Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Elegant themes Divi theme <= 4.20.2 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-29099
CVE-2023-32503Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in GTmetrix GTmetrix for WordPress plugin <= 0.4.6 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-32503
CVE-2023-36692Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Christian Kramer & Hendrik Thole WP-Cirrus plugin <= 0.6.11 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-36692
CVE-2023-4202Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the device name field of the web-interface.\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-4202
CVE-2023-4203Advantech EKI-1524, EKI-1522, EKI-1521 devices through 1.21 are affected by a Stored Cross-Site Scripting vulnerability, which can be triggered by authenticated users in the ping tool of the web-interface.\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-4203
CVE-2022-45821Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in NooTheme Noo Timetable plugin <= 2.1.3 versions.https://nvd.nist.gov/vuln/detail/CVE-2022-45821
CVE-2023-23829Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pierre JEHAN Owl Carousel plugin <= 0.5.3 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-23829
CVE-2023-23877Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in bkmacdaddy designs Pinterest RSS Widget plugin <= 2.3.1 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-23877
CVE-2023-23880Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in ExactMetrics plugin <= 7.14.1 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-23880
CVE-2023-24409Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution WP Responsive Tabs horizontal vertical and accordion Tabs plugin <= 1.1.15 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-24409
CVE-2023-24413Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution WordPress vertical image slider plugin <= 1.2.16 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-24413
CVE-2023-25063Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Anadnet Quick Page/Post Redirect Plugin plugin <= 5.2.3 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-25063
CVE-2023-25459Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Postsnippets Post Snippets plugin <= 4.0.2 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-25459
CVE-2023-27415Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Themeqx LetterPress plugin <= 1.1.2 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-27415
CVE-2023-27627Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in eggemplo Woocommerce Email Report plugin <= 2.4 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-27627
CVE-2023-37682Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php-jms/deductScores.php.https://nvd.nist.gov/vuln/detail/CVE-2023-37682
CVE-2023-37683Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Profile Page of the Admin.https://nvd.nist.gov/vuln/detail/CVE-2023-37683
CVE-2023-37684Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Search Report Details of the Admin portal.https://nvd.nist.gov/vuln/detail/CVE-2023-37684
CVE-2023-37685Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Search Report Page of the Admin portal.https://nvd.nist.gov/vuln/detail/CVE-2023-37685
CVE-2023-37686Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Add Nurse Page in the Admin portal.https://nvd.nist.gov/vuln/detail/CVE-2023-37686
CVE-2023-37687Online Nurse Hiring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the View Request of Nurse Page in the Admin portal.https://nvd.nist.gov/vuln/detail/CVE-2023-37687
CVE-2023-37688Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Admin page.https://nvd.nist.gov/vuln/detail/CVE-2023-37688
CVE-2023-37689Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Booking Request page.https://nvd.nist.gov/vuln/detail/CVE-2023-37689
CVE-2023-37690Maid Hiring Management System v1.0 was discovered to contain a SQL injection vulnerability in the Search Maid page.https://nvd.nist.gov/vuln/detail/CVE-2023-37690
CVE-2023-25984Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Rigorous & Factory Pattern Dovetail plugin <= 1.2.13 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-25984
CVE-2023-28773Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Kolja Nolte Secondary Title plugin <= 2.0.9.1 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-28773
CVE-2023-28931Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Never5 Post Connector plugin <= 1.0.9 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-28931
CVE-2023-28934Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Mammothology WP Full Stripe Free plugin <= 1.6.1 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-28934
CVE-2023-30482Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in VillaTheme WPBulky plugin <= 1.0.10 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-30482
CVE-2023-31221Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ransom Christofferson PDQ CSV plugin <= 1.0.0 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-31221
CVE-2023-32292Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in GetButton Chat Button by GetButton.Io plugin <= 1.8.9.4 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-32292
CVE-2023-36546An issue in PEStudio v.9.52 allows a remote attacker to execute arbitrary code via a crafted DLL file to the PESstudio exeutable.https://nvd.nist.gov/vuln/detail/CVE-2023-36546
CVE-2023-38384Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Syntactics, Inc. EaSYNC plugin <= 1.3.7 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-38384
CVE-2023-4219A vulnerability was found in SourceCodester Doctors Appointment System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file login.php. The manipulation of the argument useremail leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-236365 was assigned to this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-4219
CVE-2023-24698Insufficient parameter validation in the Foswiki::Sandbox component of Foswiki v2.1.7 and below allows attackers to perform a directory traversal via supplying a crafted web request.https://nvd.nist.gov/vuln/detail/CVE-2023-24698
CVE-2023-2423\nA vulnerability was discovered in the Rockwell Automation Armor PowerFlex device when the product sends communications to the local event log. Threat actors could exploit this vulnerability by sending an influx of network commands, causing the product to generate an influx of event log traffic at a high rate. If exploited, the product would stop normal operations and self-reset creating a denial-of-service condition. The error code would need to be cleared prior to resuming normal operations.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-2423
CVE-2023-33756An issue in the SpreadSheetPlugin component of Foswiki v2.1.7 and below allows attackers to execute a directory traversal.https://nvd.nist.gov/vuln/detail/CVE-2023-33756
CVE-2023-36136PHPJabbers Class Scheduling System 1.0 lacks encryption on the password when editing a user account (update user page) allowing an attacker to capture all user names and passwords in clear text.https://nvd.nist.gov/vuln/detail/CVE-2023-36136
CVE-2023-36306A Cross Site Scripting (XSS) vulnerability in Adiscon Aiscon LogAnalyzer through 4.1.13 allows a remote attacker to execute arbitrary code via the asktheoracle.php, details.php, index.php, search.php, export.php, reports.php, and statistics.php components.https://nvd.nist.gov/vuln/detail/CVE-2023-36306
CVE-2023-38758Cross Site Scripting vulnerability in wger Project wger Workout Manager v.2.2.0a3 allows a remote attacker to gain privileges via the license_author field in the add-ingredient function in the templates/ingredients/view.html, models/ingredients.py, and views/ingredients.py components.https://nvd.nist.gov/vuln/detail/CVE-2023-38758
CVE-2023-38759Cross Site Request Forgery (CSRF) vulnerability in wger Project wger Workout Manager 2.2.0a3 allows a remote attacker to gain privileges via the user-management feature in the gym/views/gym.py, templates/gym/reset_user_password.html, templates/user/overview.html, core/views/user.py, and templates/user/preferences.html, core/forms.py components.https://nvd.nist.gov/vuln/detail/CVE-2023-38759
CVE-2023-38760SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the role and gender parameters within the /QueryView.php component.https://nvd.nist.gov/vuln/detail/CVE-2023-38760
CVE-2023-38761Cross Site Scripting (XSS) vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to execute arbitrary code via a crafted payload to the systemSettings.php component.https://nvd.nist.gov/vuln/detail/CVE-2023-38761
CVE-2023-38762SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the friendmonths parameter within the /QueryView.php.https://nvd.nist.gov/vuln/detail/CVE-2023-38762
CVE-2023-38763SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the FundRaiserID parameter within the /FundRaiserEditor.php endpoint.https://nvd.nist.gov/vuln/detail/CVE-2023-38763
CVE-2023-38764SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the birthmonth and percls parameters within the /QueryView.php.https://nvd.nist.gov/vuln/detail/CVE-2023-38764
CVE-2023-38765SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the membermonth parameter within the /QueryView.php.https://nvd.nist.gov/vuln/detail/CVE-2023-38765
CVE-2023-38766Cross Site Scripting (XSS) vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to execute arbitrary code via a crafted payload to the PersonView.php component.https://nvd.nist.gov/vuln/detail/CVE-2023-38766
CVE-2023-38767SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the 'value' and 'custom' parameters within the /QueryView.php.https://nvd.nist.gov/vuln/detail/CVE-2023-38767
CVE-2023-38768SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the PropertyID parameter within the /QueryView.php.https://nvd.nist.gov/vuln/detail/CVE-2023-38768
CVE-2023-38769SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the searchstring and searchwhat parameters within the /QueryView.php.https://nvd.nist.gov/vuln/detail/CVE-2023-38769
CVE-2023-38770SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the group parameter within the /QueryView.php.https://nvd.nist.gov/vuln/detail/CVE-2023-38770
CVE-2023-38771SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the volopp parameter within the /QueryView.php.https://nvd.nist.gov/vuln/detail/CVE-2023-38771
CVE-2023-38773SQL injection vulnerability in ChurchCRM v.5.0.0 allows a remote attacker to obtain sensitive information via the volopp1 and volopp2 parameters within the /QueryView.php.https://nvd.nist.gov/vuln/detail/CVE-2023-38773
CVE-2023-37646An issue in the CAB file extraction function of Bitberry File Opener v23.0 allows attackers to execute a directory traversal.https://nvd.nist.gov/vuln/detail/CVE-2023-37646
CVE-2023-39532SES is a JavaScript environment that allows safe execution of arbitrary programs in Compartments. In version 0.18.0 prior to 0.18.7, 0.17.0 prior to 0.17.1, 0.16.0 prior to 0.16.1, 0.15.0 prior to 0.15.24, 0.14.0 prior to 0.14.5, an 0.13.0 prior to 0.13.5, there is a hole in the confinement of guest applications under SES that may manifest as either the ability to exfiltrate information or execute arbitrary code depending on the configuration and implementation of the surrounding host.\n\nGuest program running inside a Compartment with as few as no endowments can gain access to the surrounding host’s dynamic import by using dynamic import after the spread operator, like `{...import(arbitraryModuleSpecifier)}`.\n\nOn the web or in web extensions, a Content-Security-Policy following ordinary best practices likely mitigates both the risk of exfiltration and execution of arbitrary code, at least limiting the modules that the attacker can import to those that are already part of the application. However, without a Content-Security-Policy, dynamic import can be used to issue HTTP requests for either communication through the URL or for the execution of code reachable from that origin.\n\nWithin an XS worker, an attacker can use the host’s module system to the extent that the host has been configured. This typically only allows access to module code on the host’s file system and is of limited use to an attacker.\n\nWithin Node.js, the attacker gains access to Node.js’s module system. Importing the powerful builtins is not useful except insofar as there are side-effects and tempered because dynamic import returns a promise. Spreading a promise into an object renders the promises useless. However, Node.js allows importing data URLs, so this is a clear path to arbitrary execution.\n\nVersions 0.18.7, 0.17.1, 0.16.1, 0.15.24, 0.14.5, and 0.13.5 contain a patch for this issue. Some workarounds are available. On the web, providing a suitably constrained Content-Security-Policy mitigates most of the threat. With XS, building a binary that lacks the ability to load modules at runtime mitigates the entirety of the threat. That will look like an implementation of `fxFindModule` in a file like `xsPlatform.c` that calls `fxRejectModuleFile`.https://nvd.nist.gov/vuln/detail/CVE-2023-39532
CVE-2023-20555Insufficient input validation in\nCpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting\nan arbitrary bit in an attacker-controlled pointer potentially leading to\narbitrary code execution in SMM.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-20555
CVE-2023-20556\n\n\n\n\nInsufficient validation of the IOCTL (Input Output Control) input buffer in AMD ?Prof may allow an authenticated user to send an arbitrary buffer potentially resulting in a Windows crash leading to denial of service.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-20556
CVE-2023-20561\n\n\n\n\n\n\nInsufficient validation of the IOCTL (Input Output Control) input buffer in AMD ?Prof may allow an authenticated user to send an arbitrary address potentially resulting in a Windows crash leading to denial of service.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-20561
CVE-2023-20562\n\n\nInsufficient validation in the IOCTL (Input Output Control) input buffer in AMD uProf may allow an authenticated user to load an unsigned driver potentially leading to arbitrary kernel execution.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-20562
CVE-2023-20569\n\n\nA side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled?address, potentially leading to information disclosure.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-20569
CVE-2023-20586\nA potential vulnerability was reported in Radeon™ Software Crimson ReLive Edition which may allow escalation of privilege. Radeon™ Software Crimson ReLive Edition falls outside of the security support lifecycle and AMD does not plan to release any mitigations\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-20586
CVE-2023-20588\nA division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. \n\n\n\n\n\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-20588
CVE-2023-20589\nAn attacker with specialized hardware and physical access to an impacted device may be able to perform a voltage fault injection attack resulting in compromise of the ASP secure boot potentially leading to arbitrary code execution. \n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-20589
CVE-2023-36532Buffer overflow in Zoom Clients before 5.14.5 may allow an unauthenticated user to enable a denial of service via network access.https://nvd.nist.gov/vuln/detail/CVE-2023-36532
CVE-2023-36533Uncontrolled resource consumption in Zoom SDKs before 5.14.7 may allow an unauthenticated user to enable a denial of service via network access.https://nvd.nist.gov/vuln/detail/CVE-2023-36533
CVE-2023-36534Path traversal in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an escalation of privilege via network access.https://nvd.nist.gov/vuln/detail/CVE-2023-36534
CVE-2023-36535Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow an authenticated user to enable information disclosure via network access.https://nvd.nist.gov/vuln/detail/CVE-2023-36535
CVE-2023-36540Untrusted search path in the installer for Zoom Desktop Client for Windows before 5.14.5 may allow an authenticated user to enable an escalation of privilege via local access.https://nvd.nist.gov/vuln/detail/CVE-2023-36540
CVE-2023-36541Insufficient verification of data authenticity in Zoom Desktop Client for Windows before 5.14.5 may allow an authenticated user to enable an escalation of privilege via network access.https://nvd.nist.gov/vuln/detail/CVE-2023-36541
CVE-2023-39216Improper input validation in Zoom Desktop Client for Windows before 5.14.7 may allow an unauthenticated user to enable an escalation of privilege via network access.https://nvd.nist.gov/vuln/detail/CVE-2023-39216
CVE-2023-39217Improper input validation in Zoom SDK’s before 5.14.10 may allow an unauthenticated user to enable a denial of service via network access.https://nvd.nist.gov/vuln/detail/CVE-2023-39217
CVE-2023-39218Client-side enforcement of server-side security in Zoom clients before 5.14.10 may allow a privileged user to enable information disclosure via network access.https://nvd.nist.gov/vuln/detail/CVE-2023-39218
CVE-2023-39342Dangerzone is software for converting potentially dangerous PDFs, office documents, or images to safe PDFs. The Dangerzone CLI (`dangerzone-cli` command) logs output from the container where the file sanitization takes place, to the user's terminal. Prior to version 0.4.2, if the container is compromised and can return attacker-controlled strings, then the attacker may be able to spoof messages in the user's terminal or change the window title. Besides logging output from containers, it also logs the names of the files it sanitizes. If these files contain ANSI escape sequences, then the same issue applies. Dangerzone is predominantly a GUI application, so this issue should leave most of our users unaffected. Nevertheless, we always suggest updating to the newest version. This issue is fixed in Dangerzone 0.4.2.https://nvd.nist.gov/vuln/detail/CVE-2023-39342
CVE-2023-3894Those using jackson-dataformats-text to parse TOML data may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. This effect may support a denial of service attack.\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-3894
CVE-2023-39518social-media-skeleton is an uncompleted social media project implemented using PHP, MySQL, CSS, JavaScript, and HTML. Versions 1.0.0 until 1.0.3 have a stored cross-site scripting vulnerability. The problem is patched in v1.0.3.\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-39518
CVE-2023-39533go-libp2p is the Go implementation of the libp2p Networking Stack. Prior to versions 0.27.8, 0.28.2, and 0.29.1 malicious peer can use large RSA keys to run a resource exhaustion attack & force a node to spend time doing signature verification of the large key. This vulnerability is present in the core/crypto module of go-libp2p and can occur during the Noise handshake and the libp2p x509 extension verification step. To prevent this attack, go-libp2p versions 0.27.8, 0.28.2, and 0.29.1 restrict RSA keys to <= 8192 bits. To protect one's application, it is necessary to update to these patch releases and to use the updated Go compiler in 1.20.7 or 1.19.12. There are no known workarounds for this issue.https://nvd.nist.gov/vuln/detail/CVE-2023-39533
CVE-2023-40041TOTOLINK T10_v2 5.9c.5061_B20200511 has a stack-based buffer overflow in setWiFiWpsConfig in /lib/cste_modules/wps.so. Attackers can send crafted data in an MQTT packet, via the pin parameter, to control the return address and execute code.https://nvd.nist.gov/vuln/detail/CVE-2023-40041
CVE-2023-40042TOTOLINK T10_v2 5.9c.5061_B20200511 has a stack-based buffer overflow in setStaticDhcpConfig in /lib/cste_modules/lan.so. Attackers can send crafted data in an MQTT packet, via the comment parameter, to control the return address and execute code.https://nvd.nist.gov/vuln/detail/CVE-2023-40042
CVE-2023-26961Alteryx Server 2022.1.1.42590 does not employ file type verification for uploaded files. This vulnerability allows attackers to upload arbitrary files by changing the extension of the uploaded file.https://nvd.nist.gov/vuln/detail/CVE-2023-26961
CVE-2023-36344An issue in Diebold Nixdorf Vynamic View Console v.5.3.1 and before allows a local attacker to execute arbitrary code via not restricting the search path for required DLLs and not verifying the signature.https://nvd.nist.gov/vuln/detail/CVE-2023-36344
CVE-2023-36482An issue was discovered in Samsung NFC S3NRN4V, S3NSN4V, S3NSEN4, SEN82AB, and S3NRN82. A buffer copy without checking its input size can cause an NFC service restart.https://nvd.nist.gov/vuln/detail/CVE-2023-36482
CVE-2023-39086ASUS RT-AC66U B1 3.0.0.4.286_51665 was discovered to transmit sensitive information in cleartext.https://nvd.nist.gov/vuln/detail/CVE-2023-39086
CVE-2023-39209\nImproper input validation in Zoom Desktop Client for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via network access.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-39209
CVE-2023-39210Cleartext storage of sensitive information in Zoom Client SDK for Windows before 5.15.0 may allow an authenticated user to enable an information disclosure via local access.https://nvd.nist.gov/vuln/detail/CVE-2023-39210
CVE-2023-39211Improper privilege management in Zoom Desktop Client for Windows and Zoom Rooms for Windows before 5.15.5 may allow an authenticated user to enable an information disclosure via local access.https://nvd.nist.gov/vuln/detail/CVE-2023-39211
CVE-2023-39212\nUntrusted search path in Zoom Rooms for Windows before version 5.15.5 may allow an authenticated user to enable a denial of service via local access.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-39212
CVE-2023-39213\nImproper neutralization of special elements in Zoom Desktop Client for Windows and Zoom VDI Client before 5.15.2 may allow an unauthenticated user to enable an escalation of privilege via network access.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-39213
CVE-2023-39214\nExposure of sensitive information in Zoom Client SDK's before 5.15.5 may allow an authenticated user to enable a denial of service via network access.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-39214
CVE-2023-39951OpenTelemetry Java Instrumentation provides OpenTelemetry auto-instrumentation and instrumentation libraries for Java. OpenTelemetry Java Instrumentation prior to version 1.28.0 contains an issue related to the instrumentation of Java applications using the AWS SDK v2 with Amazon Simple Email Service (SES) v1 API. When SES POST requests are instrumented, the query parameters of the request are inserted into the trace `url.path` field. This behavior leads to the http body, containing the email subject and message, to be present in the trace request url metadata. Any user using a version before 1.28.0 of OpenTelemetry Java Instrumentation to instrument AWS SDK v2 call to SES’s v1 SendEmail API is affected. The e-mail content sent to SES may end up in telemetry backend. This exposes the e-mail content to unintended audiences. The issue can be mitigated by updating OpenTelemetry Java Instrumentation to version 1.28.0 or later.https://nvd.nist.gov/vuln/detail/CVE-2023-39951
Tags
Bulletins
Share