Security Bulletin 20 Sep 2023

Published on 20 Sep 2023

SingCERT's Security Bulletin summarises the list of vulnerabilities collated from the National Institute of Standards and Technology (NIST)'s National Vulnerability Database (NVD) in the past week.

The vulnerabilities are tabled based on severity, in accordance to their CVSSv3 base scores:


Criticalvulnerabilities with a base score of 9.0 to 10.0
Highvulnerabilities with a base score of 7.0 to 8.9
Mediumvulnerabilities with a base score of 4.0 to 6.9
Lowvulnerabilities with a base score of 0.1 to 3.9
Nonevulnerabilities with a base score of 0.0

For those vulnerabilities without assigned CVSS scores, please visit NVD for the updated CVSS vulnerability entries.

CRITICAL VULNERABILITIES
CVE NumberDescriptionBase ScoreReference
CVE-2023-39967WireMock is a tool for mocking HTTP services. When certain request URLs like “@127.0.0.1:1234" are used in WireMock Studio configuration fields, the request might be forwarded to an arbitrary service reachable from WireMock’s instance. There are 3 identified potential attack vectors: via “TestRequester” functionality, webhooks and the proxy mode. As we can control HTTP Method, HTTP Headers, HTTP Data, it allows sending requests with the default level of credentials for the WireMock instance. The vendor has discontinued the affected Wiremock studio product and there will be no fix. Users are advised to find alternatives.10https://nvd.nist.gov/vuln/detail/CVE-2023-39967
CVE-2023-4662Execution with Unnecessary Privileges vulnerability in Saphira Saphira Connect allows Remote Code Inclusion.This issue affects Saphira Connect: before 9.\n\n10https://nvd.nist.gov/vuln/detail/CVE-2023-4662
CVE-2023-40622SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, under certain condition allows an authenticated attacker to view sensitive information which is otherwise restricted. On successful exploitation, the attacker can completely compromise the application causing high impact on confidentiality, integrity, and availability.\n\n9.9https://nvd.nist.gov/vuln/detail/CVE-2023-40622
CVE-2023-4994The Allow PHP in Posts and Pages plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 3.0.4 via the 'php' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to execute code on the server.9.9https://nvd.nist.gov/vuln/detail/CVE-2023-4994
CVE-2016-5180Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot.9.8https://nvd.nist.gov/vuln/detail/CVE-2016-5180
CVE-2017-15095A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously.9.8https://nvd.nist.gov/vuln/detail/CVE-2017-15095
CVE-2018-20396NET&SYS MNG2120J 5.76.1006c and MNG6300 5.83.6305jrc2 devices allow remote attackers to discover credentials via iso.3.6.1.4.1.4491.2.4.1.1.6.1.1.0 and iso.3.6.1.4.1.4491.2.4.1.1.6.1.2.0 SNMP requests.9.8https://nvd.nist.gov/vuln/detail/CVE-2018-20396
CVE-2018-14718FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.9.8https://nvd.nist.gov/vuln/detail/CVE-2018-14718
CVE-2018-14719FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deserialization.9.8https://nvd.nist.gov/vuln/detail/CVE-2018-14719
CVE-2019-14379SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-14379
CVE-2019-14540A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariConfig.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-14540
CVE-2019-16335A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDataSource. This is a different vulnerability than CVE-2019-14540.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-16335
CVE-2019-16943A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the p6spy (3.8.6) jar in the classpath, and an attacker can find an RMI service endpoint to access, it is possible to make the service execute a malicious payload. This issue exists because of com.p6spy.engine.spy.P6DataSource mishandling.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-16943
CVE-2019-17267A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to net.sf.ehcache.hibernate.EhcacheJtaTransactionManagerLookup.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-17267
CVE-2019-17531A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.0.0 through 2.9.10. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the apache-log4j-extra (version 1.2.x) jar in the classpath, and an attacker can provide a JNDI service to access, it is possible to make the service execute a malicious payload.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-17531
CVE-2019-20330FasterXML jackson-databind 2.x before 2.9.10.2 lacks certain net.sf.ehcache blocking.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-20330
CVE-2020-9547FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.ibatis.sqlmap.engine.transaction.jta.JtaTransactionConfig (aka ibatis-sqlmap).9.8https://nvd.nist.gov/vuln/detail/CVE-2020-9547
CVE-2020-9548FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).9.8https://nvd.nist.gov/vuln/detail/CVE-2020-9548
CVE-2019-14892A flaw was discovered in jackson-databind in versions before 2.9.10, 2.8.11.5 and 2.6.7.3, where it would permit polymorphic deserialization of a malicious object using commons-configuration 1 and 2 JNDI classes. An attacker could use this flaw to execute arbitrary code.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-14892
CVE-2020-13927The previous default setting for Airflow's Experimental API was to allow all API requests without authentication, but this poses security risks to users who miss this fact. From Airflow 1.10.11 the default has been changed to deny all requests by default and is documented at https://airflow.apache.org/docs/1.10.11/security.html#api-authentication. Note this change fixes it for new installs but existing users need to change their config to default `[api]auth_backend = airflow.api.auth.backend.deny_all` as mentioned in the Updating Guide: https://github.com/apache/airflow/blob/1.10.11/UPDATING.md#experimental-api-will-deny-all-request-by-default9.8https://nvd.nist.gov/vuln/detail/CVE-2020-13927
CVE-2022-24568Novel-plus v3.6.0 was discovered to be vulnerable to Server-Side Request Forgery (SSRF) via user-supplied crafted input.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-24568
CVE-2021-41921novel-plus V3.6.1 allows unrestricted file uploads. Unrestricted file suffixes and contents can lead to server attacks and arbitrary code execution.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-41921
CVE-2021-42967Unrestricted file upload in /novel-admin/src/main/java/com/java2nb/common/controller/FileController.java in novel-plus all versions allows allows an attacker to upload malicious JSP files.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-42967
CVE-2022-35121Novel-Plus v3.6.1 was discovered to contain a SQL injection vulnerability via the keyword parameter at /service/impl/BookServiceImpl.java.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-35121
CVE-2022-36672Novel-Plus v3.6.2 was discovered to contain a hard-coded JWT key located in the project config file. This vulnerability allows attackers to create a custom user session.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-36672
CVE-2022-23468xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP).\nxrdp < v0.9.21 contain a buffer over flow in xrdp_login_wnd_create() function. There are no known workarounds for this issue. Users are advised to upgrade.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-23468
CVE-2022-23477xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP).\nxrdp < v0.9.21 contain a buffer over flow in audin_send_open() function. There are no known workarounds for this issue. Users are advised to upgrade.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-23477
CVE-2022-23478xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP).\nxrdp < v0.9.21 contain a Out of Bound Write in xrdp_mm_trans_process_drdynvc_channel_open() function. There are no known workarounds for this issue. Users are advised to upgrade.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-23478
CVE-2022-23479xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP).\nxrdp < v0.9.21 contain a buffer over flow in xrdp_mm_chan_data_in() function. There are no known workarounds for this issue. Users are advised to upgrade.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-23479
CVE-2022-23480xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP).\nxrdp < v0.9.21 contain a buffer over flow in devredir_proc_client_devlist_announce_req() function. There are no known workarounds for this issue. Users are advised to upgrade.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-23480
CVE-2022-23484xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP).\nxrdp < v0.9.21 contain a Integer Overflow in xrdp_mm_process_rail_update_window_text() function. There are no known workarounds for this issue. Users are advised to upgrade.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-23484
CVE-2022-45141Since the Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability was disclosed by Microsoft on Nov 8 2022 and per RFC8429 it is assumed that rc4-hmac is weak, Vulnerable Samba Active Directory DCs will issue rc4-hmac encrypted tickets despite the target server supporting better encryption (eg aes256-cts-hmac-sha1-96).9.8https://nvd.nist.gov/vuln/detail/CVE-2022-45141
CVE-2023-1594A vulnerability, which was classified as critical, was found in novel-plus 3.6.2. Affected is the function MenuService of the file sys/menu/list. The manipulation of the argument sort leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-223662 is the identifier assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-1594
CVE-2023-1606A vulnerability was found in novel-plus 3.6.2 and classified as critical. Affected by this issue is some unknown functionality of the file DictController.java. The manipulation of the argument orderby leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223736.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-1606
CVE-2023-28879In Artifex Ghostscript through 10.01.0, there is a buffer overflow leading to potential corruption of data internal to the PostScript interpreter, in base/sbcp.c. This affects BCPEncode, BCPDecode, TBCPEncode, and TBCPDecode. If the write buffer is filled to one byte less than full, and one then tries to write an escaped character, two bytes are written.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-28879
CVE-2023-26068Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 2 of 4).9.8https://nvd.nist.gov/vuln/detail/CVE-2023-26068
CVE-2023-23451The Flexi Classic and Flexi Soft Gateways SICK UE410-EN3 FLEXI ETHERNET GATEW. with serial number <=2311xxxx all Firmware versions, SICK UE410-EN1 FLEXI ETHERNET GATEW. with serial number <=2311xxxx all Firmware versions, SICK UE410-EN3S04 FLEXI ETHERNET GATEW. with serial number <=2311xxxx all Firmware versions, SICK UE410-EN4 FLEXI ETHERNET GATEW. with serial number <=2311xxxx all Firmware versions, SICK FX0-GENT00000 FLEXISOFT EIP GATEW. with serial number <=2311xxxx with Firmware <=V2.11.0, SICK FX0-GMOD00000 FLEXISOFT MOD GATEW. with serial number <=2311xxxx with Firmware <=V2.11.0, SICK FX0-GPNT00000 FLEXISOFT PNET GATEW. with serial number <=2311xxxx with Firmware <=V2.12.0, SICK FX0-GENT00030 FLEXISOFT EIP GATEW.V2 with serial number <=2311xxxx all Firmware versions, SICK FX0-GPNT00030 FLEXISOFT PNET GATEW.V2 with serial number <=2311xxxx all Firmware versions and SICK FX0-GMOD00010 FLEXISOFT MOD GW with serial number <=2311xxxx with Firmware <=V2.11.0 all have Telnet enabled by factory default. No password is set in the default configuration.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-23451
CVE-2023-37466vm2 is an advanced vm/sandbox for Node.js. The library contains critical security issues and should not be used for production. The maintenance of the project has been discontinued. In vm2 for versions up to 3.9.19, `Promise` handler sanitization can be bypassed with the `@@species` accessor property allowing attackers to escape the sandbox and run arbitrary code, potentially allowing remote code execution inside the context of vm2 sandbox.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-37466
CVE-2023-3695A vulnerability classified as critical has been found in Campcodes Beauty Salon Management System 1.0. Affected is an unknown function of the file add-product.php. The manipulation of the argument category leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-234252.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-3695
CVE-2023-34478Apache Shiro, before 1.12.0 or 2.0.0-alpha-3, may be susceptible to a path traversal attack that results in an authentication bypass when used together with APIs or other web frameworks that route requests based on non-normalized requests.\n\nMitigation: Update to Apache Shiro 1.12.0+ or 2.0.0-alpha-3+\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-34478
CVE-2023-39551PHPGurukul Online Security Guards Hiring System v.1.0 is vulnerable to SQL Injection via osghs/admin/search.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-39551
CVE-2023-32560An attacker can send a specially crafted message to the Wavelink Avalanche Manager, which could result in service disruption or arbitrary code execution.\n\nThanks to a Researcher at Tenable for finding and reporting.\n\nFixed in version 6.4.1.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-32560
CVE-2023-25775Improper access control in the Intel(R) Ethernet Controller RDMA driver for linux before version 1.9.30 may allow an unauthenticated user to potentially enable escalation of privilege via network access.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-25775
CVE-2023-32002The use of `Module._load()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.\n\nThis vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x.\n\nPlease note that at the time this CVE was issued, the policy is an experimental feature of Node.js.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-32002
CVE-2023-38035A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-38035
CVE-2020-22217Buffer overflow vulnerability in c-ares before 1_16_1 thru 1_17_0 via function ares_parse_soa_reply in ares_parse_soa_reply.c.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-22217
CVE-2021-29390libjpeg-turbo version 2.0.90 has a heap-based buffer over-read (2 bytes) in decompress_smooth_data in jdcoefct.c.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-29390
CVE-2021-32292An issue was discovered in json-c from 20200420 (post 0.14 unreleased code) through 0.15-20200726. A stack-buffer-overflow exists in the auxiliary sample program json_parse which is located in the function parseit.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-32292
CVE-2022-48522In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-48522
CVE-2023-41361An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not check for an overly large length of the rcv software version.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-41361
CVE-2023-36328Integer Overflow vulnerability in mp_grow in libtom libtommath before commit beba892bc0d4e4ded4d667ab1d2a94f4d75109a9, allows attackers to execute arbitrary code and cause a denial of service (DoS).9.8https://nvd.nist.gov/vuln/detail/CVE-2023-36328
CVE-2023-0925Version 10.11 of webMethods OneData runs an embedded instance of Azul Zulu Java 11.0.15 which hosts a Java RMI registry (listening on TCP port 2099 by default) and two RMI interfaces (listening on a single, dynamically assigned TCP high port).\r\n\r\nPort 2099 serves as a Java Remote Method Invocation (RMI) registry which allows for remotely loading and processing data via RMI interfaces. An unauthenticated attacker with network connectivity to the RMI registry and RMI interface ports can abuse this functionality to instruct the webMethods OneData application to load a malicious serialized Java object as a parameter to one of the available Java methods presented by the RMI interface. Once deserialized on the vulnerable server, the malicious code runs as whichever operating system account is used to run the software, which in most cases is the local System account on Windows.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-0925
CVE-2023-20238A vulnerability in the single sign-on (SSO) implementation of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow an unauthenticated, remote attacker to forge the credentials required to access an affected system.\r\n\r This vulnerability is due to the method used to validate SSO tokens. An attacker could exploit this vulnerability by authenticating to the application with forged credentials. A successful exploit could allow the attacker to commit toll fraud or to execute commands at the privilege level of the forged account. If that account is an Administrator account, the attacker would have the ability to view confidential information, modify customer settings, or modify settings for other users. To exploit this vulnerability, the attacker would need a valid user ID that is associated with an affected Cisco BroadWorks system.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-20238
CVE-2023-30908A remote authentication bypass issue exists in a OneView API.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-30908
CVE-2023-42276hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonArray.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-42276
CVE-2023-42277hutool v5.8.21 was discovered to contain a buffer overflow via the component jsonObject.putByPath.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-42277
CVE-2023-4845A vulnerability was found in SourceCodester Simple Membership System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file account_edit_query.php. The manipulation of the argument admin_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-239254 is the identifier assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-4845
CVE-2023-4848A vulnerability classified as critical was found in SourceCodester Simple Book Catalog App 1.0. Affected by this vulnerability is an unknown functionality of the file delete_book.php. The manipulation of the argument delete leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239257 was assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-4848
CVE-2023-4849A vulnerability, which was classified as critical, has been found in IBOS OA 4.5.5. Affected by this issue is some unknown functionality of the file ?r=file/dashboard/trash&op=del. The manipulation of the argument fids leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-239258 is the identifier assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-4849
CVE-2023-4850A vulnerability, which was classified as critical, was found in IBOS OA 4.5.5. This affects an unknown part of the file ?r=dashboard/position/del. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239259.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-4850
CVE-2023-4851A vulnerability has been found in IBOS OA 4.5.5 and classified as critical. This vulnerability affects unknown code of the file ?r=dashboard/position/edit&op=member. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239260.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-4851
CVE-2023-4852A vulnerability was found in IBOS OA 4.5.5 and classified as critical. This issue affects some unknown processing of the file ?r=dashboard/database/optimize. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239261 was assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-4852
CVE-2023-4866A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0 and classified as critical. This issue affects the function exec of the file booking.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239351.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-4866
CVE-2023-4871A vulnerability classified as critical was found in SourceCodester Contact Manager App 1.0. This vulnerability affects unknown code of the file delete.php. The manipulation of the argument contact/contactName leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239356.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-4871
CVE-2023-4872A vulnerability, which was classified as critical, has been found in SourceCodester Contact Manager App 1.0. This issue affects some unknown processing of the file add.php. The manipulation of the argument contact/contactName leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239357 was assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-4872
CVE-2023-4873A vulnerability, which was classified as critical, was found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230906. Affected is an unknown function of the file /importexport.php. The manipulation of the argument sql leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-239358 is the identifier assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-4873
CVE-2023-40039An issue was discovered on ARRIS TG852G, TG862G, and TG1672G devices. A remote attacker (in proximity to a Wi-Fi network) can derive the default WPA2-PSK value by observing a beacon frame.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-40039
CVE-2023-42470The Imou Life com.mm.android.smartlifeiot application through 6.8.0 for Android allows Remote Code Execution via a crafted intent to an exported component. This relates to the com.mm.android.easy4ip.MainActivity activity. JavaScript execution is enabled in the WebView, and direct web content loading occurs.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-42470
CVE-2023-42471The wave.ai.browser application through 1.0.35 for Android allows a remote attacker to execute arbitrary JavaScript code via a crafted intent. It contains a manifest entry that exports the wave.ai.browser.ui.splash.SplashScreen activity. This activity uses a WebView component to display web content and doesn't adequately validate or sanitize the URI or any extra data passed in the intent by a third party application (with no permissions).9.8https://nvd.nist.gov/vuln/detail/CVE-2023-42471
CVE-2023-36140In PHPJabbers Cleaning Business Software 1.0, there is no encryption on user passwords allowing an attacker to gain access to all user accounts.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-36140
CVE-2023-30058novel-plus 3.6.2 is vulnerable to SQL Injection.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-30058
CVE-2020-19319Buffer overflow vulnerability in DLINK 619L version B 2.06beta via the FILECODE parameter on login.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-19319
CVE-2020-19320Buffer overflow vulnerability in DLINK 619L version B 2.06beta via the curTime parameter on login.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-19320
CVE-2020-19559An issue in Diebold Aglis XFS for Opteva v.4.1.61.1 allows a remote attacker to execute arbitrary code via a crafted payload to the ResolveMethod() parameter.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-19559
CVE-2023-31067An issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permissions for Everyone on some directories under %PROGRAMFILES(X86)%\\TSplus\\Clients\\www.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-31067
CVE-2023-31068An issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permissions for Everyone on some directories under %PROGRAMFILES(X86)%\\TSplus\\UserDesktop\\themes.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-31068
CVE-2023-40150\n?The affected product does not perform an authentication check and performs some dangerous functionality, which could result in unauthenticated remote code execution.09.8https://nvd.nist.gov/vuln/detail/CVE-2023-40150
CVE-2023-40944Schoolmate 1.3 is vulnerable to SQL Injection in the variable $schoolname from Database at ~\\header.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-40944
CVE-2023-40945Sourcecodester Doctor Appointment System 1.0 is vulnerable to SQL Injection in the variable $userid at doctors\\myDetails.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-40945
CVE-2023-40946Schoolmate 1.3 is vulnerable to SQL Injection in the variable $username from SESSION in ValidateLogin.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-40946
CVE-2023-35681In eatt_l2cap_reconfig_completed of eatt_impl.h, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-35681
CVE-2023-4897Relative Path Traversal in GitHub repository mintplex-labs/anything-llm prior to 0.0.1.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-4897
CVE-2023-39069An issue in StrangeBee TheHive v.5.0.8, v.4.1.21 and Cortex v.3.1.6 allows a remote attacker to gain privileges via Active Directory authentication mechanism.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-39069
CVE-2023-40309SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong authorization checks for an authenticated user, resulting in escalation of privileges. Depending on the application and the level of privileges acquired, an attacker could abuse functionality restricted to a particular user group as well as read, modify or delete restricted data.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-40309
CVE-2023-39637D-Link DIR-816 A2 1.10 B05 was discovered to contain a command injection vulnerability via the component /goform/Diagnosis.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-39637
CVE-2023-39150ConEmu before commit 230724 does not sanitize title responses correctly for control characters, potentially leading to arbitrary code execution. This is related to an incomplete fix for CVE-2022-46387.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-39150
CVE-2023-2071\nRockwell Automation FactoryTalk View Machine Edition on the PanelView Plus, improperly verifies user’s input, which allows unauthenticated attacker to achieve remote code executed via crafted malicious packets.  The device has the functionality, through a CIP class, to execute exported functions from libraries.  There is a routine that restricts it to execute specific functions from two dynamic link library files.  By using a CIP class, an attacker can upload a self-made library to the device which allows the attacker to bypass the security check and execute any code written in the function.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-2071
CVE-2023-40834OpenCart v4.0.2.2 is vulnerable to Brute Force Attack.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-40834
CVE-2023-40784DedeCMS 5.7.102 has a File Upload vulnerability via uploads/dede/module_make.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-40784
CVE-2023-29332Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability9.8https://nvd.nist.gov/vuln/detail/CVE-2023-29332
CVE-2023-36758Visual Studio Elevation of Privilege Vulnerability9.8https://nvd.nist.gov/vuln/detail/CVE-2023-36758
CVE-2023-36765Microsoft Office Elevation of Privilege Vulnerability9.8https://nvd.nist.gov/vuln/detail/CVE-2023-36765
CVE-2023-4501User authentication with username and password credentials is ineffective in OpenText (Micro Focus) Visual COBOL, COBOL Server, Enterprise Developer, and Enterprise Server (including product variants such as Enterprise Test Server), versions 7.0 patch updates 19 and 20, 8.0 patch updates 8 and 9, and 9.0 patch update 1, when LDAP-based authentication is used with certain configurations. When the vulnerability is active, authentication succeeds with any valid username, regardless of whether the password is correct; it may also succeed with an invalid username (and any password). This allows an attacker with access to the product to impersonate any user.\n\nMitigations: The issue is corrected in the upcoming patch update for each affected product. Product overlays and workaround instructions are available through OpenText Support. The vulnerable configurations are believed to be uncommon.\n\nAdministrators can test for the vulnerability in their installations by attempting to sign on to a Visual COBOL or Enterprise Server component such as ESCWA using a valid username and incorrect password.\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-4501
CVE-2023-3710Improper Input Validation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Command Injection.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-3710
CVE-2023-41331SOFARPC is a Java RPC framework. Versions prior to 5.11.0 are vulnerable to remote command execution. Through a carefully\ncrafted payload, an attacker can achieve JNDI injection or system command execution. In the default configuration of the SOFARPC framework, a blacklist is used to filter out dangerous classes encountered during the deserialization process. However, the blacklist is not comprehensive, and an actor can exploit certain native JDK classes and common third-party packages to construct gadget chains capable of achieving JNDI injection or system command execution attacks. Version 5.11.0 contains a fix for this issue. As a workaround, users can add `-Drpc_serialize_blacklist_override=javax.sound.sampled.AudioFileFormat` to the blacklist.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-41331
CVE-2023-39073An issue in SNMP Web Pro v.1.1 allows a remote attacker to execute arbitrary code and obtain senstive information via a crafted request.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-39073
CVE-2023-3935A heap buffer overflow vulnerability in Wibu CodeMeter Runtime network service up to version 7.60b allows an unauthenticated, remote attacker to achieve RCE and gain full access of the host system.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-3935
CVE-2023-41892Craft CMS is a platform for creating digital experiences. This is a high-impact, low-complexity attack vector. Users running Craft installations before 4.4.15 are encouraged to update to at least that version to mitigate the issue. This issue has been fixed in Craft CMS 4.4.15.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-41892
CVE-2023-38204Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user interaction.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-38204
CVE-2023-30909A remote authentication bypass issue exists in some\nOneView APIs.\n\n\n\n\n\n\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-30909
CVE-2023-4832Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aceka Company Management allows SQL Injection.This issue affects Company Management: before 3072 .\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-4832
CVE-2023-41011Command Execution vulnerability in China Mobile Communications China Mobile Intelligent Home Gateway v.HG6543C4 allows a remote attacker to execute arbitrary code via the shortcut_telnet.cg component.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-41011
CVE-2023-4766Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Movus allows SQL Injection.This issue affects Movus: before 20230913.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-4766
CVE-2023-37755i-doit pro 25 and below and I-doit open 25 and below are configured with insecure default administrator credentials, and there is no warning or prompt to ask users to change the default password and account name. Unauthenticated attackers can exploit this vulnerability to obtain Administrator privileges, resulting in them being able to perform arbitrary system operations or cause a Denial of Service (DoS).9.8https://nvd.nist.gov/vuln/detail/CVE-2023-37755
CVE-2023-4702Authentication Bypass Using an Alternate Path or Channel vulnerability in Yepas Digital Yepas allows Authentication Bypass.This issue affects Digital Yepas: before 1.0.1.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-4702
CVE-2023-4972Improper Privilege Management vulnerability in Yepas Digital Yepas allows Collect Data as Provided by Users.This issue affects .\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-4972
CVE-2023-38912SQL injection vulnerability in Super Store Finder PHP Script v.3.6 allows a remote attacker to execute arbitrary code via a crafted payload to the username parameter.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-38912
CVE-2023-42405SQL injection vulnerability in FIT2CLOUD RackShift v1.7.1 allows attackers to execute arbitrary code via the `sort` parameter to taskService.list(), bareMetalService.list(), and switchService.list().9.8https://nvd.nist.gov/vuln/detail/CVE-2023-42405
CVE-2023-39639LeoTheme leoblog up to v3.1.2 was discovered to contain a SQL injection vulnerability via the component LeoBlogBlog::getListBlogs.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-39639
CVE-2023-39642Carts Guru cartsguru up to v2.4.2 was discovered to contain a SQL injection vulnerability via the component CartsGuruCatalogModuleFrontController::display().9.8https://nvd.nist.gov/vuln/detail/CVE-2023-39642
CVE-2023-36657An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Built-in features of Windows (desktop shortcuts, narrator) can be abused for privilege escalation.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-36657
CVE-2023-36659An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. Long inputs were not properly processed, which allows remote attackers to cause a denial of service (loss of communication).9.8https://nvd.nist.gov/vuln/detail/CVE-2023-36659
CVE-2023-4673Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sanalogy Turasistan allows SQL Injection.This issue affects Turasistan: before 20230911 .\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-4673
CVE-2023-4830Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tura Signalix allows SQL Injection.This issue affects Signalix: 7T_0228.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-4830
CVE-2023-4231Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cevik Informatics Online Payment System allows SQL Injection.This issue affects Online Payment System: before 4.09.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-4231
CVE-2023-4670Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Innosa Probbys allows SQL Injection.This issue affects Probbys: before 2.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-4670
CVE-2023-4831Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ncode Ncep allows SQL Injection.This issue affects Ncep: before 20230914 .\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-4831
CVE-2023-4661Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saphira Saphira Connect allows SQL Injection.This issue affects Saphira Connect: before 9.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-4661
CVE-2023-4833Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Besttem Network Marketing Software allows SQL Injection.This issue affects Network Marketing Software: before 1.0.2309.6.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-4833
CVE-2023-4835Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CF Software Oil Management Software allows SQL Injection.This issue affects Oil Management Software: before 20230912 .\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-4835
CVE-2023-5034A vulnerability classified as problematic was found in SourceCodester My Food Recipe 1.0. This vulnerability affects unknown code of the file index.php of the component Image Upload Handler. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-239878 is the identifier assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-5034
CVE-2023-42359SQL injection vulnerability in Exam Form Submission in PHP with Source Code v.1.0 allows a remote attacker to escalate privileges via the val-username parameter in /index.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-42359
CVE-2023-33831A remote command execution (RCE) vulnerability in the /api/runscript endpoint of FUXA 1.1.13 allows attackers to execute arbitrary commands via a crafted POST request.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-33831
CVE-2022-28357NATS nats-server 2.2.0 through 2.7.4 allows directory traversal because of an unintended path to a management action from a management account.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-28357
CVE-2023-36735Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability9.6https://nvd.nist.gov/vuln/detail/CVE-2023-36735
CVE-2022-23481xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP).\nxrdp < v0.9.21 contain a Out of Bound Read in xrdp_caps_process_confirm_active() function. There are no known workarounds for this issue. Users are advised to upgrade.9.1https://nvd.nist.gov/vuln/detail/CVE-2022-23481
CVE-2022-23482xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP).\nxrdp < v0.9.21 contain a Out of Bound Read in xrdp_sec_process_mcs_data_CS_CORE() function. There are no known workarounds for this issue. Users are advised to upgrade.9.1https://nvd.nist.gov/vuln/detail/CVE-2022-23482
CVE-2022-23483xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP).\nxrdp < v0.9.21 contain a Out of Bound Read in libxrdp_send_to_channel() function. There are no known workarounds for this issue. Users are advised to upgrade.9.1https://nvd.nist.gov/vuln/detail/CVE-2022-23483
CVE-2022-23493xrdp is an open source project which provides a graphical login to remote machines using Microsoft Remote Desktop Protocol (RDP).\nxrdp < v0.9.21 contain a Out of Bound Read in xrdp_mm_trans_process_drdynvc_channel_close() function. There are no known workarounds for this issue. Users are advised to upgrade.9.1https://nvd.nist.gov/vuln/detail/CVE-2022-23493
CVE-2023-38426An issue was discovered in the Linux kernel before 6.3.4. ksmbd has an out-of-bounds read in smb2_find_context_vals when create_context's name_len is larger than the tag length.9.1https://nvd.nist.gov/vuln/detail/CVE-2023-38426
CVE-2023-41360An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c can read the initial byte of the ORF header in an ahead-of-stream situation.9.1https://nvd.nist.gov/vuln/detail/CVE-2023-41360
CVE-2023-20269A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct a brute force attack in an attempt to identify valid username and password combinations or an authenticated, remote attacker to establish a clientless SSL VPN session with an unauthorized user.\r\n\r This vulnerability is due to improper separation of authentication, authorization, and accounting (AAA) between the remote access VPN feature and the HTTPS management and site-to-site VPN features. An attacker could exploit this vulnerability by specifying a default connection profile/tunnel group while conducting a brute force attack or while establishing a clientless SSL VPN session using valid credentials. A successful exploit could allow the attacker to achieve one or both of the following:\r\n\r \r Identify valid credentials that could then be used to establish an unauthorized remote access VPN session.\r Establish a clientless SSL VPN session (only when running Cisco ASA Software Release 9.16 or earlier).\r \r Notes:\r\n\r \r Establishing a client-based remote access VPN tunnel is not possible as these default connection profiles/tunnel groups do not and cannot have an IP address pool configured.\r This vulnerability does not allow an attacker to bypass authentication. To successfully establish a remote access VPN session, valid credentials are required, including a valid second factor if multi-factor authentication (MFA) is configured.\r \r Cisco will release software updates that address this vulnerability. There are workarounds that address this vulnerability.9.1https://nvd.nist.gov/vuln/detail/CVE-2023-20269
CVE-2023-41256\nDover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 are vulnerable to authentication bypass that could allow an unauthorized attacker to obtain user access.\n\n9.1https://nvd.nist.gov/vuln/detail/CVE-2023-41256

OTHER VULNERABILITIES
CVE NumberDescriptionBase ScoreReference
CVE-2017-18376An improper authorization check in the User API in TheHive before 2.13.4 and 3.x before 3.3.1 allows users with read-only or read/write access to escalate their privileges to the administrator's privileges. This affects app/controllers/UserCtrl.scala.8.8https://nvd.nist.gov/vuln/detail/CVE-2017-18376
CVE-2019-20393A double-free is present in libyang before v1.0-r1 in the function yyparse() when an empty description is used. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-20393
CVE-2019-20394A double-free is present in libyang before v1.0-r3 in the function yyparse() when a type statement in used in a notification statement. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-20394
CVE-2019-20397A double-free is present in libyang before v1.0-r1 in the function yyparse() when an organization field is not terminated. Applications that use libyang to parse untrusted input yang files may be vulnerable to this flaw, which would cause a crash or potentially code execution.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-20397
CVE-2020-10673FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).8.8https://nvd.nist.gov/vuln/detail/CVE-2020-10673
CVE-2020-11978An issue was found in Apache Airflow versions 1.10.10 and below. A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow which would allow any authenticated user to run arbitrary commands as the user running airflow worker/scheduler (depending on the executor in use). If you already have examples disabled by setting load_examples=False in the config then you are not vulnerable.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-11978
CVE-2021-29108There is an privilege escalation vulnerability in organization-specific logins in Esri Portal for ArcGIS versions 10.9 and below that may allow a remote, authenticated attacker who is able to intercept and modify a SAML assertion to impersonate another account (XML Signature Wrapping Attack). In addition patching, Esri also strongly recommends as best practice for SAML assertions to be signed and encrypted.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-29108
CVE-2020-25718A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC (read-only domain controller). This would allow an RODC to print administrator tickets.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-25718
CVE-2020-25722Multiple flaws were found in the way samba AD DC implemented access and conformance checking of stored data. An attacker could use this flaw to cause total domain compromise.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-25722
CVE-2021-44142The Samba vfs_fruit module uses extended file attributes (EA, xattr) to provide "...enhanced compatibility with Apple SMB clients and interoperability with a Netatalk 3 AFP fileserver." Samba versions prior to 4.13.17, 4.14.12 and 4.15.5 with vfs_fruit configured allow out-of-bounds heap read and write via specially crafted extended file attributes. A remote attacker with write access to extended file attributes can execute arbitrary code with the privileges of smbd, typically root.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-44142
CVE-2021-3738In DCE/RPC it is possible to share the handles (cookies for resource state) between multiple connections via a mechanism called 'association groups'. These handles can reference connections to our sam.ldb database. However while the database was correctly shared, the user credentials state was only pointed at, and when one connection within that association group ended, the database would be left pointing at an invalid 'struct session_info'. The most likely outcome here is a crash, but it is possible that the use-after-free could instead allow different user state to be pointed at and this might allow more privileged access.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-3738
CVE-2020-25721Kerberos acceptors need easy access to stable AD identifiers (eg objectSid). Samba as an AD DC now provides a way for Linux applications to obtain a reliable SID (and samAccountName) in issued tickets.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-25721
CVE-2022-2031A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tickets to other services.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-2031
CVE-2022-32744A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change other users' passwords, enabling full domain takeover.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-32744
CVE-2022-0336The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification re-adds an SPN that was previously present on that account, such as one added when a computer is joined to a domain. An attacker who has the ability to write to an account can exploit this to perform a denial-of-service attack by adding an SPN that matches an existing service. Additionally, an attacker who can intercept traffic can impersonate existing services, resulting in a loss of confidentiality and integrity.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-0336
CVE-2022-42928Certain types of allocations were missing annotations that, if the Garbage Collector was in a specific state, could have lead to memory corruption and a potentially exploitable crash. This vulnerability affects Firefox < 106, Firefox ESR < 102.4, and Thunderbird < 102.4.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-42928
CVE-2022-42932Mozilla developers Ashley Hale and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 105 and Firefox ESR 102.3. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 106, Firefox ESR < 102.4, and Thunderbird < 102.4.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-42932
CVE-2022-46881An optimization in WebGL was incorrect in some cases, and could have led to memory corruption and a potentially exploitable crash.\n*Note*: This advisory was added on December 13th, 2022 after we better understood the impact of the issue. The fix was included in the original release of Firefox 106. This vulnerability affects Firefox < 106, Firefox ESR < 102.6, and Thunderbird < 102.6.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-46881
CVE-2022-42898PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."8.8https://nvd.nist.gov/vuln/detail/CVE-2022-42898
CVE-2023-1607A vulnerability was found in novel-plus 3.6.2. It has been classified as critical. This affects an unknown part of the file /common/sysFile/list. The manipulation of the argument sort leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-223737 was assigned to this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-1607
CVE-2023-2039A vulnerability was found in novel-plus 3.6.2. It has been rated as critical. This issue affects some unknown processing of the file /author/list?limit=10&offset=0&order=desc. The manipulation of the argument sort leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225917 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-2039
CVE-2023-2040A vulnerability classified as critical has been found in novel-plus 3.6.2. Affected is an unknown function of the file /news/list?limit=10&offset=0&order=desc. The manipulation of the argument sort leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225918 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-2040
CVE-2023-2041A vulnerability classified as critical was found in novel-plus 3.6.2. Affected by this vulnerability is an unknown functionality of the file /category/list?limit=10&offset=0&order=desc. The manipulation of the argument sort leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225919. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-2041
CVE-2023-33876A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15332 handles destroying annotations. Specially crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-33876
CVE-2023-3807A vulnerability has been found in Campcodes Beauty Salon Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file edit_product.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-235075.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-3807
CVE-2023-36255An issue in Eramba Limited Eramba Enterprise and Community edition v.3.19.1 allows a remote attacker to execute arbitrary code via the path parameter in the URL.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-36255
CVE-2023-39417IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-39417
CVE-2023-32004A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of Buffers in file system APIs causing a traversal path to bypass when verifying file permissions.\n\nThis vulnerability affects all users using the experimental permission model in Node.js 20.\n\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-32004
CVE-2023-32006The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.\n\nThis vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x.\n\nPlease note that at the time this CVE was issued, the policy is an experimental feature of Node.js.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-32006
CVE-2023-4352Type confusion in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-4352
CVE-2023-39975kdc/do_tgs_req.c in MIT Kerberos 5 (aka krb5) 1.21 before 1.21.2 has a double free that is reachable if an authenticated user can trigger an authorization-data handling failure. Incorrect data is copied from one ticket to another.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-39975
CVE-2023-30079A stack overflow vulnerability exists in function read_file in atlibeconf/lib/getfilecontents.c in libeconf 0.5.1 allows attackers to cause a Denial of service or execute arbitrary code.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-30079
CVE-2023-4429Use after free in Loader in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-4429
CVE-2023-4430Use after free in Vulkan in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-4430
CVE-2023-4572Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-4572
CVE-2023-4762Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-4762
CVE-2023-4763Use after free in Networks in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-4763
CVE-2023-4865A vulnerability has been found in SourceCodester Take-Note App 1.0 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-239350 is the identifier assigned to this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-4865
CVE-2023-4867A vulnerability was found in Xintian Smart Table Integrated Management System 5.6.9. It has been classified as critical. Affected is an unknown function of the file /SysManage/AddUpdateSites.aspx of the component Added Site Page. The manipulation of the argument TbxSiteName leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239352.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-4867
CVE-2023-4868A vulnerability was found in SourceCodester Contact Manager App 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file add.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239353 was assigned to this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-4868
CVE-2023-4869A vulnerability was found in SourceCodester Contact Manager App 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file update.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-239354 is the identifier assigned to this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-4869
CVE-2023-4816A vulnerability exists in the Equipment Tag Out authentication, when configured with Single Sign-On (SSO) with password validation in T214. This vulnerability can be exploited by an authenticated user per-forming an Equipment Tag Out holder action (Accept, Release, and Clear) for another user and entering an arbitrary password in the holder action confirmation dialog box. Despite entering an arbitrary password in the confirmation box, the system will execute the selected holder action.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-4816
CVE-2023-4582Due to large allocation checks in Angle for glsl shaders being too lenient a buffer overflow could have occured when allocating too much private shader memory on mac OS. \n*This bug only affects Firefox on macOS. Other operating systems are unaffected.* This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-4582
CVE-2023-4584Memory safety bugs present in Firefox 116, Firefox ESR 102.14, Firefox ESR 115.1, Thunderbird 102.14, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-4584
CVE-2023-4585Memory safety bugs present in Firefox 116, Firefox ESR 115.1, and Thunderbird 115.1. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-4585
CVE-2023-3612Govee Home app has unprotected access to WebView component which can be opened by any app on the device. By sending an URL to a specially crafted site, the attacker can execute JavaScript in context of WebView or steal sensitive user data by displaying phishing content.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-3612
CVE-2020-19318Buffer Overflow vulnerability in D-Link DIR-605L, hardware version AX, firmware version 1.17beta and below, allows authorized attackers execute arbitrary code via sending crafted data to the webserver service program.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-19318
CVE-2023-38829An issue in NETIS SYSTEMS WF2409E v.3.6.42541 allows a remote attacker to execute arbitrary code via the ping and traceroute functions of the diagnostic tools component in the admin management interface.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-38829
CVE-2023-39780ASUS RT-AX55 v3.0.0.4.386.51598 was discovered to contain an authenticated command injection vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-39780
CVE-2023-36497Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 \n\ncould allow a guest user to elevate to admin privileges.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-36497
CVE-2022-1415A flaw was found where some utility classes in Drools core did not use proper safeguards when deserializing data. This flaw allows an authenticated attacker to construct malicious serialized objects (usually called gadgets) and achieve code execution on the server.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-1415
CVE-2023-35658In gatt_process_prep_write_rsp of gatt_cl.cc, there is a possible privilege escalation due to a use after free. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-35658
CVE-2023-35673In build_read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-35673
CVE-2023-35684In avdt_msg_asmbl of avdt_msg.cc, there is a possible out of bounds write due to an integer overflow. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-35684
CVE-2023-4899SQL Injection in GitHub repository mintplex-labs/anything-llm prior to 0.0.1.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-4899
CVE-2022-48475Buffer Overflow vulnerability in Control de Ciber version 1.650, in the printing function. Sending a modified request by the attacker could cause a Buffer Overflow when the adminitrator tries to accept or delete the print query created by the request.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-48475
CVE-2023-37878Insecure default permissions in Wing FTP Server (Admin Web Client) allows for privilege escalation.This issue affects Wing FTP Server: <= 7.2.0.\n\n8.8https://nvd.nist.gov/vuln/detail/CVE-2023-37878
CVE-2023-37881Weak access control in Wing FTP Server (Admin Web Client) allows for privilege escalation.This issue affects Wing FTP Server: <= 7.2.0.\n\n8.8https://nvd.nist.gov/vuln/detail/CVE-2023-37881
CVE-2023-40726A vulnerability has been identified in QMS Automotive (All versions < V12.39). The affected application server responds with sensitive information about the server. This could allow an attacker to directly access the database.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-40726
CVE-2023-40730A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application lacks sufficient authorization checks. This could allow an attacker to access confidential information, perform administrative functions, or lead to a denial-of-service condition.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-40730
CVE-2023-40731A vulnerability has been identified in QMS Automotive (All versions < V12.39). The affected application allows users to upload arbitrary file types. This could allow an attacker to upload malicious files, that could potentially lead to code tampering.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-40731
CVE-2023-4759Arbitrary File Overwrite in Eclipse JGit <= 6.6.0\n\nIn Eclipse JGit, all versions <= 6.6.0.202305301015-r, a symbolic link present in a specially crafted git repository can be used to write a file to locations outside the working tree when this repository is cloned with JGit to a case-insensitive filesystem, or when a checkout from a clone of such a repository is performed on a case-insensitive filesystem.\n\nThis can happen on checkout (DirCacheCheckout), merge (ResolveMerger via its WorkingTreeUpdater), pull (PullCommand using merge), and when applying a patch (PatchApplier). This can be exploited for remote code execution (RCE), for instance if the file written outside the working tree is a git filter that gets executed on a subsequent git command.\n\nThe issue occurs only on case-insensitive filesystems, like the default filesystems on Windows and macOS. The user performing the clone or checkout must have the rights to create symbolic links for the problem to occur, and symbolic links must be enabled in the git configuration.\n\nSetting git configuration option core.symlinks = false before checking out avoids the problem.\n\nThe issue was fixed in Eclipse JGit version 6.6.1.202309021850-r and 6.7.0.202309050840-r, available via Maven Central https://repo1.maven.org/maven2/org/eclipse/jgit/  and repo.eclipse.org https://repo.eclipse.org/content/repositories/jgit-releases/ .\n\n\nThe JGit maintainers would like to thank RyotaK for finding and reporting this issue.\n\n\n\n8.8https://nvd.nist.gov/vuln/detail/CVE-2023-4759
CVE-2023-4863Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-4863
CVE-2023-33136Azure DevOps Server Remote Code Execution Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2023-33136
CVE-2023-36764Microsoft SharePoint Server Elevation of Privilege Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2023-36764
CVE-2023-38146Windows Themes Remote Code Execution Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2023-38146
CVE-2023-38147Windows Miracast Wireless Display Remote Code Execution Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2023-38147
CVE-2023-38148Internet Connection Sharing (ICS) Remote Code Execution Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2023-38148
CVE-2023-3711Session Fixation vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Session Credential Falsification through Prediction.This issue affects PM43 versions prior to P10.19.050004. Update to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).\n\n8.8https://nvd.nist.gov/vuln/detail/CVE-2023-3711
CVE-2023-4918A flaw was found in the Keycloak package, more specifically org.keycloak.userprofile. When a user registers itself through registration flow, the "password" and "password-confirm" field from the form will occur as regular user attributes. All users and clients with proper rights and roles are able to read users attributes, allowing a malicious user with minimal access to retrieve the users passwords in clear text, jeopardizing their environment.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-4918
CVE-2023-4153The BAN Users plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.5.3 due to a missing capability check on the 'w3dev_save_ban_user_settings_callback' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify the plugin settings to access the ban and unban functionality and set the role of the unbanned user.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-4153
CVE-2023-4213The Simplr Registration Form Plus+ plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.4.5. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for authenticated attackers with subscriber-level permissions or above to change user passwords and potentially take over administrator accounts.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-4213
CVE-2023-4916The Login with phone number plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.8. This is due to missing nonce validation on the 'lwp_update_password_action' function. This makes it possible for unauthenticated attackers to change user password via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-4916
CVE-2022-35849An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiADC 7.1.0 through 7.1.1, 7.0.0 through 7.0.3, 6.2.0 through 6.2.5 and 6.1.0 all versions may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-35849
CVE-2023-34984A protection mechanism failure in Fortinet FortiWeb 7.2.0 through 7.2.1, 7.0.0 through 7.0.6, 6.4.0 through 6.4.3, 6.3.6 through 6.3.23 allows attacker to execute unauthorized code or commands via specially crafted HTTP requests.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-34984
CVE-2023-36634An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions may allow an authenticated attacker to list and delete arbitrary files and directory via specially crafted command arguments.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-36634
CVE-2023-42180An arbitrary file upload vulnerability in the /user/upload component of lenosp 1.0-1.2.0 allows attackers to execute html code via a crafted JPG file.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-42180
CVE-2023-40868Cross Site Request Forgery vulnerability in mooSocial MooSocial Software v.Demo allows a remote attacker to execute arbitrary code via the Delete Account and Deactivate functions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-40868
CVE-2023-40955A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management (aka pdm) v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute arbitrary code via the select parameter in models/base_client.py component.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-40955
CVE-2023-40956A SQL injection vulnerability in Cloudroits Website Job Search v.15.0 allows a remote authenticated attacker to execute arbitrary code via the name parameter in controllers/main.py component.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-40956
CVE-2023-40957A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management (aka pdm) v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute arbitrary code via the request parameter in models/base_client.py component.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-40957
CVE-2023-40958A SQL injection vulnerability in Didotech srl Engineering & Lifecycle Management (aka pdm) v.14.0, v.15.0 and v.16.0 fixed in pdm-14.0.1.0.0, pdm-15.0.1.0.0, and pdm-16.0.1.0.0 allows a remote authenticated attacker to execute arbitrary code via the query parameter in models/base_client.py component.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-40958
CVE-2023-4665Incorrect Execution-Assigned Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation.This issue affects Saphira Connect: before 9.\n\n8.8https://nvd.nist.gov/vuln/detail/CVE-2023-4665
CVE-2023-41349\nASUS router RT-AX88U has a vulnerability of using externally controllable format strings within its Advanced Open VPN function. An authenticated remote attacker can exploit the exported OpenVPN configuration to execute an externally-controlled format string attack, resulting in sensitivity information leakage, or forcing the device to reset and permanent denial of service.\n\n8.8https://nvd.nist.gov/vuln/detail/CVE-2023-41349
CVE-2023-5036Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.15.1.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-5036
CVE-2023-28840Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby, is commonly referred to as *Docker*.\n\nSwarm Mode, which is compiled in and delivered by default in dockerd and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of SwarmKit and supporting network code.\n\nThe overlay network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of VXLAN, which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes.\n\nEncrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the IPsec Encapsulating Security Payload protocol in Transport mode. By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption.\n\nWhen setting an endpoint up on an encrypted overlay network, Moby installs three iptables (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the u32 iptables extension provided by the xt_u32 kernel module to directly filter on a VXLAN packet's VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN.\n\nTwo iptables rules serve to filter incoming VXLAN datagrams with a VNI that corresponds to an encrypted network and discards unencrypted datagrams. The rules are appended to the end of the INPUT filter chain, following any rules that have been previously set by the system administrator. Administrator-set rules take precedence over the rules Moby sets to discard unencrypted VXLAN datagrams, which can potentially admit unencrypted datagrams that should have been discarded.\n\nThe injection of arbitrary Ethernet frames can enable a Denial of Service attack. A sophisticated attacker may be able to establish a UDP or TCP connection by way of the container’s outbound gateway that would otherwise be blocked by a stateful firewall, or carry out other escalations beyond simple injection by smuggling packets into the overlay network.\n\nPatches are available in Moby releases 23.0.3 and 20.10.24. As Mirantis Container Runtime's 20.10 releases are numbered differently, users of that platform should update to 20.10.16.\n\nSome workarounds are available. Close the VXLAN port (by default, UDP port 4789) to incoming traffic at the Internet boundary to prevent all VXLAN packet injection, and/or ensure that the `xt_u32` kernel module is available on all nodes of the Swarm cluster.8.7https://nvd.nist.gov/vuln/detail/CVE-2023-28840
CVE-2023-20243A vulnerability in the RADIUS message processing feature of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to cause the affected system to stop processing RADIUS packets.\r\n\r This vulnerability is due to improper handling of certain RADIUS accounting requests. An attacker could exploit this vulnerability by sending a crafted authentication request to a network access device (NAD) that uses Cisco ISE for authentication, authorization, and accounting (AAA). This would eventually result in the NAD sending a RADIUS accounting request packet to Cisco ISE. An attacker could also exploit this vulnerability by sending a crafted RADIUS accounting request packet to Cisco ISE directly if the RADIUS shared secret is known. A successful exploit could allow the attacker to cause the RADIUS process to unexpectedly restart, resulting in authentication or authorization timeouts and denying legitimate users access to the network or service. Clients already authenticated to the network would not be affected.\r\n\r Note: To recover the ability to process RADIUS packets, a manual restart of the affected Policy Service Node (PSN) may be required. For more information, see the Details ["#details"] section of this advisory.8.6https://nvd.nist.gov/vuln/detail/CVE-2023-20243
CVE-2023-4576On Windows, an integer overflow could occur in `RecordedSourceSurfaceCreation` which resulted in a heap buffer overflow potentially leaking sensitive data that could have led to a sandbox escape.\n*This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.8.6https://nvd.nist.gov/vuln/detail/CVE-2023-4576
CVE-2023-2680This CVE exists because of an incomplete fix for CVE-2021-3750. More specifically, the qemu-kvm package as released for Red Hat Enterprise Linux 9.1 via RHSA-2022:7967 included a version of qemu-kvm that was actually missing the fix for CVE-2021-3750.8.2https://nvd.nist.gov/vuln/detail/CVE-2023-2680
CVE-2023-38557A vulnerability has been identified in Spectrum Power 7 (All versions < V23Q3). The affected product assigns improper access rights to the update script. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges.8.2https://nvd.nist.gov/vuln/detail/CVE-2023-38557
CVE-2018-5968FasterXML jackson-databind through 2.8.11 and 2.9.x through 2.9.3 allows unauthenticated remote code execution because of an incomplete fix for the CVE-2017-7525 and CVE-2017-17485 deserialization flaws. This is exploitable via two different gadgets that bypass a blacklist.8.1https://nvd.nist.gov/vuln/detail/CVE-2018-5968
CVE-2020-24616FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).8.1https://nvd.nist.gov/vuln/detail/CVE-2020-24616
CVE-2020-24750FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.8.1https://nvd.nist.gov/vuln/detail/CVE-2020-24750
CVE-2020-36181FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.cpdsadapter.DriverAdapterCPDS.8.1https://nvd.nist.gov/vuln/detail/CVE-2020-36181
CVE-2020-36184FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.PerUserPoolDataSource.8.1https://nvd.nist.gov/vuln/detail/CVE-2020-36184
CVE-2020-36185FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.datasources.SharedPoolDataSource.8.1https://nvd.nist.gov/vuln/detail/CVE-2020-36185
CVE-2020-36186FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.PerUserPoolDataSource.8.1https://nvd.nist.gov/vuln/detail/CVE-2020-36186
CVE-2020-36187FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp.datasources.SharedPoolDataSource.8.1https://nvd.nist.gov/vuln/detail/CVE-2020-36187
CVE-2020-36188FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.JNDIConnectionSource.8.1https://nvd.nist.gov/vuln/detail/CVE-2020-36188
CVE-2020-36189FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.8.1https://nvd.nist.gov/vuln/detail/CVE-2020-36189
CVE-2020-36179FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.commons.dbcp.cpdsadapter.DriverAdapterCPDS.8.1https://nvd.nist.gov/vuln/detail/CVE-2020-36179
CVE-2020-36180FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.cpdsadapter.DriverAdapterCPDS.8.1https://nvd.nist.gov/vuln/detail/CVE-2020-36180
CVE-2020-36182FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.tomcat.dbcp.dbcp2.cpdsadapter.DriverAdapterCPDS.8.1https://nvd.nist.gov/vuln/detail/CVE-2020-36182
CVE-2020-36183FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.docx4j.org.apache.xalan.lib.sql.JNDIConnectionPool.8.1https://nvd.nist.gov/vuln/detail/CVE-2020-36183
CVE-2021-20190A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.8.1https://nvd.nist.gov/vuln/detail/CVE-2021-20190
CVE-2020-25717A flaw was found in the way Samba maps domain users to local users. An authenticated attacker could use this flaw to cause possible privilege escalation.8.1https://nvd.nist.gov/vuln/detail/CVE-2020-25717
CVE-2022-32745A flaw was found in Samba. Samba AD users can cause the server to access uninitialized data with an LDAP add or modify the request, usually resulting in a segmentation fault.8.1https://nvd.nist.gov/vuln/detail/CVE-2022-32745
CVE-2022-37966Windows Kerberos RC4-HMAC Elevation of Privilege Vulnerability8.1https://nvd.nist.gov/vuln/detail/CVE-2022-37966
CVE-2022-38023Netlogon RPC Elevation of Privilege Vulnerability8.1https://nvd.nist.gov/vuln/detail/CVE-2022-38023
CVE-2022-42927A same-origin policy violation could have allowed the theft of cross-origin URL entries, leaking the result of a redirect, via `performance.getEntries()`. This vulnerability affects Firefox < 106, Firefox ESR < 102.4, and Thunderbird < 102.4.8.1https://nvd.nist.gov/vuln/detail/CVE-2022-42927
CVE-2023-26067Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 1 of 4).8.1https://nvd.nist.gov/vuln/detail/CVE-2023-26067
CVE-2023-32257A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_SESSION_SETUP and SMB2_LOGOFF commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel.8.1https://nvd.nist.gov/vuln/detail/CVE-2023-32257
CVE-2023-32258A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the processing of SMB2_LOGOFF and SMB2_CLOSE commands. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to execute code in the context of the kernel.8.1https://nvd.nist.gov/vuln/detail/CVE-2023-32258
CVE-2023-4427Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)8.1https://nvd.nist.gov/vuln/detail/CVE-2023-4427
CVE-2023-4428Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)8.1https://nvd.nist.gov/vuln/detail/CVE-2023-4428
CVE-2023-4431Out of bounds memory access in Fonts in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)8.1https://nvd.nist.gov/vuln/detail/CVE-2023-4431
CVE-2023-4761Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5845.179 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)8.1https://nvd.nist.gov/vuln/detail/CVE-2023-4761
CVE-2023-41915OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0.8.1https://nvd.nist.gov/vuln/detail/CVE-2023-41915
CVE-2022-23382Shenzhen Hichip Vision Technology IP Camera Firmware V11.4.8.1.1-20170926 has a denial of service vulnerability through sending a crafted multicast message in a local network.8.1https://nvd.nist.gov/vuln/detail/CVE-2022-23382
CVE-2023-38155Azure DevOps Server Remote Code Execution Vulnerability8.1https://nvd.nist.gov/vuln/detail/CVE-2023-38155
CVE-2023-36744Microsoft Exchange Server Remote Code Execution Vulnerability8https://nvd.nist.gov/vuln/detail/CVE-2023-36744
CVE-2023-36745Microsoft Exchange Server Remote Code Execution Vulnerability8https://nvd.nist.gov/vuln/detail/CVE-2023-36745
CVE-2023-36756Microsoft Exchange Server Remote Code Execution Vulnerability8https://nvd.nist.gov/vuln/detail/CVE-2023-36756
CVE-2023-36757Microsoft Exchange Server Spoofing Vulnerability8https://nvd.nist.gov/vuln/detail/CVE-2023-36757
CVE-2023-4987A vulnerability, which was classified as critical, has been found in infinitietech taskhub 2.8.7. Affected by this issue is some unknown functionality of the file /home/get_tasks_list of the component GET Parameter Handler. The manipulation of the argument project/status/user_id/sort/search leads to sql injection. VDB-239798 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.8https://nvd.nist.gov/vuln/detail/CVE-2023-4987
CVE-2020-12762json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-12762
CVE-2022-31216Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a "repair" operation on the product.\n\n7.8https://nvd.nist.gov/vuln/detail/CVE-2022-31216
CVE-2022-31217Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a "repair" operation on the product.\n\n7.8https://nvd.nist.gov/vuln/detail/CVE-2022-31217
CVE-2022-31218Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a "repair" operation on the product.\n\n7.8https://nvd.nist.gov/vuln/detail/CVE-2022-31218
CVE-2022-31219Vulnerabilities in the Drive Composer allow a low privileged attacker to create and write to a file anywhere on the file system as SYSTEM with arbitrary content as long as the file does not already exist. The Drive Composer installer file allows a low-privileged user to run a "repair" operation on the product.\n\n7.8https://nvd.nist.gov/vuln/detail/CVE-2022-31219
CVE-2022-4510\nA path traversal vulnerability was identified in ReFirm Labs binwalk from version 2.1.2b through 2.3.3 included. By crafting a malicious PFS filesystem file, an attacker can get binwalk's PFS extractor to extract files at arbitrary locations when binwalk is run in extraction mode (-e option). Remote code execution can be achieved by building a PFS filesystem that, upon extraction, would extract a malicious binwalk module into the folder .config/binwalk/plugins.\n This vulnerability is associated with program files src/binwalk/plugins/unpfs.py.\n\nThis issue affects binwalk from 2.1.2b through 2.3.3 included.\n\n7.8https://nvd.nist.gov/vuln/detail/CVE-2022-4510
CVE-2023-25173containerd is an open source container runtime. A bug was found in containerd prior to versions 1.6.18 and 1.5.18 where supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. Downstream applications that use the containerd client library may be affected as well.\n\nThis bug has been fixed in containerd v1.6.18 and v.1.5.18. Users should update to these versions and recreate containers to resolve this issue. Users who rely on a downstream application that uses containerd's client library should check that application for a separate advisory and instructions. As a workaround, ensure that the `"USER $USERNAME"` Dockerfile instruction is not used. Instead, set the container entrypoint to a value similar to `ENTRYPOINT ["su", "-", "user"]` to allow `su` to properly set up supplementary groups.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-25173
CVE-2023-28252Windows Common Log File System Driver Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-28252
CVE-2023-31284illumos illumos-gate before 676abcb has a stack buffer overflow in /dev/net, leading to privilege escalation via a stat on a long file name in /dev/net.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-31284
CVE-2023-33551Heap Buffer Overflow in the erofsfsck_dirent_iter function in fsck/main.c in erofs-utils v1.6 allows remote attackers to execute arbitrary code via a crafted erofs filesystem image.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-33551
CVE-2023-33552Heap Buffer Overflow in the erofs_read_one_data function at data.c in erofs-utils v1.6 allows remote attackers to execute arbitrary code via a crafted erofs filesystem image.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-33552
CVE-2023-36664Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix).7.8https://nvd.nist.gov/vuln/detail/CVE-2023-36664
CVE-2023-32664A type confusion vulnerability exists in the Javascript checkThisBox method as implemented in Foxit Reader 12.1.2.15332. Specially crafted Javascript code inside a malicious PDF document can cause memory corruption and lead to remote code execution. User would need to open a malicious file to trigger the vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-32664
CVE-2023-4004A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-4004
CVE-2023-38229Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-38229
CVE-2023-4128A use-after-free flaw was found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel. This flaw allows a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-4128
CVE-2020-21426Buffer Overflow vulnerability in function C_IStream::read in PluginEXR.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-21426
CVE-2020-21427Buffer Overflow vulnerability in function LoadPixelDataRLE8 in PluginBMP.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-21427
CVE-2020-21428Buffer Overflow vulnerability in function LoadRGB in PluginDDS.cpp in FreeImage 3.18.0 allows remote attackers to run arbitrary code and cause other impacts via crafted image file.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-21428
CVE-2020-22219Buffer Overflow vulnerability in function bitwriter_grow_ in flac before 1.4.0 allows remote attackers to run arbitrary code via crafted input to the encoder.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-22219
CVE-2023-4733Use After Free in GitHub repository vim/vim prior to 9.0.1840.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-4733
CVE-2023-4750Use After Free in GitHub repository vim/vim prior to 9.0.1857.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-4750
CVE-2023-4752Use After Free in GitHub repository vim/vim prior to 9.0.1858.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-4752
CVE-2023-20898Git Providers can read from the wrong environment because they get the same cache directory base name in Salt masters prior to 3005.2 or 3006.2. Anything that uses Git Providers with different environments can get garbage data or the wrong data, which can lead to wrongful data disclosure, wrongful executions, data corruption and/or crash.\n7.8https://nvd.nist.gov/vuln/detail/CVE-2023-20898
CVE-2021-43027Adobe After Effects versions 22.0 (and earlier) and 18.4.2 (and earlier) are affected by an out-of-bounds read vulnerability which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-43027
CVE-2021-43753Adobe Lightroom versions 4.4 (and earlier) are affected by a use-after-free vulnerability in the processing of parsing TIF files that could result in privilege escalation. Exploitation of this issue requires user interaction in that a victim must open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-43753
CVE-2023-41064A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.6.9, macOS Big Sur 11.7.10, macOS Ventura 13.5.2, iOS 16.6.1 and iPadOS 16.6.1, iOS 15.7.9 and iPadOS 15.7.9. Processing a maliciously crafted image may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-41064
CVE-2023-4807Issue summary: The POLY1305 MAC (message authentication code) implementation\ncontains a bug that might corrupt the internal state of applications on the\nWindows 64 platform when running on newer X86_64 processors supporting the\nAVX512-IFMA instructions.\n\nImpact summary: If in an application that uses the OpenSSL library an attacker\ncan influence whether the POLY1305 MAC algorithm is used, the application\nstate might be corrupted with various application dependent consequences.\n\nThe POLY1305 MAC (message authentication code) implementation in OpenSSL does\nnot save the contents of non-volatile XMM registers on Windows 64 platform\nwhen calculating the MAC of data larger than 64 bytes. Before returning to\nthe caller all the XMM registers are set to zero rather than restoring their\nprevious content. The vulnerable code is used only on newer x86_64 processors\nsupporting the AVX512-IFMA instructions.\n\nThe consequences of this kind of internal application state corruption can\nbe various - from no consequences, if the calling application does not\ndepend on the contents of non-volatile XMM registers at all, to the worst\nconsequences, where the attacker could get complete control of the application\nprocess. However given the contents of the registers are just zeroized so\nthe attacker cannot put arbitrary values inside, the most likely consequence,\nif any, would be an incorrect result of some application dependent\ncalculations or a crash leading to a denial of service.\n\nThe POLY1305 MAC algorithm is most frequently used as part of the\nCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)\nalgorithm. The most common usage of this AEAD cipher is with TLS protocol\nversions 1.2 and 1.3 and a malicious client can influence whether this AEAD\ncipher is used by the server. This implies that server applications using\nOpenSSL can be potentially impacted. However we are currently not aware of\nany concrete application that would be affected by this issue therefore we\nconsider this a Low severity security issue.\n\nAs a workaround the AVX512-IFMA instructions support can be disabled at\nruntime by setting the environment variable OPENSSL_ia32cap:\n\n OPENSSL_ia32cap=:~0x200000\n\nThe FIPS provider is not affected by this issue.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-4807
CVE-2023-38736IBM QRadar WinCollect Agent 10.0 through 10.1.6, when installed to run as ADMIN or SYSTEM, is vulnerable to a local escalation of privilege attack that a normal user could utilize to gain SYSTEM permissions. IBM X-Force ID: 262542.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-38736
CVE-2019-16470Adobe Acrobat Reader versions 2019.021.20056 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2019-16470
CVE-2019-16471Adobe Acrobat Reader versions 2019.021.20056 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2019-16471
CVE-2022-28831Adobe InDesign versions 17.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-28831
CVE-2022-28832Adobe InDesign versions 17.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-28832
CVE-2022-28833Adobe InDesign versions 17.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-28833
CVE-2022-28834Adobe InCopy versions 17.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-28834
CVE-2022-28835Adobe InCopy versions 17.1 (and earlier) and 16.4.1 (and earlier) are affected by an Use-After-Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-28835
CVE-2022-28836Adobe InCopy versions 17.1 (and earlier) and 16.4.1 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-28836
CVE-2022-34224Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-34224
CVE-2022-34227Adobe Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 17.012.30229 (and earlier) are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-34227
CVE-2020-24088An issue was discovered in MmMapIoSpace routine in Foxconn Live Update Utility 2.1.6.26, allows local attackers to escalate privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2020-24088
CVE-2023-31468An issue was discovered in Inosoft VisiWin 7 through 2022-2.1 (Runtime RT7.3 RC3 20221209.5). The "%PROGRAMFILES(X86)%\\INOSOFT GmbH" folder has weak permissions for Everyone, allowing an attacker to insert a Trojan horse file that runs as SYSTEM.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-31468
CVE-2023-39063Buffer Overflow vulnerability in RaidenFTPD 2.4.4005 allows a local attacker to execute arbitrary code via the Server name field of the Step by step setup wizard.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-39063
CVE-2023-39070An issue in Cppcheck 2.12 dev allows a local attacker to execute arbitrary code via the removeContradiction parameter in token.cpp:1934.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-39070
CVE-2023-35665In multiple files, there is a possible way to import a contact from another user due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-35665
CVE-2023-35666In bta_av_rc_msg of bta_av_act.cc, there is a possible use after free due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-35666
CVE-2023-35667In updateList of NotificationAccessSettings.java, there is a possible way to hide approved notification listeners in the settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-35667
CVE-2023-35669In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to control other running activities due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-35669
CVE-2023-35670In computeValuesFromData of FileUtils.java, there is a possible way to insert files to other apps' external private directories due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-35670
CVE-2023-35674In onCreate of WindowState.java, there is a possible way to launch a background activity due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-35674
CVE-2023-35676In createQuickShareAction of SaveImageInBackgroundTask.java, there is a possible way to trigger a background activity launch due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-35676
CVE-2023-35682In hasPermissionForActivity of PackageManagerHelper.java, there is a possible way to start arbitrary components due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-35682
CVE-2023-35687In MtpPropertyValue of MtpProperty.h, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-35687
CVE-2023-41990The issue was addressed with improved handling of caches. This issue is fixed in macOS Ventura 13.2, iOS 15.7.8 and iPadOS 15.7.8, watchOS 9.3, tvOS 16.3, iOS 16.3 and iPadOS 16.3, macOS Big Sur 11.7.9, macOS Monterey 12.6.8. Processing a font file may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-41990
CVE-2023-25519\nNVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit contains a vulnerability where a restricted host may cause an incorrect user management error. A successful exploit of this vulnerability may lead to escalation of privileges.  \n\n7.8https://nvd.nist.gov/vuln/detail/CVE-2023-25519
CVE-2023-3039\nSD ROM Utility, versions prior to 1.0.2.0 contain an Improper Access Control vulnerability. A low-privileged malicious user may potentially exploit this vulnerability to perform arbitrary code execution with limited access.\n\n7.8https://nvd.nist.gov/vuln/detail/CVE-2023-3039
CVE-2023-38070A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1). The affected application is vulnerable to stack-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20818)7.8https://nvd.nist.gov/vuln/detail/CVE-2023-38070
CVE-2023-38071A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20824)7.8https://nvd.nist.gov/vuln/detail/CVE-2023-38071
CVE-2023-38072A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20825)7.8https://nvd.nist.gov/vuln/detail/CVE-2023-38072
CVE-2023-38073A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1). The affected application contains a type confusion vulnerability while parsing WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20826)7.8https://nvd.nist.gov/vuln/detail/CVE-2023-38073
CVE-2023-38074A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1). The affected application contains a type confusion vulnerability while parsing WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-20840)7.8https://nvd.nist.gov/vuln/detail/CVE-2023-38074
CVE-2023-38075A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1). The affected application contains a use-after-free vulnerability that could be triggered while parsing specially crafted WRL files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-20842)7.8https://nvd.nist.gov/vuln/detail/CVE-2023-38075
CVE-2023-38076A vulnerability has been identified in JT2Go (All versions < V14.3.0.1), Teamcenter Visualization V13.3 (All versions < V13.3.0.12), Teamcenter Visualization V14.0 (All versions), Teamcenter Visualization V14.1 (All versions < V14.1.0.11), Teamcenter Visualization V14.2 (All versions < V14.2.0.6), Teamcenter Visualization V14.3 (All versions < V14.3.0.1). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21041)7.8https://nvd.nist.gov/vuln/detail/CVE-2023-38076
CVE-2023-40727A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application uses weak outdated application signing mechanism. This could allow an attacker to tamper the application code.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-40727
CVE-2023-40728A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application stores sensitive application data in an external insecure storage. This could allow an attacker to alter content, leading to arbitrary code execution or denial-of-service condition.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-40728
CVE-2023-41032A vulnerability has been identified in Parasolid V34.1 (All versions < V34.1.258), Parasolid V35.0 (All versions < V35.0.253), Parasolid V35.1 (All versions < V35.1.184), Parasolid V36.0 (All versions < V36.0.142). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21263)7.8https://nvd.nist.gov/vuln/detail/CVE-2023-41032
CVE-2023-41033A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.260), Parasolid V35.1 (All versions < V35.1.246), Parasolid V36.0 (All versions < V36.0.156). The affected application contains an out of bounds write past the end of an allocated structure while parsing specially crafted X_T files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21266)7.8https://nvd.nist.gov/vuln/detail/CVE-2023-41033
CVE-2023-41846A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0002). The affected application is vulnerable to memory corruption while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-41846
CVE-2023-34470\nAMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper access control via the local network. A successful exploit of this vulnerability may lead to a loss of confidentiality, integrity and availability.\n\n7.8https://nvd.nist.gov/vuln/detail/CVE-2023-34470
CVE-2023-35355Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-35355
CVE-2023-367393D Viewer Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-36739
CVE-2023-367403D Viewer Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-36740
CVE-2023-36742Visual Studio Code Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-36742
CVE-2023-367603D Viewer Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-36760
CVE-2023-367703D Builder Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-36770
CVE-2023-367713D Builder Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-36771
CVE-2023-367723D Builder Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-36772
CVE-2023-367733D Builder Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-36773
CVE-2023-36788.NET Framework Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-36788
CVE-2023-36792Visual Studio Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-36792
CVE-2023-36793Visual Studio Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-36793
CVE-2023-36794Visual Studio Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-36794
CVE-2023-36796Visual Studio Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-36796
CVE-2023-36802Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-36802
CVE-2023-36804Windows GDI Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-36804
CVE-2023-38139Windows Kernel Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-38139
CVE-2023-38141Windows Kernel Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-38141
CVE-2023-38142Windows Kernel Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-38142
CVE-2023-38143Windows Common Log File System Driver Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-38143
CVE-2023-38144Windows Common Log File System Driver Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-38144
CVE-2023-38150Windows Kernel Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-38150
CVE-2023-38161Windows GDI Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-38161
CVE-2023-38163Windows Defender Attack Surface Reduction Security Feature Bypass7.8https://nvd.nist.gov/vuln/detail/CVE-2023-38163
CVE-2023-3712Files or Directories Accessible to External Parties vulnerability in Honeywell PM43 on 32 bit, ARM (Printer web page modules) allows Privilege Escalation.This issue affects PM43 versions prior to P10.19.050004. \n\nUpdate to the latest available firmware version of the respective printers to version MR19.5 (e.g. P10.19.050006).\n\n7.8https://nvd.nist.gov/vuln/detail/CVE-2023-3712
CVE-2023-4921A use-after-free vulnerability in the Linux kernel's net/sched: sch_qfq component can be exploited to achieve local privilege escalation.\n\nWhen the plug qdisc is used as a class of the qfq qdisc, sending network packets triggers use-after-free in qfq_dequeue() due to the incorrect .peek handler of sch_plug and lack of error checking in agg_dequeue().\n\nWe recommend upgrading past commit 8fc134fee27f2263988ae38920bc03da416b03d8.\n\n7.8https://nvd.nist.gov/vuln/detail/CVE-2023-4921
CVE-2023-26369Acrobat Reader versions 23.003.20284 (and earlier), 20.005.30516 (and earlier) and 20.005.30514 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-26369
CVE-2023-36642An improper neutralization of special elements used in an OS command vulnerability [CWE-78] in the management interface of FortiTester 3.0.0 through 7.2.3 may allow an authenticated attacker to execute unauthorized commands via specifically crafted arguments to existing commands.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-36642
CVE-2023-40717A use of hard-coded credentials vulnerability [CWE-798] in FortiTester 2.3.0 through 7.2.3 may allow an attacker who managed to get a shell on the device to access the database via shell commands.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-40717
CVE-2023-4701A Improper Privilege Management vulnerability through an incorrect use of privileged APIs in CodeMeter Runtime versions prior to 7.60c allow a local, low privileged attacker to use an API call for escalation of privileges in order gain full admin access on the host system.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-4701
CVE-2023-20236A vulnerability in the iPXE boot function of Cisco IOS XR software could allow an authenticated, local attacker to install an unverified software image on an affected device.\r\n\r This vulnerability is due to insufficient image verification. An attacker could exploit this vulnerability by manipulating the boot parameters for image verification during the iPXE boot process on an affected device. A successful exploit could allow the attacker to boot an unverified software image on the affected device.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-20236
CVE-2023-41267In the Apache Airflow HDFS Provider, versions prior to 4.1.1, a documentation info pointed users to an install incorrect pip package. As this package name was unclaimed, in theory, an attacker could claim this package and provide code that would be executed when this package was installed. The Airflow team has since taken ownership of the package (neutralizing the risk), and fixed the doc strings in version 4.1.1\n7.8https://nvd.nist.gov/vuln/detail/CVE-2023-41267
CVE-2023-36250CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to execute arbitrary code via crafted .tsv file when creating a new record.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-36250
CVE-2023-36658An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. It has an unquoted service path that can be abused locally.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-36658
CVE-2023-41050AccessControl provides a general security framework for use in Zope. Python's "format" functionality allows someone controlling the format string to "read" objects accessible (recursively) via attribute access and subscription from accessible objects. Those attribute accesses and subscriptions use Python's full blown `getattr` and `getitem`, not the policy restricted `AccessControl` variants `_getattr_` and `_getitem_`. This can lead to critical information disclosure. `AccessControl` already provides a safe variant for `str.format` and denies access to `string.Formatter`. However, `str.format_map` is still unsafe. Affected are all users who allow untrusted users to create `AccessControl` controlled Python code and execute it. A fix has been introduced in versions 4.4, 5.8 and 6.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.7.7https://nvd.nist.gov/vuln/detail/CVE-2023-41050
CVE-2016-4992389 Directory Server in Red Hat Enterprise Linux Desktop 6 through 7, Red Hat Enterprise Linux HPC Node 6 through 7, Red Hat Enterprise Linux Server 6 through 7, and Red Hat Enterprise Linux Workstation 6 through 7 allows remote attackers to infer the existence of RDN component objects.7.5https://nvd.nist.gov/vuln/detail/CVE-2016-4992
CVE-2017-1000381The c-ares function `ares_parse_naptr_reply()`, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way.7.5https://nvd.nist.gov/vuln/detail/CVE-2017-1000381
CVE-2018-12022An issue was discovered in FasterXML jackson-databind prior to 2.7.9.4, 2.8.11.2, and 2.9.6. When Default Typing is enabled (either globally or for a specific property), the service has the Jodd-db jar (for database access for the Jodd framework) in the classpath, and an attacker can provide an LDAP service to access, it is possible to make the service execute a malicious payload.7.5https://nvd.nist.gov/vuln/detail/CVE-2018-12022
CVE-2019-12086A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint, the service has the mysql-connector-java jar (8.0.14 or earlier) in the classpath, and an attacker can host a crafted MySQL server reachable by the victim, an attacker can send a crafted JSON message that allows them to read arbitrary local files on the server. This occurs because of missing com.mysql.cj.jdbc.admin.MiniAdmin validation.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-12086
CVE-2019-14439A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-14439
CVE-2021-23192A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request, and chose to fragment it, an attacker could replace later fragments with their own data, bypassing the signature requirements.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-23192
CVE-2022-28462novel-plus 3.6.0 suffers from an Arbitrary file reading vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-28462
CVE-2022-30333RARLAB UnRAR before 6.12 on Linux and UNIX allows directory traversal to write to files during an extract (aka unpack) operation, as demonstrated by creating a ~/.ssh/authorized_keys file. NOTE: WinRAR and Android RAR are unaffected.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-30333
CVE-2022-37237An attacker can send malicious RTMP requests to make the ZLMediaKit server crash remotely. Affected version is below commit 7d8b212a3c3368bc2f6507cb74664fc419eb9327.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-37237
CVE-2022-36671Novel-Plus v3.6.2 was discovered to contain an arbitrary file download vulnerability via the background file download API.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-36671
CVE-2022-32743Samba does not validate the Validated-DNS-Host-Name right for the dNSHostName attribute which could permit unprivileged users to write it.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-32743
CVE-2022-3725Crash in the OPUS protocol dissector in Wireshark 3.6.0 to 3.6.8 allows denial of service via packet injection or crafted capture file7.5https://nvd.nist.gov/vuln/detail/CVE-2022-3725
CVE-2022-45061An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-45061
CVE-2022-23514Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah < 2.19.1 contains an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a denial of service through CPU resource consumption. This issue is patched in version 2.19.1.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-23514
CVE-2022-23516Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah >= 2.2.0, < 2.19.1 uses recursion for sanitizing CDATA sections, making it susceptible to stack exhaustion and raising a SystemStackError exception. This may lead to a denial of service through CPU resource consumption. This issue is patched in version 2.19.1. Users who are unable to upgrade may be able to mitigate this vulnerability by limiting the length of the strings that are sanitized.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-23516
CVE-2022-23517rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Certain configurations of rails-html-sanitizer < 1.4.4 use an inefficient regular expression that is susceptible to excessive backtracking when attempting to sanitize certain SVG attributes. This may lead to a denial of service through CPU resource consumption. This issue has been patched in version 1.4.4.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-23517
CVE-2022-3064Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-3064
CVE-2022-38112In DPA 2022.4 and older releases, generated heap memory dumps contain sensitive information in cleartext.\n\n7.5https://nvd.nist.gov/vuln/detail/CVE-2022-38112
CVE-2022-4899A vulnerability was found in zstd v1.4.10, where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-4899
CVE-2022-36440A reachable assertion was found in Frrouting frr-bgpd 8.3.0 in the peek_for_as4_capability function. Attackers can maliciously construct BGP open packets and send them to BGP peers running frr-bgpd, resulting in DoS.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-36440
CVE-2023-1992RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file7.5https://nvd.nist.gov/vuln/detail/CVE-2023-1992
CVE-2023-31490An issue found in Frrouting bgpd v.8.4.2 allows a remote attacker to cause a denial of service via the bgp_attr_psid_sub() function.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-31490
CVE-2023-31861ZLMediaKit 4.0 is vulnerable to Directory Traversal.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-31861
CVE-2023-2879GDSDB infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file7.5https://nvd.nist.gov/vuln/detail/CVE-2023-2879
CVE-2023-1999There exists a use after free/double free in libwebp. An attacker can use the ApplyFiltersAndEncode() function and loop through to free best.bw and assign best = trial pointer. The second loop will then return 0 because of an Out of memory error in VP8 encoder, the pointer is still assigned to trial and the AddressSanitizer will attempt a double free. \n7.5https://nvd.nist.gov/vuln/detail/CVE-2023-1999
CVE-2023-37464OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption (JOSE). The AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Tag provided in the JWE. The spec says that a fixed length of 16 octets must be applied. Therefore this bug allows an attacker to provide a truncated Authentication Tag and to modify the JWE accordingly. Users should upgrade to a version >= 0.6.2.2. Users unable to upgrade should avoid using AES GCM encryption and replace it with another encryption algorithm (e.g. AES CBC).7.5https://nvd.nist.gov/vuln/detail/CVE-2023-37464
CVE-2023-32247A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_SESSION_SETUP commands. The issue results from the lack of control of resource consumption. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-32247
CVE-2023-32248A flaw was found in the Linux kernel's ksmbd, a high-performance in-kernel SMB server. The specific flaw exists within the handling of SMB2_TREE_CONNECT and SMB2_QUERY_INFO commands. The issue results from the lack of proper validation of a pointer prior to accessing it. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-32248
CVE-2023-38207Adobe Commerce versions 2.4.6-p1 (and earlier), 2.4.5-p3 (and earlier) and 2.4.4-p4 (and earlier) are affected by a XML Injection (aka Blind XPath Injection) vulnerability that could lead in minor arbitrary file system read. Exploitation of this issue does not require user interaction.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-38207
CVE-2023-4511BT SDP dissector infinite loop in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file7.5https://nvd.nist.gov/vuln/detail/CVE-2023-4511
CVE-2023-4512CBOR dissector crash in Wireshark 4.0.0 to 4.0.6 allows denial of service via packet injection or crafted capture file7.5https://nvd.nist.gov/vuln/detail/CVE-2023-4512
CVE-2023-4513BT SDP dissector memory leak in Wireshark 4.0.0 to 4.0.7 and 3.6.0 to 3.6.15 allows denial of service via packet injection or crafted capture file7.5https://nvd.nist.gov/vuln/detail/CVE-2023-4513
CVE-2023-41358An issue was discovered in FRRouting FRR through 9.0. bgpd/bgp_packet.c processes NLRIs if the attribute length is zero.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-41358
CVE-2023-38802FRRouting FRR 7.5.1 through 9.0 and Pica8 PICOS 4.3.3.2 allow a remote attacker to cause a denial of service via a crafted BGP update with a corrupted attribute 23 (Tunnel Encapsulation).7.5https://nvd.nist.gov/vuln/detail/CVE-2023-38802
CVE-2023-20900A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html  in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .7.5https://nvd.nist.gov/vuln/detail/CVE-2023-20900
CVE-2023-28366The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-28366
CVE-2023-40968Buffer Overflow vulnerability in hzeller timg v.1.5.1 and before allows a remote attacker to cause a denial of service via the 0x61200000045c address.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-40968
CVE-2023-41909An issue was discovered in FRRouting FRR through 9.0. bgp_nlri_parse_flowspec in bgpd/bgp_flowspec.c processes malformed requests with no attributes, leading to a NULL pointer dereference.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-41909
CVE-2023-36184CMysten Labs Sui blockchain v1.2.0 was discovered to contain a stack overflow via the component /spec/openrpc.json.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-36184
CVE-2023-40271In Trusted Firmware-M through TF-Mv1.8.0, for platforms that integrate the CryptoCell accelerator, when the CryptoCell PSA Driver software Interface is selected, and the Authenticated Encryption with Associated Data Chacha20-Poly1305 algorithm is used, with the single-part verification function (defined during the build-time configuration phase) implemented with a dedicated function (i.e., not relying on usage of multipart functions), the buffer comparison during the verification of the authentication tag does not happen on the full 16 bytes but just on the first 4 bytes, thus leading to the possibility that unauthenticated payloads might be identified as authentic. This affects TF-Mv1.6.0, TF-Mv1.6.1, TF-Mv1.7.0, and TF-Mv1.8.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-40271
CVE-2014-5329GIGAPOD file servers (Appliance model and Software model) provide two web interfaces, 80/tcp and 443/tcp for user operation, and 8001/tcp for administrative operation.\r\n8001/tcp is served by a version of Apache HTTP server containing a flaw in handling HTTP requests (CVE-2011-3192), which may lead to a denial-of-service (DoS) condition.7.5https://nvd.nist.gov/vuln/detail/CVE-2014-5329
CVE-2023-37368An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor, and Modem (Exynos Mobile Processor, Automotive Processor, and Modem - Exynos 9810, Exynos 9610, Exynos 9820, Exynos 980, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123). In the Shannon MM Task, Missing validation of a NULL pointer can cause abnormal termination via a malformed NR MM packet.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-37368
CVE-2023-37377An issue was discovered in Samsung Exynos Mobile Processor and Wearable Processor (Exynos 980, Exynos 850, Exynos 2100, and Exynos W920). Improper handling of length parameter inconsistency can cause incorrect packet filtering.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-37377
CVE-2023-40924SolarView Compact < 6.00 is vulnerable to Directory Traversal.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-40924
CVE-2023-42278hutool v5.8.21 was discovered to contain a buffer overflow via the component JSONUtil.parse().7.5https://nvd.nist.gov/vuln/detail/CVE-2023-42278
CVE-2023-4846A vulnerability was found in SourceCodester Simple Membership System 1.0. It has been rated as critical. This issue affects some unknown processing of the file delete_member.php. The manipulation of the argument mem_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239255.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-4846
CVE-2023-4876Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository hamza417/inure prior to build92.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-4876
CVE-2023-4877Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository hamza417/inure prior to build92.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-4877
CVE-2023-4583When checking if the Browsing Context had been discarded in `HttpBaseChannel`, if the load group was not available then it was assumed to have already been discarded which was not always the case for private channels after the private session had ended. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-4583
CVE-2023-36161An issue was discovered in Qubo Smart Plug 10A version HSP02_01_01_14_SYSTEM-10A, allows attackers to cause a denial of service (DoS) via Wi-Fi deauthentication.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-36161
CVE-2020-19323An issue was discovered in /bin/mini_upnpd on D-Link DIR-619L 2.06beta devices. There is a heap buffer overflow allowing remote attackers to restart router via the M-search request ST parameter. No authentication required7.5https://nvd.nist.gov/vuln/detail/CVE-2020-19323
CVE-2023-31069An issue was discovered in TSplus Remote Access through 16.0.2.14. Credentials are stored as cleartext within the HTML source code of the login page.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-31069
CVE-2023-39068Buffer Overflow vulnerability in NBD80S09S-KLC v.YK_HZXM_NBD80S09S-KLC_V4.03.R11.7601.Nat.OnvifC.20230414.bin and NBD80N32RA-KL-V3 v.YK_HZXM_NBD80N32RA-KL_V4.03.R11.7601.Nat.OnvifC.20220120.bin allows a remote attacker to casue a denial of service via a crafted request to the service.XM component.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-39068
CVE-2023-38256Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1, 2.11, 3.0, 3.2, and 3.3 \n\nvulnerable to a path traversal attack, which could allow an attacker to access files stored on the system.\n\n7.5https://nvd.nist.gov/vuln/detail/CVE-2023-38256
CVE-2023-39227?Softneta MedDream PACS stores usernames and passwords in plaintext. The plaintext storage could be abused by attackers to leak legitimate user’s credentials.\n\n7.5https://nvd.nist.gov/vuln/detail/CVE-2023-39227
CVE-2023-4278The MasterStudy LMS WordPress Plugin WordPress plugin before 3.0.18 does not have proper checks in place during registration allowing anyone to register on the site as an instructor. They can then add courses and/or posts.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-4278
CVE-2023-41879Magento LTS is the official OpenMage LTS codebase. Guest orders may be viewed without authentication using a "guest-view" cookie which contains the order's "protect_code". This code is 6 hexadecimal characters which is arguably not enough to prevent a brute-force attack. Exposing each order would require a separate brute force attack. This issue has been patched in versions 19.5.1 and 20.1.1.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-41879
CVE-2023-40440This issue was addressed with improved state management of S/MIME encrypted emails. This issue is fixed in macOS Monterey 12.6.8. A S/MIME encrypted email may be inadvertently sent unencrypted.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-40440
CVE-2023-4898Authentication Bypass by Primary Weakness in GitHub repository mintplex-labs/anything-llm prior to 0.0.1.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-4898
CVE-2023-32558The use of the deprecated API `process.binding()` can bypass the permission model through path traversal. \n\nThis vulnerability affects all users using the experimental permission model in Node.js 20.x.\n\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-32558
CVE-2023-40308SAP CommonCryptoLib allows an unauthenticated attacker to craft a request, which when submitted to an open port causes a memory corruption error in a library which in turn causes the target component to crash making it unavailable. There is no ability to view or modify any information.\n\n7.5https://nvd.nist.gov/vuln/detail/CVE-2023-40308
CVE-2022-48474Control de Ciber, in its 1.650 version, is affected by a Denial of Service condition through the version function. Sending a malicious request could cause the server to check if an unrecognized component is up to date, causing a memory failure error that shuts down the process.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-48474
CVE-2022-4896Cyber Control, in its 1.650 version, is affected by a vulnerability in the generation on the server of pop-up windows with the messages "PNTMEDIDAS", "PEDIR", "HAYDISCOA" or "SPOOLER". A complete denial of service can be achieved by sending multiple requests simultaneously on a core.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-4896
CVE-2023-37879Insecure storage of sensitive information in Wing FTP Server (User Web Client) allows information elicitation.This issue affects Wing FTP Server: <= 7.2.0.\n\n7.5https://nvd.nist.gov/vuln/detail/CVE-2023-37879
CVE-2023-4914Relative Path Traversal in GitHub repository cecilapp/cecil prior to 7.47.1.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-4914
CVE-2023-36763Microsoft Outlook Information Disclosure Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2023-36763
CVE-2023-38149Windows TCP/IP Denial of Service Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2023-38149
CVE-2023-38162DHCP Server Service Denial of Service Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2023-38162
CVE-2023-39208Improper input validation in Zoom Desktop Client for Linux before version 5.15.10 may allow an unauthenticated user to conduct a denial of service via network access.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-39208
CVE-2023-4813A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-4813
CVE-2023-41081The mod_jk component of Apache Tomcat Connectors in some circumstances, such as when a configuration included "JkOptions +ForwardDirectories" but the configuration did not provide explicit mounts for all possible proxied requests, mod_jk would use an implicit mapping and map the request to the first defined worker. Such an implicit mapping could result in the unintended exposure of the status worker and/or bypass security constraints configured in httpd. As of JK 1.2.49, the implicit mapping functionality has been removed and all mappings must now be via explicit configuration. Only mod_jk is affected by this issue. The ISAPI redirector is not affected.\n\nThis issue affects Apache Tomcat Connectors (mod_jk only): from 1.2.0 through 1.2.48.\n\nUsers are recommended to upgrade to version 1.2.49, which fixes the issue.\n\n7.5https://nvd.nist.gov/vuln/detail/CVE-2023-41081
CVE-2023-39914NLnet Labs’ bcder library up to and including version 0.7.2 panics while decoding certain invalid input data rather than rejecting the data with an error. This can affect both the actual decoding stage as well as accessing content of types that utilized delayed decoding.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-39914
CVE-2023-39915NLnet Labs’ Routinator up to and including version 0.12.1 may crash when trying to parse certain malformed RPKI objects. This is due to insufficient input checking in the bcder library covered by CVE-2023-39914.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-39915
CVE-2023-4801An improper certification validation vulnerability in the Insider Threat Management (ITM) Agent for MacOS could be used by an anonymous actor on an adjacent network to establish a man-in-the-middle position between the agent and the ITM server after the agent has registered. All versions prior to 7.14.3.69 are affected. Agents for Windows, Linux, and Cloud are unaffected.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-4801
CVE-2023-20191A vulnerability in the access control list (ACL) processing on MPLS interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL.\r\n\r This vulnerability is due to incomplete support for this feature. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to bypass an ACL on the affected device.\r\n\r There are workarounds that address this vulnerability.\r\n\r \r\n\r \r This advisory is part of the September 2023 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2023 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication .7.5https://nvd.nist.gov/vuln/detail/CVE-2023-20191
CVE-2023-4785Lack of error handling in the TCP server in Google's gRPC starting version 1.23 on posix-compatible platforms (ex. Linux) allows an attacker to cause a denial of service by initiating a significant number of connections with the server. Note that gRPC C++ Python, and Ruby are affected, but gRPC Java, and Go are NOT affected. 7.5https://nvd.nist.gov/vuln/detail/CVE-2023-4785
CVE-2023-40850netentsec NS-ASG 6.3 is vulnerable to Incorrect Access Control. There is a file leak in the website source code of the application security gateway.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-40850
CVE-2023-26141Versions of the package sidekiq before 7.1.3 are vulnerable to Denial of Service (DoS) due to insufficient checks in the dashboard-charts.js file. An attacker can exploit this vulnerability by manipulating the localStorage value which will cause excessive polling requests.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-26141
CVE-2023-38205Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints. Exploitation of this issue does not require user interaction.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-38205
CVE-2023-29499A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-29499
CVE-2023-32636A flaw was found in glib, where the gvariant deserialization code is vulnerable to a denial of service introduced by additional input validation added to resolve CVE-2023-29499. The offset table validation may be very slow. This bug does not affect any released version of glib but does affect glib distributors who followed the guidance of glib developers to backport the initial fix for CVE-2023-29499.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-32636
CVE-2023-35851\nSUNNET WMPro portal's FAQ function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL commands to obtain sensitive information via a database.\n\n7.5https://nvd.nist.gov/vuln/detail/CVE-2023-35851
CVE-2021-44273e2guardian v5.4.x <= v5.4.3r is affected by missing SSL certificate validation in the SSL MITM engine. In standalone mode (i.e., acting as a proxy or a transparent proxy), with SSL MITM enabled, e2guardian, if built with OpenSSL v1.1.x, did not validate hostnames in certificates of the web servers that it connected to, and thus was itself vulnerable to MITM attacks.7.4https://nvd.nist.gov/vuln/detail/CVE-2021-44273
CVE-2023-21930Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via TLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).7.4https://nvd.nist.gov/vuln/detail/CVE-2023-21930
CVE-2023-40729A vulnerability has been identified in QMS Automotive (All versions < V12.39). The affected application lacks security control to prevent unencrypted communication without HTTPS. An attacker who managed to gain machine-in-the-middle position could manipulate, or steal confidential information.7.4https://nvd.nist.gov/vuln/detail/CVE-2023-40729
CVE-2021-44226Razer Synapse before 3.7.0228.022817 allows privilege escalation because it relies on %PROGRAMDATA%\\Razer\\Synapse3\\Service\\bin even if %PROGRAMDATA%\\Razer has been created by any unprivileged user before Synapse is installed. The unprivileged user may have placed Trojan horse DLLs there.7.3https://nvd.nist.gov/vuln/detail/CVE-2021-44226
CVE-2023-42472Due to insufficient file type validation, SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) - version 420, allows a report creator to upload files from local system into the report over the network. When uploading the image file, an authenticated attacker could intercept the request, modify the content type and the extension to read and modify sensitive data causing a high impact on confidentiality and integrity of the application.\n\n7.3https://nvd.nist.gov/vuln/detail/CVE-2023-42472
CVE-2023-40724A vulnerability has been identified in QMS Automotive (All versions < V12.39). User credentials are found in memory as plaintext. An attacker could perform a memory dump, and get access to credentials, and use it for impersonation.7.3https://nvd.nist.gov/vuln/detail/CVE-2023-40724
CVE-2023-36762Microsoft Word Remote Code Execution Vulnerability7.3https://nvd.nist.gov/vuln/detail/CVE-2023-36762
CVE-2020-17049Kerberos Security Feature Bypass Vulnerability7.2https://nvd.nist.gov/vuln/detail/CVE-2020-17049
CVE-2020-25719A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos name-based authentication. The Samba AD DC, could become confused about the user a ticket represents if it did not strictly require a Kerberos PAC and always use the SIDs found within. The result could include total domain compromise.7.2https://nvd.nist.gov/vuln/detail/CVE-2020-25719
CVE-2022-37967Windows Kerberos Elevation of Privilege Vulnerability7.2https://nvd.nist.gov/vuln/detail/CVE-2022-37967
CVE-2023-1595A vulnerability has been found in novel-plus 3.6.2 and classified as critical. Affected by this vulnerability is an unknown functionality of the file common/log/list. The manipulation of the argument sort leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223663.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-1595
CVE-2023-33225The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-33225
CVE-2023-23842The SolarWinds Network Configuration Manager was susceptible to the Directory Traversal Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-23842
CVE-2023-35179\nA vulnerability has been identified within Serv-U 15.4 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. \n\n7.2https://nvd.nist.gov/vuln/detail/CVE-2023-35179
CVE-2023-20266A vulnerability in Cisco Emergency Responder, Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), and Cisco Unity Connection could allow an authenticated, remote attacker to elevate privileges to root on an affected device.\r\n\r This vulnerability exists because the application does not properly restrict the files that are being used for upgrades. An attacker could exploit this vulnerability by providing a crafted upgrade file. A successful exploit could allow the attacker to elevate privileges to root. To exploit this vulnerability, the attacker must have valid platform administrator credentials on an affected device.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-20266
CVE-2021-36021Magento versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an Improper input validation vulnerability within the CMS page scheduled update feature. An authenticated attacker with administrative privilege could leverage this vulnerability to achieve remote code execution on the system.7.2https://nvd.nist.gov/vuln/detail/CVE-2021-36021
CVE-2021-36036Magento versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper access control vulnerability within Magento's Media Gallery Upload workflow. By storing a specially crafted file in the website gallery, an authenticated attacker with administrative privilege can gain access to delete the .htaccess file. This could result in the attacker achieving remote code execution.7.2https://nvd.nist.gov/vuln/detail/CVE-2021-36036
CVE-2023-41319Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides webserver API allows custom integrations to be uploaded as a ZIP file. This ZIP file must contain YAML files, but Fides can be configured to also accept the inclusion of custom Python code in it. The custom code is executed in a restricted, sandboxed environment, but the sandbox can be bypassed to execute any arbitrary code. The vulnerability allows the execution of arbitrary code on the target system within the context of the webserver python process owner on the webserver container, which by default is `root`, and leverage that access to attack underlying infrastructure and integrated systems. This vulnerability affects Fides versions `2.11.0` through `2.19.0`. Exploitation is limited to API clients with the `CONNECTOR_TEMPLATE_REGISTER` authorization scope. In the Fides Admin UI this scope is restricted to highly privileged users, specifically root users and users with the owner role. Exploitation is only possible if the security configuration parameter `allow_custom_connector_functions` is enabled by the user deploying the Fides webserver container, either in `fides.toml` or by setting the env var `FIDES__SECURITY__ALLOW_CUSTOM_CONNECTOR_FUNCTIONS=True`. By default this configuration parameter is disabled. The vulnerability has been patched in Fides version `2.19.0`. Users are advised to upgrade to this version or later to secure their systems against this threat. Users unable to upgrade should ensure that `allow_custom_connector_functions` in `fides.toml` and the `FIDES__SECURITY__ALLOW_CUSTOM_CONNECTOR_FUNCTIONS` are both either unset or explicit set to `False`.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-41319
CVE-2023-40060A vulnerability has been identified within Serv-U 15.4 and 15.4 Hotfix 1 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. \n15.4.  SolarWinds found that the issue was not completely fixed in 15.4 Hotfix 1. 7.2https://nvd.nist.gov/vuln/detail/CVE-2023-40060
CVE-2023-4528Unsafe deserialization in JSCAPE MFT Server versions prior to 2023.1.9 (Windows, Linux, and MacOS) permits an attacker to run arbitrary Java code (including OS commands) via its management interface\n7.2https://nvd.nist.gov/vuln/detail/CVE-2023-4528
CVE-2023-38743Zoho ManageEngine ADManager Plus before Build 7200 allows admin users to execute commands on the host machine.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-38743
CVE-2023-4314The wpDataTables WordPress plugin before 2.1.66 does not validate the "Serialized PHP array" input data before deserializing the data. This allows admins to deserialize arbitrary data which may lead to remote code execution if a suitable gadget chain is present on the server. This is impactful in environments where admin users should not be allowed to execute arbitrary code, such as multisite.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-4314
CVE-2022-24093Adobe Commerce versions 2.4.3-p1 (and earlier) and 2.3.7-p2 (and earlier) are affected by an improper input validation vulnerability. Exploitation of this issue does not require user interaction and could result in a post-authentication arbitrary code execution.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-24093
CVE-2023-38156Azure HDInsight Apache Ambari Elevation of Privilege Vulnerability7.2https://nvd.nist.gov/vuln/detail/CVE-2023-38156
CVE-2023-21521\nAn SQL Injection vulnerability in the Management Console? (Operator Audit Trail) of BlackBerry AtHoc version 7.15 could allow an attacker to potentially read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database, recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system.\n\n7.2https://nvd.nist.gov/vuln/detail/CVE-2023-21521
CVE-2023-4928SQL Injection in GitHub repository instantsoft/icms2 prior to 2.16.1.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-4928
CVE-2023-23840The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-23840
CVE-2023-23845The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-23845
CVE-2023-3025The Dropbox Folder Share plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.9.7 via the 'link' parameter. This can allow unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-3025
CVE-2023-35850\nSUNNET WMPro portal's file management function has a vulnerability of insufficient filtering for user input. A remote attacker with administrator privilege or a privileged account can exploit this vulnerability to inject and execute arbitrary system commands to perform arbitrary system operations or disrupt service.\n\n7.2https://nvd.nist.gov/vuln/detail/CVE-2023-35850
CVE-2023-5032A vulnerability was found in OpenRapid RapidCMS 1.3.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/article/article-edit-run.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239876.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-5032
CVE-2023-5033A vulnerability classified as critical has been found in OpenRapid RapidCMS 1.3.1. This affects an unknown part of the file /admin/category/cate-edit-run.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239877 was assigned to this vulnerability.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-5033
CVE-2023-34999A command injection vulnerability exists in RTS VLink Virtual Matrix Software Versions v5 (< 5.7.6) and v6 (< 6.5.0) that allows an attacker to perform arbitrary code execution via the admin web interface.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-34999
CVE-2021-41803HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properly validate the node or segment names prior to interpolation and usage in JWT claim assertions with the auto config RPC. Fixed in 1.11.9, 1.12.5, and 1.13.2."7.1https://nvd.nist.gov/vuln/detail/CVE-2021-41803
CVE-2022-37971Microsoft Windows Defender Elevation of Privilege Vulnerability.7.1https://nvd.nist.gov/vuln/detail/CVE-2022-37971
CVE-2022-42930If two Workers were simultaneously initializing their CacheStorage, a data race could have occurred in the `ThirdPartyUtil` component. This vulnerability affects Firefox < 106.7.1https://nvd.nist.gov/vuln/detail/CVE-2022-42930
CVE-2023-1161ISO 15765 and ISO 10681 dissector crash in Wireshark 4.0.0 to 4.0.3 and 3.6.0 to 3.6.11 allows denial of service via packet injection or crafted capture file7.1https://nvd.nist.gov/vuln/detail/CVE-2023-1161
CVE-2023-4387A use-after-free flaw was found in vmxnet3_rq_alloc_rx_buf in drivers/net/vmxnet3/vmxnet3_drv.c in VMware's vmxnet3 ethernet NIC driver in the Linux Kernel. This issue could allow a local attacker to crash the system due to a double-free while cleaning up vmxnet3_rq_cleanup_all, which could also lead to a kernel information leak problem.7.1https://nvd.nist.gov/vuln/detail/CVE-2023-4387
CVE-2021-33834An issue was discovered in iscflashx64.sys 3.9.3.0 in Insyde H2OFFT 6.20.00. When handling IOCTL 0x22229a, the input used to allocate a buffer and copy memory is mishandled. This could cause memory corruption or a system crash.7.1https://nvd.nist.gov/vuln/detail/CVE-2021-33834
CVE-2023-4881A stack based out-of-bounds write flaw was found in the netfilter subsystem in the Linux kernel. If the expression length is a multiple of 4 (register size), the `nft_exthdr_eval` family of functions writes 4 NULL bytes past the end of the `regs` argument, leading to stack corruption and potential information disclosure or a denial of service.7.1https://nvd.nist.gov/vuln/detail/CVE-2023-4881
CVE-2023-40623SAP BusinessObjects Suite Installer - version 420, 430, allows an attacker within the network to create a directory under temporary directory and link it to a directory with operating system files. On successful exploitation the attacker can delete all the operating system files causing a limited impact on integrity and completely compromising the availability of the system.\n\n7.1https://nvd.nist.gov/vuln/detail/CVE-2023-40623
CVE-2023-4814\nA Privilege escalation vulnerability exists in Trellix Windows DLP endpoint for windows which can be abused to delete any file/folder for which the user does not have permission to.\n\n7.1https://nvd.nist.gov/vuln/detail/CVE-2023-4814
CVE-2023-4664Incorrect Default Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation.This issue affects Saphira Connect: before 9.\n\n7.1https://nvd.nist.gov/vuln/detail/CVE-2023-4664
CVE-2023-36562Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability7.1https://nvd.nist.gov/vuln/detail/CVE-2023-36562
CVE-2021-3697A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.7https://nvd.nist.gov/vuln/detail/CVE-2021-3697
CVE-2023-27470BASupSrvcUpdater.exe in N-able Take Control Agent through 7.0.41.1141 before 7.0.43 has a TOCTOU Race Condition via a pseudo-symlink at %PROGRAMDATA%\\GetSupportService_N-Central\\PushUpdates, leading to arbitrary file deletion.7https://nvd.nist.gov/vuln/detail/CVE-2023-27470
CVE-2023-36805Windows MSHTML Platform Security Feature Bypass Vulnerability7https://nvd.nist.gov/vuln/detail/CVE-2023-36805
CVE-2023-20135A vulnerability in Cisco IOS XR Software image verification checks could allow an authenticated, local attacker to execute arbitrary code on the underlying operating system.\r\n\r This vulnerability is due to a time-of-check, time-of-use (TOCTOU) race condition when an install query regarding an ISO image is performed during an install operation that uses an ISO image. An attacker could exploit this vulnerability by modifying an ISO image and then carrying out install requests in parallel. A successful exploit could allow the attacker to execute arbitrary code on an affected device.7https://nvd.nist.gov/vuln/detail/CVE-2023-20135
CVE-2022-47631Razer Synapse through 3.7.1209.121307 allows privilege escalation due to an unsafe installation path and improper privilege management. Attackers can place DLLs into %PROGRAMDATA%\\Razer\\Synapse3\\Service\\bin if they do so before the service is installed and if they deny write access for the SYSTEM user. Although the service will not start if it detects malicious DLLs in this directory, attackers can exploit a race condition and replace a valid DLL (i.e., a copy of a legitimate Razer DLL) with a malicious DLL after the service has already checked the file. As a result, local Windows users can abuse the Razer driver installer to obtain administrative privileges on Windows.7https://nvd.nist.gov/vuln/detail/CVE-2022-47631
CVE-2021-20316A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker with permissions to read or modify share metadata, to perform this operation outside of the share.6.8https://nvd.nist.gov/vuln/detail/CVE-2021-20316
CVE-2022-47632Razer Synapse before 3.7.0830.081906 allows privilege escalation due to an unsafe installation path, improper privilege management, and improper certificate validation. Attackers can place malicious DLLs into %PROGRAMDATA%\\Razer\\Synapse3\\Service\\bin if they do so before the service is installed and if they deny write access for the SYSTEM user. Although the service will not start if the malicious DLLs are unsigned, it suffices to use self-signed DLLs. The validity of the DLL signatures is not checked. As a result, local Windows users can abuse the Razer driver installer to obtain administrative privileges on Windows.6.8https://nvd.nist.gov/vuln/detail/CVE-2022-47632
CVE-2023-28841Moby is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby is commonly referred to as *Docker*.\n\nSwarm Mode, which is compiled in and delivered by default in `dockerd` and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of SwarmKit and supporting network code.\n\nThe `overlay` network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of VXLAN, which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with the VXLAN metadata, including a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes.\n\nEncrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the IPsec Encapsulating Security Payload protocol in Transport mode. By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption.\n\nWhen setting an endpoint up on an encrypted overlay network, Moby installs three iptables (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the `u32` iptables extension provided by the `xt_u32` kernel module to directly filter on a VXLAN packet's VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN.\n\nAn iptables rule designates outgoing VXLAN datagrams with a VNI that corresponds to an encrypted overlay network for IPsec encapsulation.\n\nEncrypted overlay networks on affected platforms silently transmit unencrypted data. As a result, `overlay` networks may appear to be functional, passing traffic as expected, but without any of the expected confidentiality or data integrity guarantees.\n\nIt is possible for an attacker sitting in a trusted position on the network to read all of the application traffic that is moving across the overlay network, resulting in unexpected secrets or user data disclosure. Thus, because many database protocols, internal APIs, etc. are not protected by a second layer of encryption, a user may use Swarm encrypted overlay networks to provide confidentiality, which due to this vulnerability this is no longer guaranteed.\n\nPatches are available in Moby releases 23.0.3, and 20.10.24. As Mirantis Container Runtime's 20.10 releases are numbered differently, users of that platform should update to 20.10.16.\n\nSome workarounds are available. Close the VXLAN port (by default, UDP port 4789) to outgoing traffic at the Internet boundary in order to prevent unintentionally leaking unencrypted traffic over the Internet, and/or ensure that the `xt_u32` kernel module is available on all nodes of the Swarm cluster.6.8https://nvd.nist.gov/vuln/detail/CVE-2023-28841
CVE-2023-28842Moby) is an open source container framework developed by Docker Inc. that is distributed as Docker, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (`dockerd`), which is developed as moby/moby is commonly referred to as *Docker*.\n\nSwarm Mode, which is compiled in and delivered by default in `dockerd` and is thus present in most major Moby downstreams, is a simple, built-in container orchestrator that is implemented through a combination of SwarmKit and supporting network code.\n\nThe `overlay` network driver is a core feature of Swarm Mode, providing isolated virtual LANs that allow communication between containers and services across the cluster. This driver is an implementation/user of VXLAN, which encapsulates link-layer (Ethernet) frames in UDP datagrams that tag the frame with the VXLAN metadata, including a VXLAN Network ID (VNI) that identifies the originating overlay network. In addition, the overlay network driver supports an optional, off-by-default encrypted mode, which is especially useful when VXLAN packets traverses an untrusted network between nodes.\n\nEncrypted overlay networks function by encapsulating the VXLAN datagrams through the use of the IPsec Encapsulating Security Payload protocol in Transport mode. By deploying IPSec encapsulation, encrypted overlay networks gain the additional properties of source authentication through cryptographic proof, data integrity through check-summing, and confidentiality through encryption.\n\nWhen setting an endpoint up on an encrypted overlay network, Moby installs three iptables (Linux kernel firewall) rules that enforce both incoming and outgoing IPSec. These rules rely on the `u32` iptables extension provided by the `xt_u32` kernel module to directly filter on a VXLAN packet's VNI field, so that IPSec guarantees can be enforced on encrypted overlay networks without interfering with other overlay networks or other users of VXLAN.\n\nThe `overlay` driver dynamically and lazily defines the kernel configuration for the VXLAN network on each node as containers are attached and detached. Routes and encryption parameters are only defined for destination nodes that participate in the network. The iptables rules that prevent encrypted overlay networks from accepting unencrypted packets are not created until a peer is available with which to communicate.\n\nEncrypted overlay networks silently accept cleartext VXLAN datagrams that are tagged with the VNI of an encrypted overlay network. As a result, it is possible to inject arbitrary Ethernet frames into the encrypted overlay network by encapsulating them in VXLAN datagrams. The implications of this can be quite dire, and GHSA-vwm3-crmr-xfxw should be referenced for a deeper exploration.\n\nPatches are available in Moby releases 23.0.3, and 20.10.24. As Mirantis Container Runtime's 20.10 releases are numbered differently, users of that platform should update to 20.10.16.\n\nSome workarounds are available. In multi-node clusters, deploy a global ‘pause’ container for each encrypted overlay network, on every node. For a single-node cluster, do not use overlay networks of any sort. Bridge networks provide the same connectivity on a single node and have no multi-node features. The Swarm ingress feature is implemented using an overlay network, but can be disabled by publishing ports in `host` mode instead of `ingress` mode (allowing the use of an external load balancer), and removing the `ingress` network. If encrypted overlay networks are in exclusive use, block UDP port 4789 from traffic that has not been validated by IPSec.6.8https://nvd.nist.gov/vuln/detail/CVE-2023-28842
CVE-2022-41804Unauthorized error injection in Intel(R) SGX or Intel(R) TDX for some Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.6.7https://nvd.nist.gov/vuln/detail/CVE-2022-41804
CVE-2023-20193A vulnerability in the Embedded Service Router (ESR) of Cisco ISE could allow an authenticated, local attacker to read, write, or delete arbitrary files on the underlying operating system and escalate their privileges to root. To exploit this vulnerability, an attacker must have valid Administrator-level privileges on the affected device. This vulnerability is due to improper privilege management in the ESR console. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to elevate their privileges to root and read, write, or delete arbitrary files from the underlying operating system of the affected device. Note: The ESR is not enabled by default and must be licensed. To verify the status of the ESR in the Admin GUI, choose Administration > Settings > Protocols > IPSec.6.7https://nvd.nist.gov/vuln/detail/CVE-2023-20193
CVE-2023-36759Visual Studio Elevation of Privilege Vulnerability6.7https://nvd.nist.gov/vuln/detail/CVE-2023-36759
CVE-2023-39201Untrusted search path in CleanZoom before file date 07/24/2023 may allow a privileged user to conduct an escalation of privilege via local access.6.7https://nvd.nist.gov/vuln/detail/CVE-2023-39201
CVE-2022-47637The installer in XAMPP through 8.1.12 allows local users to write to the C:\\xampp directory. Common use cases execute files under C:\\xampp with administrative privileges.6.7https://nvd.nist.gov/vuln/detail/CVE-2022-47637
CVE-2019-10218A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker could use this vulnerability to create files outside of the current working directory using the privileges of the client user.6.5https://nvd.nist.gov/vuln/detail/CVE-2019-10218
CVE-2019-14907All samba versions 4.9.x before 4.9.18, 4.10.x before 4.10.12 and 4.11.x before 4.11.5 have an issue where if it is set with "log level = 3" (or above) then the string obtained from the client, after a failed character conversion, is printed. Such strings can be provided during the NTLMSSP authentication exchange. In the Samba AD DC in particular, this may cause a long-lived process(such as the RPC server) to terminate. (In the file server case, the most likely target, smbd, operates as process-per-client and so a crash there is harmless).6.5https://nvd.nist.gov/vuln/detail/CVE-2019-14907
CVE-2019-19344There is a use-after-free issue in all samba 4.9.x versions before 4.9.18, all samba 4.10.x versions before 4.10.12 and all samba 4.11.x versions before 4.11.5, essentially due to a call to realloc() while other local variables still point at the original buffer.6.5https://nvd.nist.gov/vuln/detail/CVE-2019-19344
CVE-2019-20391An invalid memory access flaw is present in libyang before v1.0-r3 in the function resolve_feature_value() when an if-feature statement is used inside a bit. Applications that use libyang to parse untrusted input yang files may crash.6.5https://nvd.nist.gov/vuln/detail/CVE-2019-20391
CVE-2019-20392An invalid memory access flaw is present in libyang before v1.0-r1 in the function resolve_feature_value() when an if-feature statement is used inside a list key node, and the feature used is not defined. Applications that use libyang to parse untrusted input yang files may crash.6.5https://nvd.nist.gov/vuln/detail/CVE-2019-20392
CVE-2019-20395A stack consumption issue is present in libyang before v1.0-r1 due to the self-referential union type containing leafrefs. Applications that use libyang to parse untrusted input yang files may crash.6.5https://nvd.nist.gov/vuln/detail/CVE-2019-20395
CVE-2019-20396A segmentation fault is present in yyparse in libyang before v1.0-r1 due to a malformed pattern statement value during lys_parse_path parsing.6.5https://nvd.nist.gov/vuln/detail/CVE-2019-20396
CVE-2019-20398A NULL pointer dereference is present in libyang before v1.0-r3 in the function lys_extension_instances_free() due to a copy of unresolved extensions in lys_restr_dup(). Applications that use libyang to parse untrusted input yang files may crash.6.5https://nvd.nist.gov/vuln/detail/CVE-2019-20398
CVE-2021-3670MaxQueryDuration not honoured in Samba AD DC LDAP6.5https://nvd.nist.gov/vuln/detail/CVE-2021-3670
CVE-2022-40716HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13.1 do not check for multiple SAN URI values in a CSR on the internal RPC endpoint, enabling leverage of privileged access to bypass service mesh intentions. Fixed in 1.11.9, 1.12.5, and 1.13.2."6.5https://nvd.nist.gov/vuln/detail/CVE-2022-40716
CVE-2022-42929If a website called `window.print()` in a particular way, it could cause a denial of service of the browser, which may persist beyond browser restart depending on the user's session restore settings. This vulnerability affects Firefox < 106, Firefox ESR < 102.4, and Thunderbird < 102.4.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-42929
CVE-2022-3437A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-3437
CVE-2022-3592A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make 'smbd' escape the configured share path. This flaw allows a remote user with access to the exported part of the file system under a share via SMB1 unix extensions or NFS to create symlinks to files outside the 'smbd' configured share path and gain access to another restricted server's filesystem.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-3592
CVE-2023-26054BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In affected versions when the user sends a build request that contains a Git URL that contains credentials and the build creates a provenance attestation describing that build, these credentials could be visible from the provenance attestation. Git URL can be passed in two ways: 1) Invoking build directly from a URL with credentials. 2) If the client sends additional version control system (VCS) info hint parameters on builds from a local source. Usually, that would mean reading the origin URL from `.git/config` file. When a build is performed under specific conditions where credentials were passed to BuildKit they may be visible to everyone who has access to provenance attestation. Provenance attestations and VCS info hints were added in version v0.11.0. Previous versions are not vulnerable. In v0.10, when building directly from Git URL, the same URL could be visible in `BuildInfo` structure that is a predecessor of Provenance attestations. Previous versions are not vulnerable. This bug has been fixed in v0.11.4. Users are advised to upgrade. Users unable to upgrade may disable VCS info hints by setting `BUILDX_GIT_INFO=0`. `buildctl` does not set VCS hints based on `.git` directory, and values would need to be passed manually with `--opt`.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-26054
CVE-2023-0845Consul and Consul Enterprise allowed an authenticated user with service:write permissions to trigger a workflow that causes Consul server and client agents to crash under certain circumstances. This vulnerability was fixed in Consul 1.14.5.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-0845
CVE-2023-0614The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-0614
CVE-2023-1993LISP dissector large loop in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file6.5https://nvd.nist.gov/vuln/detail/CVE-2023-1993
CVE-2023-1994GQUIC dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file6.5https://nvd.nist.gov/vuln/detail/CVE-2023-1994
CVE-2023-21946Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).6.5https://nvd.nist.gov/vuln/detail/CVE-2023-21946
CVE-2022-40302An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may cause a denial of service (assertion failure and daemon restart, or out-of-bounds read). This is possible because of inconsistent boundary checks that do not account for reading 3 bytes (instead of 2) in this 0xff case.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-40302
CVE-2022-40318An issue was discovered in bgpd in FRRouting (FRR) through 8.4. By crafting a BGP OPEN message with an option of type 0xff (Extended Length from RFC 9072), attackers may cause a denial of service (assertion failure and daemon restart, or out-of-bounds read). This is possible because of inconsistent boundary checks that do not account for reading 3 bytes (instead of 2) in this 0xff case. NOTE: this behavior occurs in bgp_open_option_parse in the bgp_open.c file, a different location (with a different attack vector) relative to CVE-2022-40302.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-40318
CVE-2022-43681An out-of-bounds read exists in the BGP daemon of FRRouting FRR through 8.4. When sending a malformed BGP OPEN message that ends with the option length octet (or the option length word, in case of an extended OPEN message), the FRR code reads of out of the bounds of the packet, throwing a SIGABRT signal and exiting. This results in a bgpd daemon restart, causing a Denial-of-Service condition.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-43681
CVE-2022-39374Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. If Synapse and a malicious homeserver are both joined to the same room, the malicious homeserver can trick Synapse into accepting previously rejected events into its view of the current state of that room. This can be exploited in a way that causes all further messages and state changes sent in that room from the vulnerable homeserver to be rejected. This issue has been patched in version 1.68.0\n\n6.5https://nvd.nist.gov/vuln/detail/CVE-2022-39374
CVE-2023-2854BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file6.5https://nvd.nist.gov/vuln/detail/CVE-2023-2854
CVE-2023-2855Candump log parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file6.5https://nvd.nist.gov/vuln/detail/CVE-2023-2855
CVE-2023-2856VMS TCPIPtrace file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file6.5https://nvd.nist.gov/vuln/detail/CVE-2023-2856
CVE-2023-2857BLF file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file6.5https://nvd.nist.gov/vuln/detail/CVE-2023-2857
CVE-2023-2858NetScaler file parser crash in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via crafted capture file6.5https://nvd.nist.gov/vuln/detail/CVE-2023-2858
CVE-2023-2952XRA dissector infinite loop in Wireshark 4.0.0 to 4.0.5 and 3.6.0 to 3.6.13 allows denial of service via packet injection or crafted capture file6.5https://nvd.nist.gov/vuln/detail/CVE-2023-2952
CVE-2023-22652A Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in openSUSE libeconf leads to DoS via malformed config files.\nThis issue affects libeconf: before 0.5.2.\n\n6.5https://nvd.nist.gov/vuln/detail/CVE-2023-22652
CVE-2023-0666Due to failure in validating the length provided by an attacker-crafted RTPS packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-0666
CVE-2023-0667Due to failure in validating the length provided by an attacker-crafted MSMMS packet, Wireshark version 4.0.5 and prior, in an unusual configuration, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark6.5https://nvd.nist.gov/vuln/detail/CVE-2023-0667
CVE-2023-0668Due to failure in validating the length provided by an attacker-crafted IEEE-C37.118 packet, Wireshark version 4.0.5 and prior, by default, is susceptible to a heap-based buffer overflow, and possibly code execution in the context of the process running Wireshark.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-0668
CVE-2023-4135A heap out-of-bounds memory read flaw was found in the virtual nvme device in QEMU. The QEMU process does not validate an offset provided by the guest before computing a host heap pointer, which is used for copying data back to the guest. Arbitrary heap memory relative to an allocated buffer can be disclosed.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-4135
CVE-2023-4456A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as long as the authorization allowing the original action is still cached.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-4456
CVE-2020-22524Buffer Overflow vulnerability in FreeImage_Load function in FreeImage Library 3.19.0(r1828) allows attackers to cuase a denial of service via crafted PFM file.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-22524
CVE-2023-2906Due to a failure in validating the length provided by an attacker-crafted CP2179 packet, Wireshark versions 2.0.0 through 4.0.7 is susceptible to a divide by zero allowing for a denial of service attack.\n6.5https://nvd.nist.gov/vuln/detail/CVE-2023-2906
CVE-2023-40184xrdp is an open source remote desktop protocol (RDP) server. In versions prior to 0.9.23 improper handling of session establishment errors allows bypassing OS-level session restrictions. The `auth_start_session` function can return non-zero (1) value on, e.g., PAM error which may result in in session restrictions such as max concurrent sessions per user by PAM (ex ./etc/security/limits.conf) to be bypassed. Users (administrators) don't use restrictions by PAM are not affected. This issue has been addressed in release version 0.9.23. Users are advised to upgrade. There are no known workarounds for this issue.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-40184
CVE-2023-4764Incorrect security UI in BFCache in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High)6.5https://nvd.nist.gov/vuln/detail/CVE-2023-4764
CVE-2023-40584Argo CD is a declarative continuous deployment for Kubernetes. All versions of ArgoCD starting from v2.4 have a bug where the ArgoCD repo-server component is vulnerable to a Denial-of-Service attack vector. Specifically, the said component extracts a user-controlled tar.gz file without validating the size of its inner files. As a result, a malicious, low-privileged user can send a malicious tar.gz file that exploits this vulnerability to the repo-server, thereby harming the system's functionality and availability. Additionally, the repo-server is susceptible to another vulnerability due to the fact that it does not check the extracted file permissions before attempting to delete them. Consequently, an attacker can craft a malicious tar.gz archive in a way that prevents the deletion of its inner files when the manifest generation process is completed. A patch for this vulnerability has been released in versions 2.6.15, 2.7.14, and 2.8.3. Users are advised to upgrade. The only way to completely resolve the issue is to upgrade, however users unable to upgrade should configure RBAC (Role-Based Access Control) and provide access for configuring applications only to a limited number of administrators. These administrators should utilize trusted and verified Helm charts.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-40584
CVE-2021-45811A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket 1.15.x allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topic_id" URL parameters combination.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-45811
CVE-2023-4874Null pointer dereference when viewing a specially crafted email in Mutt >1.5.2 <2.2.126.5https://nvd.nist.gov/vuln/detail/CVE-2023-4874
CVE-2023-4573When receiving rendering data over IPC `mStream` could have been destroyed when initialized, which could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-4573
CVE-2023-4574When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-4574
CVE-2023-4575When creating a callback over IPC for showing the File Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-4575
CVE-2023-4577When `UpdateRegExpStatics` attempted to access `initialStringHeap` it could already have been garbage collected prior to entering the function, which could potentially have led to an exploitable crash. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-4577
CVE-2023-4578When calling `JS::CheckRegExpSyntax` a Syntax Error could have been set which would end in calling `convertToRuntimeErrorAndClear`. A path in the function could attempt to allocate memory when none is available which would have caused a newly created Out of Memory exception to be mishandled as a Syntax Error. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-4578
CVE-2023-4580Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-4580
CVE-2023-41336ux-autocomplete is a JavaScript Autocomplete functionality for Symfony. Under certain circumstances, an attacker could successfully submit an entity id for an `EntityType` that is *not* part of the valid choices. The problem has been fixed in `symfony/ux-autocomplete` version 2.11.2.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-41336
CVE-2023-27169Xpand IT Write-back manager v2.3.1 uses a hardcoded salt in license class configuration which leads to the generation of a hardcoded and predictable symmetric encryption keys for license generation and validation.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-27169
CVE-2023-40712Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated users who have access to see the task/dag in the UI, to craft a URL, which could lead to unmasking the secret configuration of the task that otherwise would be masked in the UI.\n\nUsers are strongly advised to upgrade to version 2.7.1 or later which has removed the vulnerability.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-40712
CVE-2023-36799.NET Core and Visual Studio Denial of Service Vulnerability6.5https://nvd.nist.gov/vuln/detail/CVE-2023-36799
CVE-2023-39215Improper authentication in Zoom clients may allow an authenticated user to conduct a denial of service via network access.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-39215
CVE-2023-4917The Leyka plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 3.30.3 via the 'leyka_ajax_get_env_and_options' function. This can allow authenticated attackers with subscriber-level permissions or above to extract sensitive data including Sberbank API key and password, PayPal Client Secret, and more keys and passwords.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-4917
CVE-2023-4400\nA password management vulnerability in Skyhigh Secure Web Gateway (SWG) in main releases 11.x prior to 11.2.14, 10.x prior to 10.2.25 and controlled release 12.x prior to 12.2.1, allows some authentication information stored in configuration files to be extracted through SWG REST API. This was possible due to SWG storing the password in plain text in some configuration files.\n\n6.5https://nvd.nist.gov/vuln/detail/CVE-2023-4400
CVE-2023-25608An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in the command line interpreter of FortiAP-W2 7.2.0 through 7.2.1, 7.0.3 through 7.0.5, 7.0.0 through 7.0.1, 6.4 all versions, 6.2 all versions, 6.0 all versions; FortiAP-C 5.4.0 through 5.4.4, 5.2 all versions; FortiAP 7.2.0 through 7.2.1, 7.0.0 through 7.0.5, 6.4 all versions, 6.0 all versions; FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions may allow an authenticated attacker to read arbitrary files via specially crafted command arguments.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-25608
CVE-2023-39916NLnet Labs’ Routinator 0.9.0 up to and including 0.12.1 contains a possible path traversal vulnerability in the optional, off-by-default keep-rrdp-responses feature that allows users to store the content of responses received for RRDP requests. The location of these stored responses is constructed from the URL of the request. Due to insufficient sanitation of the URL, it is possible for an attacker to craft a URL that results in the response being stored outside of the directory specified for it.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-39916
CVE-2023-20233A vulnerability in the Connectivity Fault Management (CFM) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r This vulnerability is due to incorrect processing of invalid continuity check messages (CCMs). An attacker could exploit this vulnerability by sending crafted CCMs to an affected device. A successful exploit could allow the attacker to cause the CFM service to crash when a user displays information about maintenance end points (MEPs) for peer MEPs on an affected device.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-20233
CVE-2023-3255A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. A wrong exit condition may lead to an infinite loop when inflating an attacker controlled zlib buffer in the `inflate_buffer` function. This could allow a remote authenticated client who is able to send a clipboard to the VNC server to trigger a denial of service.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-3255
CVE-2023-4568PaperCut NG allows for unauthenticated XMLRPC commands to be run by default. Versions 22.0.12 and below are confirmed to be affected, but later versions may also be affected due to lack of a vendor supplied patch.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-4568
CVE-2023-42178Lenosp 1.0.0-1.2.0 is vulnerable to SQL Injection via the log query module.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-42178
CVE-2023-37739i-doit Pro v25 and below was discovered to be vulnerable to path traversal.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-37739
CVE-2023-4984A vulnerability was found in didi KnowSearch 0.3.2/0.3.1.2. It has been rated as problematic. This issue affects some unknown processing of the file /api/es/admin/v3/security/user/1. The manipulation leads to unprotected storage of credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239795.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-4984
CVE-2023-5031A vulnerability was found in OpenRapid RapidCMS 1.3.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/article/article-add.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239875.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-5031
CVE-2023-39039An information leak in Camp Style Project Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-39039
CVE-2023-39040An information leak in Cheese Cafe Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-39040
CVE-2023-39049An information leak in youmart-tokunaga v13.6.1 allows attackers to obtain the channel access token and send crafted messages.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-39049
CVE-2023-39056An information leak in Coffee-jumbo v13.6.1 allows attackers to obtain the channel access token and send crafted messages.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-39056
CVE-2023-38484Vulnerabilities exist in the BIOS implementation of Aruba 9200 and 9000 Series Controllers and Gateways that could allow an attacker to execute arbitrary code early in the boot sequence. An attacker could exploit this vulnerability to gain access to and change underlying sensitive information in the affected controller leading to complete system compromise.6.4https://nvd.nist.gov/vuln/detail/CVE-2023-38484
CVE-2023-38485Vulnerabilities exist in the BIOS implementation of Aruba 9200 and 9000 Series Controllers and Gateways that could allow an attacker to execute arbitrary code early in the boot sequence. An attacker could exploit this vulnerability to gain access to and change underlying sensitive information in the affected controller leading to complete system compromise.6.4https://nvd.nist.gov/vuln/detail/CVE-2023-38485
CVE-2023-38486A vulnerability in the secure boot implementation on affected Aruba 9200 and 9000 Series Controllers and Gateways allows an attacker to bypass security controls which would normally prohibit unsigned kernel images from executing. An attacker can use this vulnerability to execute arbitrary runtime operating systems, including unverified and unsigned OS images.6.4https://nvd.nist.gov/vuln/detail/CVE-2023-38486
CVE-2023-5001The Horizontal scrolling announcement for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'horizontal-scrolling' shortcode in versions up to, and including, 9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.6.4https://nvd.nist.gov/vuln/detail/CVE-2023-5001
CVE-2023-40621SAP PowerDesigner Client - version 16.7, allows an unauthenticated attacker to inject VBScript code in a document and have it opened by an unsuspecting user, to have it executed by the application on behalf of the user. The application has a security option to disable or prompt users before untrusted scripts are executed, but this is not set as default.6.3https://nvd.nist.gov/vuln/detail/CVE-2023-40621
CVE-2022-23515Loofah is a general library for manipulating and transforming HTML/XML documents and fragments, built on top of Nokogiri. Loofah >= 2.1.0, < 2.19.1 is vulnerable to cross-site scripting via the image/svg+xml media type in data URIs. This issue is patched in version 2.19.1.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-23515
CVE-2022-23518rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Versions >= 1.0.3, < 1.4.4 are vulnerable to cross-site scripting via data URIs when used in combination with Loofah >= 2.1.0. This issue is patched in version 1.4.4.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-23518
CVE-2022-23519rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags in either of the following ways: allow both "math" and "style" elements, or allow both "svg" and "style" elements. Code is only impacted if allowed tags are being overridden. . This issue is fixed in version 1.4.4. All users overriding the allowed tags to include "math" or "svg" and "style" should either upgrade or use the following workaround immediately: Remove "style" from the overridden allowed tags, or remove "math" and "svg" from the overridden allowed tags.\n6.1https://nvd.nist.gov/vuln/detail/CVE-2022-23519
CVE-2022-23520rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. Prior to version 1.4.4, there is a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer due to an incomplete fix of CVE-2022-32209. Rails::Html::Sanitizer may allow an attacker to inject content if the application developer has overridden the sanitizer's allowed tags to allow both "select" and "style" elements. Code is only impacted if allowed tags are being overridden. This issue is patched in version 1.4.4. All users overriding the allowed tags to include both "select" and "style" should either upgrade or use this workaround: Remove either "select" or "style" from the overridden allowed tags. NOTE: Code is _not_ impacted if allowed tags are overridden using either the :tags option to the Action View helper method sanitize or the :tags option to the instance method SafeListSanitizer#sanitize.\n6.1https://nvd.nist.gov/vuln/detail/CVE-2022-23520
CVE-2022-38210There is a reflected HTML injection vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below that may allow a remote, unauthenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim’s browser.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-38210
CVE-2023-0125A vulnerability was found in Control iD Gerencia Web 1.30. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Web Interface. The manipulation of the argument Nome leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-217717 was assigned to this vulnerability.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-0125
CVE-2023-32681Requests is a HTTP library. Since Requests 2.3.0, Requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. This is a product of how we use `rebuild_proxies` to reattach the `Proxy-Authorization` header to requests. For HTTP connections sent through the tunnel, the proxy will identify the header in the request itself and remove it prior to forwarding to the destination server. However when sent over HTTPS, the `Proxy-Authorization` header must be sent in the CONNECT request as the proxy has no visibility into the tunneled request. This results in Requests forwarding proxy credentials to the destination server unintentionally, allowing a malicious actor to potentially exfiltrate sensitive information. This issue has been patched in version 2.31.0.\n\n6.1https://nvd.nist.gov/vuln/detail/CVE-2023-32681
CVE-2023-36675An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, and 1.39.x before 1.39.4. BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-36675
CVE-2023-37905ckeditor-wordcount-plugin is an open source WordCount Plugin for CKEditor. It has been discovered that the `ckeditor-wordcount-plugin` plugin for CKEditor4 is susceptible to cross-site scripting when switching to the source code mode. This issue has been addressed in version 1.17.12 of the `ckeditor-wordcount-plugin` plugin and users are advised to upgrade. There are no known workarounds for this vulnerability.\n\n6.1https://nvd.nist.gov/vuln/detail/CVE-2023-37905
CVE-2023-39968jupyter-server is the backend for Jupyter web applications. Open Redirect Vulnerability. Maliciously crafted login links to known Jupyter Servers can cause successful login or an already logged-in session to be redirected to arbitrary sites, which should be restricted to Jupyter Server-served URLs. This issue has been addressed in commit `29036259` which is included in release 2.7.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-39968
CVE-2023-40170jupyter-server is the backend for Jupyter web applications. Improper cross-site credential checks on `/files/` URLs could allow exposure of certain file contents, or accessing files when opening untrusted files via "Open image in new tab". This issue has been addressed in commit `87a49272728` which has been included in release `2.7.2`. Users are advised to upgrade. Users unable to upgrade may use the lower performance `--ContentsManager.files_handler_class=jupyter_server.files.handlers.FilesHandler`, which implements the correct checks.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-40170
CVE-2023-4296\n?If an attacker tricks an admin user of PTC Codebeamer into clicking on a malicious link, it may allow the attacker to inject arbitrary code to be executed in the browser on the target device.\n\n6.1https://nvd.nist.gov/vuln/detail/CVE-2023-4296
CVE-2023-2813All of the above Aapna WordPress theme through 1.3, Anand WordPress theme through 1.2, Anfaust WordPress theme through 1.1, Arendelle WordPress theme before 1.1.13, Atlast Business WordPress theme through 1.5.8.5, Bazaar Lite WordPress theme before 1.8.6, Brain Power WordPress theme through 1.2, BunnyPressLite WordPress theme before 2.1, Cafe Bistro WordPress theme before 1.1.4, College WordPress theme before 1.5.1, Connections Reloaded WordPress theme through 3.1, Counterpoint WordPress theme through 1.8.1, Digitally WordPress theme through 1.0.8, Directory WordPress theme before 3.0.2, Drop WordPress theme before 1.22, Everse WordPress theme before 1.2.4, Fashionable Store WordPress theme through 1.3.4, Fullbase WordPress theme before 1.2.1, Ilex WordPress theme before 1.4.2, Js O3 Lite WordPress theme through 1.5.8.2, Js Paper WordPress theme through 2.5.7, Kata WordPress theme before 1.2.9, Kata App WordPress theme through 1.0.5, Kata Business WordPress theme through 1.0.2, Looki Lite WordPress theme before 1.3.0, moseter WordPress theme through 1.3.1, Nokke WordPress theme before 1.2.4, Nothing Personal WordPress theme through 1.0.7, Offset Writing WordPress theme through 1.2, Opor Ayam WordPress theme through 18, Pinzolo WordPress theme before 1.2.10, Plato WordPress theme before 1.1.9, Polka Dots WordPress theme through 1.2, Purity Of Soul WordPress theme through 1.9, Restaurant PT WordPress theme before 1.1.3, Saul WordPress theme before 1.1.0, Sean Lite WordPress theme before 1.4.6, Tantyyellow WordPress theme through 1.0.0.5, TIJAJI WordPress theme through 1.43, Tiki Time WordPress theme through 1.3, Tuaug4 WordPress theme through 1.4, Tydskrif WordPress theme through 1.1.3, UltraLight WordPress theme through 1.2, Venice Lite WordPress theme before 1.5.5, Viala WordPress theme through 1.3.1, viburno WordPress theme before 1.3.2, Wedding Bride WordPress theme before 1.0.2, Wlow WordPress theme before 1.2.7 suffer from the same issue about the search box reflecting the results causing XSS which allows an unauthenticated attacker to exploit against users if they click a malicious link.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-2813
CVE-2023-20263A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could allow an unauthenticated, remote attacker to redirect a user to a malicious web page.\r\n\r\n\r This vulnerability is due to improper input validation of the parameters in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-20263
CVE-2023-40306SAP S/4HANA Manage Catalog Items and Cross-Catalog searches Fiori apps allow an attacker to redirect users to a malicious site due to insufficient URL validation. As a result, it may have a slight impact on confidentiality and integrity.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-40306
CVE-2023-41564An arbitrary file upload vulnerability in the Upload Asset function of Cockpit CMS v2.6.3 allows attackers to execute arbitrary code via uploading a crafted .shtml file.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-41564
CVE-2023-4847A vulnerability classified as problematic has been found in SourceCodester Simple Book Catalog App 1.0. Affected is an unknown function of the component Update Book Form. The manipulation of the argument book_title/book_author leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239256.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-4847
CVE-2023-4864A vulnerability, which was classified as problematic, was found in SourceCodester Take-Note App 1.0. This affects an unknown part of the file index.php. The manipulation of the argument noteContent with the input --redacted-- leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239349 was assigned to this vulnerability6.1https://nvd.nist.gov/vuln/detail/CVE-2023-4864
CVE-2023-4870A vulnerability classified as problematic has been found in SourceCodester Contact Manager App 1.0. This affects an unknown part of the file index.php of the component Contact Information Handler. The manipulation of the argument contactID with the input "><sCrIpT>alert(1)</ScRiPt> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239355.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-4870
CVE-2023-39067Cross Site Scripting vulnerability in ZLMediaKiet v.4.0 and v.5.0 allows an attacker to execute arbitrary code via a crafted script to the URL.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-39067
CVE-2023-41609An open redirect vulnerability in the sanitize_url() parameter of CouchCMS v2.3 allows attackers to redirect a victim user to an arbitrary web site via a crafted URL.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-41609
CVE-2023-2705The gAppointments WordPress plugin before 1.10.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against admin6.1https://nvd.nist.gov/vuln/detail/CVE-2023-2705
CVE-2023-3169The tagDiv Composer WordPress plugin before 4.2, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not have authorisation in a REST route and does not validate as well as escape some parameters when outputting them back, which could allow unauthenticated users to perform Stored Cross-Site Scripting attacks.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3169
CVE-2023-4270The Min Max Control WordPress plugin before 4.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-4270
CVE-2023-4294The URL Shortify WordPress plugin before 1.7.6 does not properly escape the value of the referer header, thus allowing an unauthenticated attacker to inject malicious javascript that will trigger in the plugins admin panel with statistics of the created short link.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-4294
CVE-2023-38878A reflected cross-site scripting (XSS) vulnerability in DevCode OpenSTAManager versions 2.4.24 to 2.4.47 may allow a remote attacker to execute arbitrary JavaScript in the web browser of a victim by injecting a malicious payload into the 'error' and 'error_description' parameters of 'oauth2.php'.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-38878
CVE-2023-26142All versions of the package crow are vulnerable to HTTP Response Splitting when untrusted user input is used to build header values. Header values are not properly sanitized against CRLF Injection in the set_header and add_header functions. An attacker can add the \\r\\n (carriage return line feeds) characters to end the HTTP response headers and inject malicious content.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-26142
CVE-2023-41013Cross Site Scripting (XSS) in Webmail Calendar in IceWarp 10.3.1 allows remote attackers to inject arbitrary web script or HTML via the "p4" field.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-41013
CVE-2023-4913Cross-site Scripting (XSS) - Reflected in GitHub repository cecilapp/cecil prior to 7.47.1.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-4913
CVE-2023-21522\nA Reflected Cross-site Scripting (XSS) vulnerability in the Management Console (Reports) of BlackBerry AtHoc version 7.15 could allow an attacker to potentially control a script that is executed in the victim's browser then they can execute script commands in the context of the affected user account. 6.1https://nvd.nist.gov/vuln/detail/CVE-2023-21522
CVE-2023-29305Adobe Connect versions 12.3 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-29305
CVE-2023-29306Adobe Connect versions 12.3 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-29306
CVE-2023-40617A reflected cross-site scripting (XSS) vulnerability in OpenKnowledgeMaps Head Start 7 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'file' parameter in 'displayPDF.php'.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-40617
CVE-2023-41162A Reflected Cross-site scripting (XSS) vulnerability in the file manager tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the file mask field while searching under the tools drop down.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-41162
CVE-2023-40779An issue in IceWarp Mail Server Deep Castle 2 v.13.0.1.2 allows a remote attacker to execute arbitrary code via a crafted request to the URL.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-40779
CVE-2023-41588A cross-site scripting (XSS) vulnerability in Time to SLA plugin v10.13.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the durationFormat parameter.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-41588
CVE-2023-4676Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yordam MedasPro allows Reflected XSS.This issue affects MedasPro: before 28.\n\n6.1https://nvd.nist.gov/vuln/detail/CVE-2023-4676
CVE-2023-40983A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Find in Results file.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-40983
CVE-2023-4663Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Saphira Saphira Connect allows Reflected XSS.This issue affects Saphira Connect: before 9.\n\n6.1https://nvd.nist.gov/vuln/detail/CVE-2023-4663
CVE-2023-4983A vulnerability was found in app1pro Shopicial up to 20230830. It has been declared as problematic. This vulnerability affects unknown code of the file search. The manipulation of the argument from with the input comments</script>'"><img src=x onerror=alert(document.cookie)> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-239794 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-4983
CVE-2023-36727Microsoft Edge (Chromium-based) Spoofing Vulnerability6.1https://nvd.nist.gov/vuln/detail/CVE-2023-36727
CVE-2023-42253Code-Projects Vehicle Management 1.0 is vulnerable to Cross Site Scripting (XSS) in Add Accounts via Invoice No, To, and Mammul.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-42253
CVE-2023-5060Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.1.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-5060
CVE-2019-12814A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x through 2.9.9. When Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has JDOM 1.x or 2.x jar in the classpath, an attacker can send a specifically crafted JSON message that allows them to read arbitrary local files on the server.5.9https://nvd.nist.gov/vuln/detail/CVE-2019-12814
CVE-2019-12384FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on the classpath content, remote code execution may be possible.5.9https://nvd.nist.gov/vuln/detail/CVE-2019-12384
CVE-2016-2124A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.5.9https://nvd.nist.gov/vuln/detail/CVE-2016-2124
CVE-2021-20251A flaw was found in samba. A race condition in the password lockout code may lead to the risk of brute force attacks being successful if special conditions are met.5.9https://nvd.nist.gov/vuln/detail/CVE-2021-20251
CVE-2023-0922The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection.5.9https://nvd.nist.gov/vuln/detail/CVE-2023-0922
CVE-2023-21954Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).5.9https://nvd.nist.gov/vuln/detail/CVE-2023-21954
CVE-2023-21967Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).5.9https://nvd.nist.gov/vuln/detail/CVE-2023-21967
CVE-2023-22053Vulnerability in the MySQL Server product of Oracle MySQL (component: Client programs). Supported versions that are affected are 5.7.42 and prior and 8.0.33 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server and unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H).5.9https://nvd.nist.gov/vuln/detail/CVE-2023-22053
CVE-2023-39363Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). In versions 0.2.15, 0.2.16 and 0.3.0, named re-entrancy locks are allocated incorrectly. Each function using a named re-entrancy lock gets a unique lock regardless of the key, allowing cross-function re-entrancy in contracts compiled with the susceptible versions. A specific set of conditions is required to result in misbehavior of affected contracts, specifically: a `.vy` contract compiled with `vyper` versions `0.2.15`, `0.2.16`, or `0.3.0`; a primary function that utilizes the `@nonreentrant` decorator with a specific `key` and does not strictly follow the check-effects-interaction pattern (i.e. contains an external call to an untrusted party before storage updates); and a secondary function that utilizes the same `key` and would be affected by the improper state caused by the primary function. Version 0.3.1 contains a fix for this issue.5.9https://nvd.nist.gov/vuln/detail/CVE-2023-39363
CVE-2023-5054The Super Store Finder plugin for WordPress is vulnerable to unauthenticated arbitrary email creation and relay in versions up to, and including, 6.9.2. This is due to insufficient restrictions on the sendMail.php file that allows direct access. This makes it possible for unauthenticated attackers to send emails utilizing the vulnerable site's server, with arbitrary content. Please note that this vulnerability has already been publicly disclosed with an exploit which is why we are publishing the details without a patch available, we are attempting to initiate contact with the developer.5.8https://nvd.nist.gov/vuln/detail/CVE-2023-5054
CVE-2023-4875Null pointer dereference when composing from a specially crafted draft message in Mutt >1.5.2 <2.2.125.7https://nvd.nist.gov/vuln/detail/CVE-2023-4875
CVE-2023-36777Microsoft Exchange Server Information Disclosure Vulnerability5.7https://nvd.nist.gov/vuln/detail/CVE-2023-36777
CVE-2023-3301A flaw was found in QEMU. The async nature of hot-unplug enables a race scenario where the net device backend is cleared before the virtio-net pci frontend has been unplugged. A malicious guest could use this time window to trigger an assertion and cause a denial of service.5.6https://nvd.nist.gov/vuln/detail/CVE-2023-3301
CVE-2023-4155A flaw was found in KVM AMD Secure Encrypted Virtualization (SEV) in the Linux kernel. A KVM guest using SEV-ES or SEV-SNP with multiple vCPUs can trigger a double fetch race condition vulnerability and invoke the `VMGEXIT` handler recursively. If an attacker manages to call the handler multiple times, they can trigger a stack overflow and cause a denial of service or potentially guest-to-host escape in kernel configurations without stack guard pages (`CONFIG_VMAP_STACK`).5.6https://nvd.nist.gov/vuln/detail/CVE-2023-4155
CVE-2022-2085A NULL pointer dereference vulnerability was found in Ghostscript, which occurs when it tries to render a large number of bits in memory. When allocating a buffer device, it relies on an init_device_procs defined for the device that uses it as a prototype that depends upon the number of bits per pixel. For bpp > 64, mem_x_device is used and does not have an init_device_procs defined. This flaw allows an attacker to parse a large number of bits (more than 64 bits per pixel), which triggers a NULL pointer dereference flaw, causing an application to crash.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-2085
CVE-2022-1615In Samba, GnuTLS gnutls_rnd() can fail and give predictable random values.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-1615
CVE-2023-1009A vulnerability classified as problematic has been found in DrayTek Vigor 2960 1.5.1.4. Affected is the function sub_1DF14 of the file /cgi-bin/mainfunction.cgi. The manipulation of the argument option with the input /../etc/passwd- leads to path traversal. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. VDB-221742 is the identifier assigned to this vulnerability.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-1009
CVE-2023-21929Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).5.5https://nvd.nist.gov/vuln/detail/CVE-2023-21929
CVE-2023-20588\nA division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. \n\n\n\n\n\n\n\n5.5https://nvd.nist.gov/vuln/detail/CVE-2023-20588
CVE-2023-38235Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-38235
CVE-2021-3236vim 8.2.2348 is affected by null pointer dereference, allows local attackers to cause a denial of service (DoS) via the ex_buffer_all method.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-3236
CVE-2023-40305GNU indent 2.2.13 has a heap-based buffer overflow in search_brace in indent.c via a crafted file.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-40305
CVE-2023-40360QEMU through 8.0.4 accesses a NULL pointer in nvme_directive_receive in hw/nvme/ctrl.c because there is no check for whether an endurance group is configured before checking whether Flexible Data Placement is enabled.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-40360
CVE-2023-39742giflib v5.2.1 was discovered to contain a segmentation fault via the component getarg.c.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-39742
CVE-2023-3747Zero Trust Administrators have the ability to disallow end users from disabling WARP on their devices. Override codes can also be created by the Administrators to allow a device to temporarily be disconnected from WARP, however, due to lack of server side validation, an attacker with local access to the device, could extend the maximum allowed disconnected time of WARP client granted by an override code by changing the date & time on the local device where WARP is running.\n\n5.5https://nvd.nist.gov/vuln/detail/CVE-2023-3747
CVE-2023-32470\nDell Digital Delivery versions prior to 5.0.82.0 contain an Insecure Operation on Windows Junction / Mount Point vulnerability. A local malicious user could potentially exploit this vulnerability to create arbitrary folder leading to permanent Denial of Service (DOS).\n\n5.5https://nvd.nist.gov/vuln/detail/CVE-2023-32470
CVE-2023-41775Improper access control vulnerability in 'direct' Desktop App for macOS ver 2.6.0 and earlier allows a local attacker to bypass access restriction and to use camrea, microphone, etc. of the device where the product is installed without the user's consent.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-41775
CVE-2023-42467QEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset in hw/scsi/scsi-disk.c because scsi_disk_emulate_mode_select does not prevent s->qdev.blocksize from being 256. This stops QEMU and the guest immediately.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-42467
CVE-2023-4104An invalid Polkit Authentication check and missing authentication requirements for D-Bus methods allowed any local user to configure arbitrary VPN setups.\n*This bug only affects Mozilla VPN on Linux. Other operating systems are unaffected.* This vulnerability affects Mozilla VPN client for Linux < v2.16.1.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-4104
CVE-2019-7819Adobe Acrobat Reader versions 2019.010.20098 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.5.5https://nvd.nist.gov/vuln/detail/CVE-2019-7819
CVE-2022-34238Acrobat Reader versions 22.001.20142 (and earlier), 20.005.30334 (and earlier) and 20.005.30334 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-34238
CVE-2023-41000GPAC through 2.2.1 has a use-after-free vulnerability in the function gf_bifs_flush_command_list in bifs/memory_decoder.c.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-41000
CVE-2023-40032libvips is a demand-driven, horizontally threaded image processing library. A specially crafted SVG input can cause libvips versions 8.14.3 or earlier to segfault when attempting to parse a malformed UTF-8 character. Users should upgrade to libvips version 8.14.4 (or later) when processing untrusted input.\n5.5https://nvd.nist.gov/vuln/detail/CVE-2023-40032
CVE-2023-35664In convertSubgraphFromHAL of ShimConverter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-35664
CVE-2023-35671In onHostEmulationData of HostEmulationManager.java, there is a possible way for a general purpose NFC reader to read the full card number and expiry details when the device is in locked screen mode due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-35671
CVE-2023-35675In loadMediaResumptionControls of MediaResumeListener.kt, there is a possible way to play and listen to media files played by another user on the same device due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-35675
CVE-2023-35677In onCreate of DeviceAdminAdd.java, there is a possible way to forcibly add a device admin due to a missing permission check. This could lead to local denial of service (factory reset or continuous locking) with no additional execution privileges needed. User interaction is not needed for exploitation.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-35677
CVE-2023-35679In MtpPropertyValue of MtpProperty.h, there is a possible out of bounds read due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-35679
CVE-2023-35680In multiple locations, there is a possible way to import contacts belonging to other users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-35680
CVE-2023-35683In bindSelection of DatabaseUtils.java, there is a possible way to access files from other applications due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-35683
CVE-2023-36766Microsoft Excel Information Disclosure Vulnerability5.5https://nvd.nist.gov/vuln/detail/CVE-2023-36766
CVE-2023-36803Windows Kernel Information Disclosure Vulnerability5.5https://nvd.nist.gov/vuln/detail/CVE-2023-36803
CVE-2023-38140Windows Kernel Information Disclosure Vulnerability5.5https://nvd.nist.gov/vuln/detail/CVE-2023-38140
CVE-2023-38160Windows TCP/IP Information Disclosure Vulnerability5.5https://nvd.nist.gov/vuln/detail/CVE-2023-38160
CVE-2023-41764Microsoft Office Spoofing Vulnerability5.5https://nvd.nist.gov/vuln/detail/CVE-2023-41764
CVE-2023-40715A cleartext storage of sensitive information vulnerability [CWE-312] in FortiTester 2.3.0 through 7.2.3 may allow an attacker with access to the DB contents to retrieve the plaintext password of external servers configured in the device.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-40715
CVE-2023-3280A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to disable the agent.\n\n5.5https://nvd.nist.gov/vuln/detail/CVE-2023-3280
CVE-2023-42503Improper Input Validation, Uncontrolled Resource Consumption vulnerability in Apache Commons Compress in TAR parsing.This issue affects Apache Commons Compress: from 1.22 before 1.24.0.\n\nUsers are recommended to upgrade to version 1.24.0, which fixes the issue.\n\nA third party can create a malformed TAR file by manipulating file modification times headers, which when parsed with Apache Commons Compress, will cause a denial of service issue via CPU consumption.\n\nIn version 1.22 of Apache Commons Compress, support was added for file modification times with higher precision (issue # COMPRESS-612 [1]). The format for the PAX extended headers carrying this data consists of two numbers separated by a period [2], indicating seconds and subsecond precision (for example “1647221103.5998539”). The impacted fields are “atime”, “ctime”, “mtime” and “LIBARCHIVE.creationtime”. No input validation is performed prior to the parsing of header values.\n\nParsing of these numbers uses the BigDecimal [3] class from the JDK which has a publicly known algorithmic complexity issue when doing operations on large numbers, causing denial of service (see issue # JDK-6560193 [4]). A third party can manipulate file time headers in a TAR file by placing a number with a very long fraction (300,000 digits) or a number with exponent notation (such as “9e9999999”) within a file modification time header, and the parsing of files with these headers will take hours instead of seconds, leading to a denial of service via exhaustion of CPU resources. This issue is similar to CVE-2012-2098 [5].\n\n[1]: https://issues.apache.org/jira/browse/COMPRESS-612 \n[2]: https://pubs.opengroup.org/onlinepubs/9699919799/utilities/pax.html#tag_20_92_13_05 \n[3]: https://docs.oracle.com/javase/8/docs/api/java/math/BigDecimal.html \n[4]: https://bugs.openjdk.org/browse/JDK-6560193 \n[5]: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2098 \n\nOnly applications using CompressorStreamFactory class (with auto-detection of file types), TarArchiveInputStream and TarFile classes to parse TAR files are impacted. Since this code was introduced in v1.22, only that version and later versions are impacted.\n\n5.5https://nvd.nist.gov/vuln/detail/CVE-2023-42503
CVE-2023-38558A vulnerability has been identified in SIMATIC PCS neo (Administration Console) V4.0 (All versions), SIMATIC PCS neo (Administration Console) V4.0 Update 1 (All versions). The affected application leaks Windows admin credentials. An attacker with local access to the Administration Console could get the credentials, and impersonate the admin user, thereby gaining admin access to other Windows systems.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-38558
CVE-2023-41010Insecure Permissions vulnerability in Sichuan Tianyi Kanghe Communication Co., Ltd China Telecom Tianyi Home Gateway v.TEWA-700G allows a local attacker to obtain sensitive information via the default password parameter.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-41010
CVE-2023-32665A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-32665
CVE-2019-14833A flaw was found in Samba, all versions starting samba 4.5.0 before samba 4.9.15, samba 4.10.10, samba 4.11.2, in the way it handles a user password change or a new password for a samba user. The Samba Active Directory Domain Controller can be configured to use a custom script to check for password complexity. This configuration can fail to verify password complexity when non-ASCII characters are used in the password, which could lead to weak passwords being set for samba users, making it vulnerable to dictionary attacks.5.4https://nvd.nist.gov/vuln/detail/CVE-2019-14833
CVE-2019-14902There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18, where the removal of the right to create or modify a subtree would not automatically be taken away on all domain controllers.5.4https://nvd.nist.gov/vuln/detail/CVE-2019-14902
CVE-2022-32746A flaw was found in the Samba AD LDAP server. The AD DC database audit logging module can access LDAP message values freed by a preceding database module, resulting in a use-after-free issue. This issue is only possible when modifying certain privileged attributes, such as userAccountControl.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-32746
CVE-2023-41316Tolgee is an open-source localization platform. Due to lack of validation field - Org Name, bad actor can send emails with HTML injected code to the victims. Registered users can inject HTML into unsanitized emails from the Tolgee instance to other users. This unsanitized HTML ends up in invitation emails which appear as legitimate org invitations. Bad actors may direct users to malicious website or execute javascript in the context of the users browser. This vulnerability has been addressed in version 3.29.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-41316
CVE-2023-41161Multiple stored cross-site scripting (XSS) vulnerabilities in Usermin 2.000 allow remote attackers to inject arbitrary web script or HTML via the key comment to different pages such as public key details, Export key, sign key, send to key server page, and fetch from key server page tab.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-41161
CVE-2023-32332IBM Maximo Application Suite 8.9, 8.10 and IBM Maximo Asset Management 7.6.1.2, 7.6.1.3 are vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. IBM X-Force ID: 255072.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-32332
CVE-2023-41318matrix-media-repo is a highly customizable multi-domain media repository for the Matrix chat ecosystem. In affected versions an attacker could upload a malicious piece of media to the media repo, which would then be served with `Content-Disposition: inline` upon download. This vulnerability could be leveraged to execute scripts embedded in SVG content. Commits `77ec235` and `bf8abdd` fix the issue and are included in the 1.3.0 release. Operators should upgrade to v1.3.0 as soon as possible. Operators unable to upgrade should override the `Content-Disposition` header returned by matrix-media-repo as a workaround.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-41318
CVE-2022-22402IBM Aspera Faspex 5.0.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 222571.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-22402
CVE-2023-4838The Simple Download Counter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 1.6 due to insufficient input sanitization and output escaping on user supplied attributes like 'before' and 'after'. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-4838
CVE-2023-4878Server-Side Request Forgery (SSRF) in GitHub repository instantsoft/icms2 prior to 2.16.1-git.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-4878
CVE-2023-40786HKcms v2.3.0.230709 is vulnerable to Cross Site Scripting (XSS) allowing administrator cookies to be stolen.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-40786
CVE-2023-41593Multiple cross-site scripting (XSS) vulnerabilities in Dairy Farm Shop Management System Using PHP and MySQL v1.1 allow attackers to execute arbitrary web scripts and HTML via a crafted payload injected into the Category and Category Field parameters.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-41593
CVE-2023-41103Interact 7.9.79.5 allows stored Cross-site Scripting (XSS) attacks in several locations, allowing an attacker to store a JavaScript payload.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-41103
CVE-2023-3510The FTP Access WordPress plugin through 1.0 does not have authorisation and CSRF checks when updating its settings and is missing sanitisation as well as escaping in them, allowing any authenticated users, such as subscriber to update them with XSS payloads, which will be triggered when an admin will view the settings of the plugin. The attack could also be perform via CSRF against any authenticated user.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-3510
CVE-2023-4840The MapPress Maps for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'mappress' shortcode in versions up to, and including, 2.88.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-4840
CVE-2023-4887The Google Maps Plugin by Intergeo for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'intergeo' shortcode in versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-4887
CVE-2023-4890The JQuery Accordion Menu Widget for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'dcwp-jquery-accordion' shortcode in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-4890
CVE-2023-4893The Crayon Syntax Highlighter plugin for WordPress is vulnerable to Server Side Request Forgery via the 'crayon' shortcode in versions up to, and including, 2.8.4. This can allow authenticated attackers with contributor-level permissions or above to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-4893
CVE-2023-40624SAP NetWeaver AS ABAP (applications based on Unified Rendering) - versions SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI 758, SAP_BASIS 702, SAP_BASIS 731, allows an attacker to inject JavaScript code that can be executed in the web-application. An attacker could thereby control the behavior of this web-application.\n\n5.4https://nvd.nist.gov/vuln/detail/CVE-2023-40624
CVE-2023-40625S4CORE (Manage Purchase Contracts App) - versions 102, 103, 104, 105, 106, 107, does not perform necessary authorization checks for an authenticated user. This could allow an attacker to perform unintended actions resulting in escalation of privileges which has low impact on confidentiality and integrity with no impact on availibility of the system.\n\n5.4https://nvd.nist.gov/vuln/detail/CVE-2023-40625
CVE-2023-37875Improper encoding or escaping of output in Wing FTP Server (User Web Client) allows Cross-Site Scripting (XSS).This issue affects Wing FTP Server: <= 7.2.0.\n\n5.4https://nvd.nist.gov/vuln/detail/CVE-2023-37875
CVE-2023-0119A stored Cross-site scripting vulnerability was found in foreman. The Comment section in the Hosts tab has incorrect filtering of user input data. As a result of the attack, an attacker with an existing account on the system can steal another user's session, make requests on behalf of the user, and obtain user credentials.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-0119
CVE-2023-29463\nThe JMX Console within the Rockwell Automation Pavilion8 is exposed to application users and does not require authentication. If exploited, a malicious user could potentially retrieve other application users’ session data and or log users out of their session.\n\n5.4https://nvd.nist.gov/vuln/detail/CVE-2023-29463
CVE-2023-36800Dynamics Finance and Operations Cross-site Scripting Vulnerability5.4https://nvd.nist.gov/vuln/detail/CVE-2023-36800
CVE-2023-36886Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability5.4https://nvd.nist.gov/vuln/detail/CVE-2023-36886
CVE-2023-38164Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability5.4https://nvd.nist.gov/vuln/detail/CVE-2023-38164
CVE-2023-30962The Gotham Cerberus service was found to have a stored cross-site scripting (XSS) vulnerability that could have allowed an attacker with access to Gotham to launch attacks against other users. This vulnerability is resolved in Cerberus 100.230704.0-27-g031dd58 .5.4https://nvd.nist.gov/vuln/detail/CVE-2023-30962
CVE-2023-21523\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nA Stored Cross-site Scripting (XSS) vulnerability in the Management Console (User Management and Alerts) of BlackBerry AtHoc version 7.15 could allow an attacker to execute script commands in the context of the affected user account.\n\n\n\n\n\n\n\n5.4https://nvd.nist.gov/vuln/detail/CVE-2023-21523
CVE-2023-41423Cross Site Scripting vulnerability in WP Githuber MD plugin v.1.16.2 allows a remote attacker to execute arbitrary code via a crafted payload to the new article function.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-41423
CVE-2023-29183An improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability [CWE-79] in FortiProxy 7.2.0 through 7.2.4, 7.0.0 through 7.0.10 and FortiOS 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14 GUI may allow an authenticated attacker to trigger malicious JavaScript code execution via crafted guest management setting.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-29183
CVE-2023-38214Adobe Experience Manager versions 6.5.17 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-38214
CVE-2023-38215Adobe Experience Manager versions 6.5.17 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-38215
CVE-2023-3588A stored Cross-site Scripting (XSS) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x allows an attacker to execute arbitrary script code.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-3588
CVE-2023-41152A Stored Cross-Site Scripting (XSS) vulnerability in the MIME type programs tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the handle program field while creating a new MIME type program.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-41152
CVE-2023-41154A Stored Cross-Site Scripting (XSS) vulnerability in the scheduled cron jobs tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the value field parameter while creating a new environment variable.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-41154
CVE-2023-41155A Stored Cross-Site Scripting (XSS) vulnerability in the mail forwarding and replies tab in Webmin and Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the forward to field while creating a mail forwarding rule.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-41155
CVE-2023-41158A Stored Cross-Site Scripting (XSS) vulnerability in the MIME type programs tab in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML via the description field while creating a new MIME type program.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-41158
CVE-2023-4841The Feeds for YouTube for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'youtube-feed' shortcode in versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-4841
CVE-2023-4944The Awesome Weather Widget for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'awesome-weather' shortcode in versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-4944
CVE-2023-4945The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes in versions up to, and including, 7.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-4945
CVE-2023-41156A Stored Cross-Site Scripting (XSS) vulnerability in the filter and forward mail tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via the save to new folder named field while creating a new filter.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-41156
CVE-2023-41159A Stored Cross-Site Scripting (XSS) vulnerability while editing the autoreply file page in Usermin 2.000 allows remote attackers to inject arbitrary web script or HTML by editing the forward file manually.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-41159
CVE-2023-41160A Stored Cross-Site Scripting (XSS) vulnerability in the SSH configuration tab in Usermin 2.001 allows remote attackers to inject arbitrary web script or HTML via the key name field while adding an authorized key.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-41160
CVE-2023-42362An arbitrary file upload vulnerability in Teller Web App v.4.4.0 allows a remote attacker to execute arbitrary commands and obtain sensitive information via uploading a crafted file.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-42362
CVE-2023-41592Froala Editor v4.0.1 to v4.1.1 was discovered to contain a cross-site scripting (XSS) vulnerability.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-41592
CVE-2023-4963The WS Facebook Like Box Widget for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'ws-facebook-likebox' shortcode in versions up to, and including, 5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-4963
CVE-2023-37611Cross Site Scripting (XSS) vulnerability in Neos CMS 8.3.3 allows a remote authenticated attacker to execute arbitrary code via a crafted SVG file to the neos/management/media component.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-37611
CVE-2022-41717An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-41717
CVE-2022-3192Improper Input Validation vulnerability in ABB AC500 V2 PM5xx allows Client-Server Protocol Manipulation.This issue affects AC500 V2: from 2.0.0 before 2.8.6.\n\n5.3https://nvd.nist.gov/vuln/detail/CVE-2022-3192
CVE-2023-21939Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Swing). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).5.3https://nvd.nist.gov/vuln/detail/CVE-2023-21939
CVE-2023-32003`fs.mkdtemp()` and `fs.mkdtempSync()` can be used to bypass the permission model check using a path traversal attack. This flaw arises from a missing check in the fs.mkdtemp() API and the impact is a malicious actor could create an arbitrary directory.\n\nThis vulnerability affects all users using the experimental permission model in Node.js 20.\n\nPlease note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-32003
CVE-2023-36674An issue was discovered in MediaWiki before 1.35.11, 1.36.x through 1.38.x before 1.38.7, 1.39.x before 1.39.4, and 1.40.x before 1.40.1. It is possible to bypass the Bad image list (aka badFile) by using the thumb parameter (aka Manualthumb) of the File syntax.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-36674
CVE-2023-40587Pyramid is an open source Python web framework. A path traversal vulnerability in Pyramid versions 2.0.0 and 2.0.1 impacts users of Python 3.11 that are using a Pyramid static view with a full filesystem path and have a `index.html` file that is located exactly one directory above the location of the static view's file system path. No further path traversal exists, and the only file that could be disclosed accidentally is `index.html`. Pyramid version 2.0.2 rejects any path that contains a null-byte out of caution. While valid in directory/file names, we would strongly consider it a mistake to use null-bytes in naming files/directories. Secondly, Python 3.11, and 3.12 has fixed the underlying issue in `os.path.normpath` to no longer truncate on the first `0x00` found, returning the behavior to pre-3.11 Python, un an as of yet unreleased version. Fixes will be available in:Python 3.12.0rc2 and 3.11.5. Some workarounds are available. Use a version of Python 3 that is not affected, downgrade to Python 3.10 series temporarily, or wait until Python 3.11.5 is released and upgrade to the latest version of Python 3.11 series.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-40587
CVE-2023-20897Salt masters prior to 3005.2 or 3006.2 contain a DOS in minion return. After receiving several bad packets on the request server equal to the number of worker threads, the master will become unresponsive to return requests until restarted.\n5.3https://nvd.nist.gov/vuln/detail/CVE-2023-20897
CVE-2023-37367An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor, and Modem (Exynos 9820, Exynos 980, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123. In the NAS Task, an improperly implemented security check for standard can disallow desired services for a while via consecutive NAS messages.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-37367
CVE-2023-34041Cloud foundry routing release versions prior to 0.278.0 are vulnerable to abuse of HTTP Hop-by-Hop Headers. An unauthenticated attacker can use this vulnerability for headers like B3 or X-B3-SpanID to affect the identification value recorded in the logs in foundations.\n5.3https://nvd.nist.gov/vuln/detail/CVE-2023-34041
CVE-2022-22409IBM Aspera Faspex 5.0.5 could allow a remote attacker to gather sensitive information about the web application, caused by an insecure configuration. IBM X-Force ID: 222592.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-22409
CVE-2023-40040An issue was discovered in the MyCrops HiGrade "THC Testing & Cannabi" application 1.0.337 for Android. A remote attacker can start the camera feed via the com.cordovaplugincamerapreview.CameraActivity component in some situations. NOTE: this is only exploitable on Android versions that lack runtime permission checks, and of those only Android SDK 5.1.1 API 22 is consistent with the manifest. Thus, this applies only to Android Lollipop, affecting less than five percent of Android devices as of 2023.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-40040
CVE-2023-36980An issue in Ethereum Blockchain v0.1.1+commit.6ff4cd6 cause the balance to be zeroed out when the value of betsize+casino.balance exceeds the threshold.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-36980
CVE-2023-37489Due to the lack of validation, SAP BusinessObjects Business Intelligence Platform (Version Management System) - version 403, permits an unauthenticated user to read the code snippet through the UI, which leads to low impact on confidentiality and no impact on the application's availability or integrity.\n\n5.3https://nvd.nist.gov/vuln/detail/CVE-2023-37489
CVE-2023-41367Due to missing authentication check in webdynpro application, an unauthorized user in SAP NetWeaver (Guided Procedures) - version 7.50, can gain access to admin view of specific function anonymously. On successful exploitation of vulnerability under specific circumstances, attacker can view user’s email address. There is no integrity/availability impact.\n\n5.3https://nvd.nist.gov/vuln/detail/CVE-2023-41367
CVE-2023-41368The OData service of the S4 HANA (Manage checkbook apps) - versions 102, 103, 104, 105, 106, 107, allows an attacker to change the checkbook name by simulating an update OData call.\n\n5.3https://nvd.nist.gov/vuln/detail/CVE-2023-41368
CVE-2023-36761Microsoft Word Information Disclosure Vulnerability5.3https://nvd.nist.gov/vuln/detail/CVE-2023-36761
CVE-2023-36801DHCP Server Service Information Disclosure Vulnerability5.3https://nvd.nist.gov/vuln/detail/CVE-2023-36801
CVE-2023-38152DHCP Server Service Information Disclosure Vulnerability5.3https://nvd.nist.gov/vuln/detail/CVE-2023-38152
CVE-2023-21520\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nA PII Enumeration via Credential Recovery in the Self Service (Credential Recovery) of BlackBerry AtHoc version 7.15 could allow an attacker to potentially associate a list of contact details with an AtHoc IWS organization.\n5.3https://nvd.nist.gov/vuln/detail/CVE-2023-21520
CVE-2023-41885Piccolo is an ORM and query builder which supports asyncio. In versions 0.120.0 and prior, the implementation of `BaseUser.login` leaks enough information to a malicious user such that they would be able to successfully generate a list of valid users on the platform. As Piccolo on its own does not also enforce strong passwords, these lists of valid accounts are likely to be used in a password spray attack with the outcome being attempted takeover of user accounts on the platform. The impact of this vulnerability is minor as it requires chaining with other attack vectors in order to gain more then simply a list of valid users on the underlying platform. The likelihood of this vulnerability is possible as it requires minimal skills to pull off, especially given the underlying login functionality for Piccolo based sites is open source. This issue has been patched in version 0.121.0.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-41885
CVE-2023-4915The WP User Control plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 1.5.3. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function (in the WP User Control Widget). The function changes the user's password after providing the email. The new password is only sent to the user's email, so the attacker does not have access to the new password.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-4915
CVE-2021-44172An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClientEMS versions 7.0.0 through 7.0.4, 7.0.6 through 7.0.7, in all 6.4 and 6.2 version management interface may allow an unauthenticated attacker to gain information on environment variables such as the EMS installation path.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-44172
CVE-2023-27998A lack of custom error pages vulnerability [CWE-756] in FortiPresence versions 1.2.0 through 1.2.1 and all versions of 1.1 and 1.0 may allow an unauthenticated attacker with the ability to navigate to the login GUI to gain sensitive information via navigating to specific HTTP(s) paths.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-27998
CVE-2023-36551A exposure of sensitive information to an unauthorized actor in Fortinet FortiSIEM version 6.7.0 through 6.7.5 allows attacker to information disclosure via a crafted http request.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-36551
CVE-2023-20190A vulnerability in the classic access control list (ACL) compression feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass the protection that is offered by a configured ACL on an affected device.\r\n\r This vulnerability is due to incorrect destination address range encoding in the compression module of an ACL that is applied to an interface of an affected device. An attacker could exploit this vulnerability by sending traffic through the affected device that should be denied by the configured ACL. A successful exploit could allow the attacker to bypass configured ACL protections on the affected device, allowing the attacker to access trusted networks that the device might be protecting.\r\n\r There are workarounds that address this vulnerability.\r\n\r \r\n\r \r This advisory is part of the September 2023 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see Cisco Event Response: September 2023 Semiannual Cisco IOS XR Software Security Advisory Bundled Publication .5.3https://nvd.nist.gov/vuln/detail/CVE-2023-20190
CVE-2023-42468The com.cutestudio.colordialer application through 2.1.8-2 for Android allows a remote attacker to initiate phone calls without user consent, because of improper export of the com.cutestudio.dialer.activities.DialerActivity component. A third-party application (without any permissions) can craft an intent targeting com.cutestudio.dialer.activities.DialerActivity via the android.intent.action.CALL action in conjunction with a tel: URI, thereby placing a phone call.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-42468
CVE-2023-38206Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints resulting in a low-confidentiality impact. Exploitation of this issue does not require user interaction.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-38206
CVE-2023-37281Contiki-NG is an operating system for internet-of-things devices. In versions 4.9 and prior, when processing the various IPv6 header fields during IPHC header decompression, Contiki-NG confirms the received packet buffer contains enough data as needed for that field. But no similar check is done before decompressing the IPv6 address. Therefore, up to 16 bytes can be read out of bounds on the line with the statement `memcpy(&ipaddr->u8[16 - postcount], iphc_ptr, postcount);`. The value of `postcount` depends on the address compression used in the received packet and can be controlled by the attacker. As a result, an attacker can inject a packet that causes an out-of-bound read. As of time of publication, a patched version is not available. As a workaround, one can apply the changes in Contiki-NG pull request #2509 to patch the system.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-37281
CVE-2023-37459Contiki-NG is an operating system for internet-of-things devices. In versions 4.9 and prior, when a packet is received, the Contiki-NG network stack attempts to start the periodic TCP timer if it is a TCP packet with the SYN flag set. But the implementation does not first verify that a full TCP header has been received. Specifically, the implementation attempts to access the flags field from the TCP buffer in the following conditional expression in the `check_for_tcp_syn` function. For this reason, an attacker can inject a truncated TCP packet, which will lead to an out-of-bound read from the packet buffer. As of time of publication, a patched version is not available. As a workaround, one can apply the changes in Contiki-NG pull request #2510 to patch the system.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-37459
CVE-2023-40788SpringBlade <=V3.6.0 is vulnerable to Incorrect Access Control due to incorrect configuration in the default gateway resulting in unauthorized access to error logs5.3https://nvd.nist.gov/vuln/detail/CVE-2023-40788
CVE-2023-41599An issue in the component /common/DownController.java of JFinalCMS v5.0.0 allows attackers to execute a directory traversal.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-41599
CVE-2023-22041Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK executes to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).5.1https://nvd.nist.gov/vuln/detail/CVE-2023-22041
CVE-2019-14847A flaw was found in samba 4.0.0 before samba 4.9.15 and samba 4.10.x before 4.10.10. An attacker can crash AD DC LDAP server via dirsync resulting in denial of service. Privilege escalation is not possible with this issue.4.9https://nvd.nist.gov/vuln/detail/CVE-2019-14847
CVE-2023-21911Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).4.9https://nvd.nist.gov/vuln/detail/CVE-2023-21911
CVE-2023-21919Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).4.9https://nvd.nist.gov/vuln/detail/CVE-2023-21919
CVE-2023-21920Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).4.9https://nvd.nist.gov/vuln/detail/CVE-2023-21920
CVE-2023-21933Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).4.9https://nvd.nist.gov/vuln/detail/CVE-2023-21933
CVE-2023-21935Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).4.9https://nvd.nist.gov/vuln/detail/CVE-2023-21935
CVE-2023-21945Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).4.9https://nvd.nist.gov/vuln/detail/CVE-2023-21945
CVE-2023-21953Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).4.9https://nvd.nist.gov/vuln/detail/CVE-2023-21953
CVE-2023-21955Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).4.9https://nvd.nist.gov/vuln/detail/CVE-2023-21955
CVE-2023-21962Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.32 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).4.9https://nvd.nist.gov/vuln/detail/CVE-2023-21962
CVE-2023-22008Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).4.9https://nvd.nist.gov/vuln/detail/CVE-2023-22008
CVE-2023-22046Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).4.9https://nvd.nist.gov/vuln/detail/CVE-2023-22046
CVE-2023-22054Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).4.9https://nvd.nist.gov/vuln/detail/CVE-2023-22054
CVE-2023-22056Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).4.9https://nvd.nist.gov/vuln/detail/CVE-2023-22056
CVE-2023-22057Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).4.9https://nvd.nist.gov/vuln/detail/CVE-2023-22057
CVE-2023-3814The Advanced File Manager WordPress plugin before 5.1.1 does not adequately authorize its usage on multisite installations, allowing site admin users to list and read arbitrary files and folders on the server.4.9https://nvd.nist.gov/vuln/detail/CVE-2023-3814
CVE-2023-4879Cross-site Scripting (XSS) - Stored in GitHub repository instantsoft/icms2 prior to 2.16.1.-git.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-4879
CVE-2023-3170The tagDiv Composer WordPress plugin before 4.2, used as a companion by the Newspaper and Newsmag themes from tagDiv, does not validate and escape some settings, which could allow users with Admin privileges to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)4.8https://nvd.nist.gov/vuln/detail/CVE-2023-3170
CVE-2023-4022The Herd Effects WordPress plugin before 5.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)4.8https://nvd.nist.gov/vuln/detail/CVE-2023-4022
CVE-2023-4060The WP Adminify WordPress plugin before 3.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)4.8https://nvd.nist.gov/vuln/detail/CVE-2023-4060
CVE-2023-4039\n\nA failure in the -fstack-protector feature in GCC-based toolchains \nthat target AArch64 allows an attacker to exploit an existing buffer \noverflow in dynamically-sized local variables in your application \nwithout this being detected. This stack-protector failure only applies \nto C99-style dynamically-sized local variables or those created using \nalloca(). The stack-protector operates as intended for statically-sized \nlocal variables.\n\nThe default behavior when the stack-protector \ndetects an overflow is to terminate your application, resulting in \ncontrolled loss of availability. An attacker who can exploit a buffer \noverflow without triggering the stack-protector might be able to change \nprogram flow control to cause an uncontrolled loss of availability or to\n go further and affect confidentiality or integrity.\n\n\n\n\n\n4.8https://nvd.nist.gov/vuln/detail/CVE-2023-4039
CVE-2023-4802A reflected cross-site scripting vulnerability in the UpdateInstalledSoftware endpoint of the Insider Threat Management (ITM) Server's web console could be used by an authenticated administrator to run arbitrary javascript within another web console administrator's browser. All versions prior to 7.14.3.69 are affected.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-4802
CVE-2023-4803A reflected cross-site scripting vulnerability in the WriteWindowTitle endpoint of the Insider Threat Management (ITM) Server's web console could be used by an authenticated administrator to run arbitrary javascript within another web console administrator's browser. All versions prior to 7.14.3.69 are affected.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-4803
CVE-2023-4951A cross site scripting issue was discovered with the pagination function on the "Client-based Authentication Policy Configuration" screen of the GreenRADIUS web admin interface. This issue is found in GreenRADIUS v5.1.1.1 and prior. A fix was included in v5.1.2.2.\n\n\n4.8https://nvd.nist.gov/vuln/detail/CVE-2023-4951
CVE-2023-4965A vulnerability was found in phpipam 1.5.1. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Header Handler. The manipulation of the argument X-Forwarded-Host leads to open redirect. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239732.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-4965
CVE-2023-41626Gradio v3.27.0 was discovered to contain an arbitrary file upload vulnerability via the /upload interface.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-41626
CVE-2023-20569\n\n\nA side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled?address, potentially leading to information disclosure.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n4.7https://nvd.nist.gov/vuln/detail/CVE-2023-20569
CVE-2023-22276Race condition in firmware for some Intel(R) Ethernet Controllers and Adapters E810 Series before version 1.7.2.4 may allow an authenticated user to potentially enable denial of service via local access.4.7https://nvd.nist.gov/vuln/detail/CVE-2023-22276
CVE-2023-36811borgbackup is an opensource, deduplicating archiver with compression and authenticated encryption. A flaw in the cryptographic authentication scheme in borgbackup allowed an attacker to fake archives and potentially indirectly cause backup data loss in the repository. The attack requires an attacker to be able to: 1. insert files (with no additional headers) into backups and 2. gain write access to the repository. This vulnerability does not disclose plaintext to the attacker, nor does it affect the authenticity of existing archives. Creating plausible fake archives may be feasible for empty or small archives, but is unlikely for large archives. The issue has been fixed in borgbackup 1.2.5. Users are advised to upgrade. Additionally to installing the fixed code, users must follow the upgrade procedure as documented in the change log. Data loss after being attacked can be avoided by reviewing the archives (timestamp and contents valid and as expected) after any "borg check --repair" and before "borg prune". There are no known workarounds for this vulnerability.4.7https://nvd.nist.gov/vuln/detail/CVE-2023-36811
CVE-2023-35845Anaconda 3 2023.03-1-Linux allows local users to disrupt TLS certificate validation by modifying the cacert.pem file used by the installed pip program. This occurs because many files are installed as world-writable on Linux, ignoring umask, even when these files are installed as root. Miniconda is also affected.4.7https://nvd.nist.gov/vuln/detail/CVE-2023-35845
CVE-2023-39075Renault Zoe EV 2021 automotive infotainment system versions 283C35202R to 283C35519R (builds 11.10.2021 to 16.01.2023) allows attackers to crash the infotainment system by sending arbitrary USB data via a USB device.4.6https://nvd.nist.gov/vuln/detail/CVE-2023-39075
CVE-2023-39076Injecting random data into the USB memory area on a General Motors (GM) Chevrolet Equinox 2021 Software. 2021.03.26 (build version) vehicle causes a Denial of Service (DoS) in the in-car infotainment system.4.6https://nvd.nist.gov/vuln/detail/CVE-2023-39076
CVE-2023-34469\nAMI AptioV contains a vulnerability in BIOS where an Attacker may use an improper access control via the physical network. A successful exploit of this vulnerability may lead to a loss of confidentiality. 4.6https://nvd.nist.gov/vuln/detail/CVE-2023-34469
CVE-2021-3695A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12.4.5https://nvd.nist.gov/vuln/detail/CVE-2021-3695
CVE-2021-3696A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it's very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12.4.5https://nvd.nist.gov/vuln/detail/CVE-2021-3696
CVE-2023-21940Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.32 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).4.4https://nvd.nist.gov/vuln/detail/CVE-2023-21940
CVE-2023-21947Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.32 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).4.4https://nvd.nist.gov/vuln/detail/CVE-2023-21947
CVE-2023-22005Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).4.4https://nvd.nist.gov/vuln/detail/CVE-2023-22005
CVE-2023-22033Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).4.4https://nvd.nist.gov/vuln/detail/CVE-2023-22033
CVE-2023-22058Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H).4.4https://nvd.nist.gov/vuln/detail/CVE-2023-22058
CVE-2022-27599An insertion of sensitive information into Log file vulnerability has been reported to affect product. If exploited, the vulnerability possibly provides local authenticated administrators with an additional, less-protected path to acquiring the information via unspecified vectors.\n\nWe have already fixed the vulnerability in the following version:\nWindows 10 SP1, Windows 11, Mac OS, and Mac M1: QVR Pro Client 2.3.0.0420 and later\n4.4https://nvd.nist.gov/vuln/detail/CVE-2022-27599
CVE-2023-36736Microsoft Identity Linux Broker Remote Code Execution Vulnerability4.4https://nvd.nist.gov/vuln/detail/CVE-2023-36736
CVE-2021-44141All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink to determine if a file or directory exists in an area of the server file system not exported under the share definition. SMB1 with unix extensions has to be enabled in order for this attack to succeed.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-44141
CVE-2022-32742A flaw was found in Samba. Some SMB1 write requests were not correctly range-checked to ensure the client had sent enough data to fulfill the write, allowing server memory contents to be written into the file (or printer) instead of client-supplied data. The client cannot control the area of the server memory written to the file (or printer).4.3https://nvd.nist.gov/vuln/detail/CVE-2022-32742
CVE-2023-0225A flaw was found in Samba. An incomplete access check on dnsHostName allows authenticated but otherwise unprivileged users to delete this attribute from any object in the directory.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-0225
CVE-2023-32323Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. A malicious user on a Synapse homeserver X with permission to create certain state events can disable outbound federation from X to an arbitrary homeserver Y. Synapse instances with federation disabled are not affected. In versions of Synapse up to and including 1.73, Synapse did not limit the size of `invite_room_state`, meaning that it was possible to create an arbitrarily large invite event. Synapse 1.74 refuses to create oversized `invite_room_state` fields. Server operators should upgrade to Synapse 1.74 or newer urgently.\n\n4.3https://nvd.nist.gov/vuln/detail/CVE-2023-32323
CVE-2023-3622\n Access Control Bypass Vulnerability in the SolarWinds Platform that allows an underprivileged user to read arbitrary resource4.3https://nvd.nist.gov/vuln/detail/CVE-2023-3622
CVE-2023-39418A vulnerability was found in PostgreSQL with the use of the MERGE command, which fails to test new rows against row security policies defined for UPDATE and SELECT. If UPDATE and SELECT policies forbid some rows that INSERT policies do not forbid, a user could store such rows.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-39418
CVE-2023-4269The User Activity Log WordPress plugin before 1.6.6 lacks proper authorisation when exporting its activity logs, allowing any authenticated users, such as subscriber to perform such action and retrieve PII such as email addresses.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-4269
CVE-2023-4777\nAn incorrect permission check in Qualys Container Scanning Connector Plugin 1.6.2.6 and earlier allows attackers with global Item/Configure permission (while lacking Item/Configure permission on any particular job) to enumerate credentials IDs of credentials stored in Jenkins and to connect to an attacker-specified URL using attacker-specified credentials IDs, capturing credentials stored in Jenkins. \n\n4.3https://nvd.nist.gov/vuln/detail/CVE-2023-4777
CVE-2023-4581Excel `.xll` add-in files did not have a blocklist entry in Firefox's executable blocklist which allowed them to be downloaded without any warning of their potential harm. This vulnerability affects Firefox < 117, Firefox ESR < 102.15, Firefox ESR < 115.2, Thunderbird < 102.15, and Thunderbird < 115.2.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-4581
CVE-2023-4630An issue has been discovered in GitLab affecting all versions starting from 10.6 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which any user can read limited information about any project's imports.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-4630
CVE-2023-4307The Lock User Account WordPress plugin through 1.0.3 does not have CSRF check when bulk locking and unlocking accounts, which could allow attackers to make logged in admins lock and unlock arbitrary users via a CSRF attack4.3https://nvd.nist.gov/vuln/detail/CVE-2023-4307
CVE-2023-4318The Herd Effects WordPress plugin before 5.2.4 does not have CSRF when deleting its items, which could allow attackers to make logged in admins delete arbitrary effects via a CSRF attack4.3https://nvd.nist.gov/vuln/detail/CVE-2023-4318
CVE-2023-41369The Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, 107, 108, allows an attacker to upload the XML file as an attachment. When clicked on the XML file in the attachment section, the file gets opened in the browser to cause the entity loops to slow down the browser.\n\n4.3https://nvd.nist.gov/vuln/detail/CVE-2023-41369
CVE-2023-40611Apache Airflow, versions before 2.7.1, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. This could have them alter details such as configuration parameters, start date, etc.\n\nUsers should upgrade to version 2.7.1 or later which has removed the vulnerability.\n4.3https://nvd.nist.gov/vuln/detail/CVE-2023-40611
CVE-2023-36767Microsoft Office Security Feature Bypass Vulnerability4.3https://nvd.nist.gov/vuln/detail/CVE-2023-36767
CVE-2023-4900Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate a permission prompt via a crafted HTML page. (Chromium security severity: Medium)4.3https://nvd.nist.gov/vuln/detail/CVE-2023-4900
CVE-2023-4901Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium)4.3https://nvd.nist.gov/vuln/detail/CVE-2023-4901
CVE-2023-4902Inappropriate implementation in Input in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)4.3https://nvd.nist.gov/vuln/detail/CVE-2023-4902
CVE-2023-4903Inappropriate implementation in Custom Mobile Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)4.3https://nvd.nist.gov/vuln/detail/CVE-2023-4903
CVE-2023-4904Insufficient policy enforcement in Downloads in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Enterprise policy restrictions via a crafted download. (Chromium security severity: Medium)4.3https://nvd.nist.gov/vuln/detail/CVE-2023-4904
CVE-2023-4905Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)4.3https://nvd.nist.gov/vuln/detail/CVE-2023-4905
CVE-2023-4906Insufficient policy enforcement in Autofill in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low)4.3https://nvd.nist.gov/vuln/detail/CVE-2023-4906
CVE-2023-4907Inappropriate implementation in Intents in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low)4.3https://nvd.nist.gov/vuln/detail/CVE-2023-4907
CVE-2023-4908Inappropriate implementation in Picture in Picture in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low)4.3https://nvd.nist.gov/vuln/detail/CVE-2023-4908
CVE-2023-4909Inappropriate implementation in Interstitials in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low)4.3https://nvd.nist.gov/vuln/detail/CVE-2023-4909
CVE-2023-36638An improper privilege management vulnerability [CWE-269] in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions and FortiAnalyzer 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions API may allow a remote and authenticated API admin user to access some system settings such as the mail server settings through the API via a stolen GUI session ID.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-36638
CVE-2023-4948The WooCommerce CVR Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the refresh_order_cvr_data AJAX action in versions up to 6.1.0. This makes it possible for authenticated attackers with contributor-level access and above, to update CVR numbers for orders.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-4948
CVE-2023-39285A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 SP3 (22.24.5800.0) could allow an unauthenticated attacker to perform a Cross Site Request Forgery (CSRF) attack due to insufficient request validation. A successful exploit could allow an attacker to provide a modified URL, potentially enabling them to modify system configuration settings.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-39285
CVE-2023-39286A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2304.102 could allow an unauthenticated attacker to perform a Cross Site Request Forgery (CSRF) attack due to insufficient request validation. A successful exploit could allow an attacker to provide a modified URL, potentially enabling them to modify system configuration settings.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-39286
CVE-2023-4828An improper check for an exceptional condition in the Insider Threat Management (ITM) Server could be used by an attacker to change the configuration of any already-registered agent so that all future agent communications are sent to an attacker-chosen URL. An attacker must first successfully obtain valid agent credentials and target agent hostname. All versions prior to 7.14.3.69 are affected.4.2https://nvd.nist.gov/vuln/detail/CVE-2023-4828
CVE-2023-40725A vulnerability has been identified in QMS Automotive (All versions < V12.39). The affected application returns inconsistent error messages in response to invalid user credentials during login session. This allows an attacker to enumerate usernames, and identify valid usernames.4https://nvd.nist.gov/vuln/detail/CVE-2023-40725
CVE-2023-20867A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.3.9https://nvd.nist.gov/vuln/detail/CVE-2023-20867
CVE-2023-40732A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application does not invalidate the session token on logout. This could allow an attacker to perform session hijacking attacks.3.9https://nvd.nist.gov/vuln/detail/CVE-2023-40732
CVE-2023-21937Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).3.7https://nvd.nist.gov/vuln/detail/CVE-2023-21937
CVE-2023-21938Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).3.7https://nvd.nist.gov/vuln/detail/CVE-2023-21938
CVE-2023-21968Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).3.7https://nvd.nist.gov/vuln/detail/CVE-2023-21968
CVE-2023-22036Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Utility). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L).3.7https://nvd.nist.gov/vuln/detail/CVE-2023-22036
CVE-2023-22045Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).3.7https://nvd.nist.gov/vuln/detail/CVE-2023-22045
CVE-2023-22049Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u371, 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).3.7https://nvd.nist.gov/vuln/detail/CVE-2023-22049
CVE-2023-33229The SolarWinds Platform was susceptible to the Incorrect Input Neutralization Vulnerability. This vulnerability allows a remote adversary with a valid SolarWinds Platform account to append URL parameters to inject passive HTML.3.5https://nvd.nist.gov/vuln/detail/CVE-2023-33229
CVE-2020-14354A possible use-after-free and double-free in c-ares lib version 1.16.0 if ares_destroy() is called prior to ares_getaddrinfo() completing. This flaw possibly allows an attacker to crash the service that uses c-ares lib. The highest threat from this vulnerability is to this service availability.3.3https://nvd.nist.gov/vuln/detail/CVE-2020-14354
CVE-2023-41053Redis is an in-memory database that persists on disk. Redis does not correctly identify keys accessed by `SORT_RO` and as a result may grant users executing this command access to keys that are not explicitly authorized by the ACL configuration. The problem exists in Redis 7.0 or newer and has been fixed in Redis 7.0.13 and 7.2.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.3.3https://nvd.nist.gov/vuln/detail/CVE-2023-41053
CVE-2023-40442A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 15.7.8 and iPadOS 15.7.8, macOS Big Sur 11.7.9, macOS Monterey 12.6.8. An app may be able to read sensitive location information.3.3https://nvd.nist.gov/vuln/detail/CVE-2023-40442
CVE-2023-40218An issue was discovered in the NPU kernel driver in Samsung Exynos Mobile Processor 9820, 980, 2100, 2200, 1280, and 1380. An integer overflow can bypass detection of error cases via a crafted application.3.3https://nvd.nist.gov/vuln/detail/CVE-2023-40218
CVE-2023-42469The com.full.dialer.top.secure.encrypted application through 1.0.1 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.full.dialer.top.secure.encrypted.activities.DialerActivity component.3.3https://nvd.nist.gov/vuln/detail/CVE-2023-42469
CVE-2020-36766An issue was discovered in the Linux kernel before 5.8.6. drivers/media/cec/core/cec-api.c leaks one byte of kernel memory on specific hardware to unprivileged users, because of directly assigning log_addrs with a hole in the struct.3.3https://nvd.nist.gov/vuln/detail/CVE-2020-36766
CVE-2023-22006Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition: 20.3.10, 21.3.6, 22.3.2; Oracle GraalVM for JDK: 17.0.7 and 20.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition, Oracle GraalVM for JDK accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).3.1https://nvd.nist.gov/vuln/detail/CVE-2023-22006
CVE-2023-22048Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).3.1https://nvd.nist.gov/vuln/detail/CVE-2023-22048
CVE-2023-4579Search queries in the default search engine could appear to have been the currently navigated URL if the search query itself was a well formed URL. This could have led to a site spoofing another if it had been maliciously set as the default search engine. This vulnerability affects Firefox < 117.3.1https://nvd.nist.gov/vuln/detail/CVE-2023-4579
CVE-2023-22038Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.33 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).2.7https://nvd.nist.gov/vuln/detail/CVE-2023-22038
CVE-2007-4559Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.https://nvd.nist.gov/vuln/detail/CVE-2007-4559
CVE-2012-2098Algorithmic complexity vulnerability in the sorting algorithms in bzip2 compressing stream (BZip2CompressorOutputStream) in Apache Commons Compress before 1.4.1 allows remote attackers to cause a denial of service (CPU consumption) via a file with many repeating inputs.https://nvd.nist.gov/vuln/detail/CVE-2012-2098
CVE-2013-6370Buffer overflow in the printbuf APIs in json-c before 0.12 allows remote attackers to cause a denial of service via unspecified vectors.https://nvd.nist.gov/vuln/detail/CVE-2013-6370
CVE-2013-6371The hash functionality in json-c before 0.12 allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted JSON data, involving collisions.https://nvd.nist.gov/vuln/detail/CVE-2013-6371
CVE-2023-4516\nA CWE-306: Missing Authentication for Critical Function vulnerability exists in the IGSS Update\nService that could allow a local attacker to change update source, potentially leading to remote\ncode execution when the attacker force an update containing malicious content.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-4516
CVE-2023-2848Movim prior to version 0.22 is affected by a Cross-Site WebSocket Hijacking vulnerability. This was the result of a missing header validation.https://nvd.nist.gov/vuln/detail/CVE-2023-2848
CVE-2021-28485In Ericsson Mobile Switching Center Server (MSC-S) before IS 3.1 CP22, the SIS web application allows relative path traversal via a specific parameter in the https request after authentication, which allows access to files on the system that are not intended to be accessible via the web application.https://nvd.nist.gov/vuln/detail/CVE-2021-28485
CVE-2023-1108A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates.https://nvd.nist.gov/vuln/detail/CVE-2023-1108
CVE-2023-32611A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service.https://nvd.nist.gov/vuln/detail/CVE-2023-32611
CVE-2023-32643A flaw was found in GLib. The GVariant deserialization code is vulnerable to a heap buffer overflow introduced by the fix for CVE-2023-32665. This bug does not affect any released version of GLib, but does affect GLib distributors who followed the guidance of GLib developers to backport the initial fix for CVE-2023-32665.https://nvd.nist.gov/vuln/detail/CVE-2023-32643
CVE-2023-25584An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils.https://nvd.nist.gov/vuln/detail/CVE-2023-25584
CVE-2023-25585A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service.https://nvd.nist.gov/vuln/detail/CVE-2023-25585
CVE-2023-25586A flaw was found in Binutils. A logic fail in the bfd_init_section_decompress_status function may lead to the use of an uninitialized variable that can cause a crash and local denial of service.https://nvd.nist.gov/vuln/detail/CVE-2023-25586
CVE-2023-25588A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service.https://nvd.nist.gov/vuln/detail/CVE-2023-25588
CVE-2023-37756I-doit pro 25 and below and I-doit open 25 and below employ weak password requirements for Administrator account creation. Attackers are able to easily guess users' passwords via a bruteforce attack.https://nvd.nist.gov/vuln/detail/CVE-2023-37756
CVE-2023-39638D-LINK DIR-859 A1 1.05 and A1 1.06B01 Beta01 was discovered to contain a command injection vulnerability via the lxmldbc_system function at /htdocs/cgibin.https://nvd.nist.gov/vuln/detail/CVE-2023-39638
CVE-2023-40869Cross Site Scripting vulnerability in mooSocial mooSocial Software 3.1.6 and 3.1.7 allows a remote attacker to execute arbitrary code via a crafted script to the edit_menu, copuon, and group_categorias functions.https://nvd.nist.gov/vuln/detail/CVE-2023-40869
CVE-2023-38891SQL injection vulnerability in Vtiger CRM v.7.5.0 allows a remote authenticated attacker to escalate privileges via the getQueryColumnsList function in ReportRun.php.https://nvd.nist.gov/vuln/detail/CVE-2023-38891
CVE-2023-39641Active Design psaffiliate before v1.9.8 was discovered to contain a SQL injection vulnerability via the component PsaffiliateGetaffiliatesdetailsModuleFrontController::initContent().https://nvd.nist.gov/vuln/detail/CVE-2023-39641
CVE-2023-4680HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the authentication subkey when using transit secrets engine without convergent encryption. Introduced in 1.6.0 and fixed in 1.14.3, 1.13.7, and 1.12.11.https://nvd.nist.gov/vuln/detail/CVE-2023-4680
CVE-2023-39643Bl Modules xmlfeeds before v3.9.8 was discovered to contain a SQL injection vulnerability via the component SearchApiXml::Xmlfeeds().https://nvd.nist.gov/vuln/detail/CVE-2023-39643
CVE-2023-40984A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Replace in Results file.https://nvd.nist.gov/vuln/detail/CVE-2023-40984
CVE-2023-40985An issue was discovered in Webmin 2.100. The File Manager functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's browser when any file is searched/replaced.https://nvd.nist.gov/vuln/detail/CVE-2023-40985
CVE-2023-40986A stored cross-site scripting (XSS) vulnerability in the Usermin Configuration function of Webmin v2.100 allows attackers to execute arbitrary web sripts or HTML via a crafted payload injected into the Custom field.https://nvd.nist.gov/vuln/detail/CVE-2023-40986
CVE-2023-4977Code Injection in GitHub repository librenms/librenms prior to 23.9.0.https://nvd.nist.gov/vuln/detail/CVE-2023-4977
CVE-2023-4978Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.0.https://nvd.nist.gov/vuln/detail/CVE-2023-4978
CVE-2023-4979Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/librenms prior to 23.9.0.https://nvd.nist.gov/vuln/detail/CVE-2023-4979
CVE-2023-4980Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 23.9.0.https://nvd.nist.gov/vuln/detail/CVE-2023-4980
CVE-2023-4981Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.0.https://nvd.nist.gov/vuln/detail/CVE-2023-4981
CVE-2023-4982Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 23.9.0.https://nvd.nist.gov/vuln/detail/CVE-2023-4982
CVE-2023-4973A vulnerability was found in Academy LMS 6.2 on Windows. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument searched_word/searched_tution_class_type[]/searched_price_type[]/searched_duration[] leads to cross site scripting. The attack can be launched remotely. The identifier VDB-239749 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.https://nvd.nist.gov/vuln/detail/CVE-2023-4973
CVE-2022-20917A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) message processing feature of Cisco Jabber could allow an authenticated, remote attacker to manipulate the content of XMPP messages that are used by the affected application.\r\n This vulnerability is due to the improper handling of nested XMPP messages within requests that are sent to the Cisco Jabber client software. An attacker could exploit this vulnerability by connecting to an XMPP messaging server and sending crafted XMPP messages to an affected Jabber client. A successful exploit could allow the attacker to manipulate the content of XMPP messages, possibly allowing the attacker to cause the Jabber client application to perform unsafe actions.https://nvd.nist.gov/vuln/detail/CVE-2022-20917
CVE-2023-3891Race condition in Lapce v0.2.8 allows an attacker to elevate privileges on the systemhttps://nvd.nist.gov/vuln/detail/CVE-2023-3891
CVE-2023-40982A stored cross-site scripting (XSS) vulnerability in Webmin v2.100 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cloned module name parameter.https://nvd.nist.gov/vuln/detail/CVE-2023-40982
CVE-2023-4974A vulnerability was found in Academy LMS 6.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument price_min/price_max leads to sql injection. The attack may be launched remotely. VDB-239750 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.https://nvd.nist.gov/vuln/detail/CVE-2023-4974
CVE-2023-38039When curl retrieves an HTTP response, it stores the incoming headers so that\nthey can be accessed later via the libcurl headers API.\n\nHowever, curl did not have a limit in how many or how large headers it would\naccept in a response, allowing a malicious server to stream an endless series\nof headers and eventually cause curl to run out of heap memory.https://nvd.nist.gov/vuln/detail/CVE-2023-38039
CVE-2023-32461\nDell PowerEdge BIOS and Dell Precision BIOS contain a buffer overflow vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability, leading to corrupt memory and potentially escalate privileges.  \n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-32461
CVE-2023-4959A flaw was found in Quay. Cross-site request forgery (CSRF) attacks force a user to perform unwanted actions in an application. During the pentest, it was detected that the config-editor page is vulnerable to CSRF. The config-editor page is used to configure the Quay instance. By coercing the victim’s browser into sending an attacker-controlled request from another domain, it is possible to reconfigure the Quay instance (including adding users with admin privileges).https://nvd.nist.gov/vuln/detail/CVE-2023-4959
CVE-2022-3466The version of cri-o as released for Red Hat OpenShift Container Platform 4.9.48, 4.10.31, and 4.11.6 via RHBA-2022:6316, RHBA-2022:6257, and RHBA-2022:6658, respectively, included an incorrect version of cri-o missing the fix for CVE-2022-27652, which was previously fixed in OCP 4.9.41 and 4.10.12 via RHBA-2022:5433 and RHSA-2022:1600. This issue could allow an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. For more details, see https://access.redhat.com/security/cve/CVE-2022-27652.https://nvd.nist.gov/vuln/detail/CVE-2022-3466
CVE-2023-42270Grocy <= 4.0.2 is vulnerable to Cross Site Request Forgery (CSRF).https://nvd.nist.gov/vuln/detail/CVE-2023-42270
CVE-2023-4985A vulnerability classified as critical has been found in Supcon InPlant SCADA up to 20230901. Affected is an unknown function of the file Project.xml. The manipulation leads to improper authentication. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239796. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.https://nvd.nist.gov/vuln/detail/CVE-2023-4985
CVE-2023-4986A vulnerability classified as problematic was found in Supcon InPlant SCADA up to 20230901. Affected by this vulnerability is an unknown functionality of the file Project.xml. The manipulation leads to password hash with insufficient computational effort. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-239797 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.https://nvd.nist.gov/vuln/detail/CVE-2023-4986
CVE-2022-47848An issue was discovered in Bezeq Vtech NB403-IL version BZ_2.02.07.09.13.01 and Vtech IAD604-IL versions BZ_2.02.07.09.13.01, BZ_2.02.07.09.13T, and BZ_2.02.07.09.09T, allows remote attackers to gain sensitive information via rootDesc.xml page of the UPnP service.https://nvd.nist.gov/vuln/detail/CVE-2022-47848
CVE-2023-4988A vulnerability, which was classified as problematic, was found in Bettershop LaikeTui. This affects an unknown part of the file index.php?module=system&action=uploadImg. The manipulation of the argument imgFile leads to unrestricted upload. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-239799.https://nvd.nist.gov/vuln/detail/CVE-2023-4988
CVE-2023-4991A vulnerability was found in NextBX QWAlerter 4.50. It has been rated as critical. Affected by this issue is some unknown functionality of the file QWAlerter.exe. The manipulation leads to unquoted search path. It is possible to launch the attack on the local host. The identifier of this vulnerability is VDB-239804. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.https://nvd.nist.gov/vuln/detail/CVE-2023-4991
CVE-2023-28614Freewill iFIS (aka SMART Trade) 20.01.01.04 allows OS Command Injection via shell metacharacters to a report page.https://nvd.nist.gov/vuln/detail/CVE-2023-28614
CVE-2023-42398An issue in zzCMS v.2023 allows a remote attacker to execute arbitrary code and obtain sensitive information via the ueditor component in controller.php.https://nvd.nist.gov/vuln/detail/CVE-2023-42398
CVE-2023-36472Strapi is an open-source headless content management system. Prior to version 4.11.7, an unauthorized actor can get access to user reset password tokens if they have the configure view permissions. The `/content-manager/relations` route does not remove private fields or ensure that they can't be selected. This issue is fixed in version 4.11.7.https://nvd.nist.gov/vuln/detail/CVE-2023-36472
CVE-2023-36479Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. This issue was patched in version 9.4.52, 10.0.16, 11.0.16 and 12.0.0-beta2.\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-36479
CVE-2023-37263Strapi is the an open-source headless content management system. Prior to version 4.12.1, field level permissions are not respected in the relationship title. If an actor has relationship title and the relationship shows a field they don't have permission to see, the field will still be visible. Version 4.12.1 has a fix for this issue.https://nvd.nist.gov/vuln/detail/CVE-2023-37263
CVE-2023-38507Strapi is the an open-source headless content management system. Prior to version 4.12.1, there is a rate limit on the login function of Strapi's admin screen, but it is possible to circumvent it. Therefore, the possibility of unauthorized login by login brute force attack increases. Version 4.12.1 has a fix for this issue.https://nvd.nist.gov/vuln/detail/CVE-2023-38507
CVE-2023-38706Discourse is an open-source discussion platform. Prior to version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches, a malicious user can create an unlimited number of drafts with very long draft keys which may end up exhausting the resources on the server. The issue is patched in version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches. There are no known workarounds.https://nvd.nist.gov/vuln/detail/CVE-2023-38706
CVE-2023-40018FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.10, FreeSWITCH allows remote users to trigger out of bounds write by offering an ICE candidate with unknown component ID. When an SDP is offered with any ICE candidates with an unknown component ID, FreeSWITCH will make an out of bounds write to its arrays. By abusing this vulnerability, an attacker is able to corrupt FreeSWITCH memory leading to an undefined behavior of the system or a crash of it. Version 1.10.10 contains a patch for this issue.https://nvd.nist.gov/vuln/detail/CVE-2023-40018
CVE-2023-40019FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.10, FreeSWITCH allows authorized users to cause a denial of service attack by sending re-INVITE with SDP containing duplicate codec names. When a call in FreeSWITCH completes codec negotiation, the `codec_string` channel variable is set with the result of the negotiation. On a subsequent re-negotiation, if an SDP is offered that contains codecs with the same names but with different formats, there may be too many codec matches detected by FreeSWITCH leading to overflows of its internal arrays. By abusing this vulnerability, an attacker is able to corrupt stack of FreeSWITCH leading to an undefined behavior of the system or simply crash it. Version 1.10.10 contains a patch for this issue.https://nvd.nist.gov/vuln/detail/CVE-2023-40019
CVE-2023-40167Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the `+` character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. Versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1 contain a patch for this issue. There is no workaround as there is no known exploit scenario.https://nvd.nist.gov/vuln/detail/CVE-2023-40167
CVE-2023-40588Discourse is an open-source discussion platform. Prior to version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches, a malicious user could add a 2FA or security key with a carefully crafted name to their account and cause a denial of service for other users. The issue is patched in version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches. There are no known workarounds.https://nvd.nist.gov/vuln/detail/CVE-2023-40588
CVE-2023-41042Discourse is an open-source discussion platform. Prior to version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches, importing a remote theme loads their assets into memory without enforcing limits for file size or number of files. The issue is patched in version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches. There are no known workarounds.https://nvd.nist.gov/vuln/detail/CVE-2023-41042
CVE-2023-41043Discourse is an open-source discussion platform. Prior to version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches, a malicious admin could create extremely large icons sprites, which would then be cached in each server process. This may cause server processes to be killed and lead to downtime. The issue is patched in version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches. This is only a concern for multisite installations. No action is required when the admins are trusted.https://nvd.nist.gov/vuln/detail/CVE-2023-41043
CVE-2023-41325OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.20 and prior to version 3.22, `shdr_verify_signature` can make a double free. `shdr_verify_signature` used to verify a TA binary before it is loaded. To verify a signature of it, allocate a memory for RSA key. RSA key allocate function (`sw_crypto_acipher_alloc_rsa_public_key`) will try to allocate a memory (which is optee’s heap memory). RSA key is consist of exponent and modulus (represent as variable `e`, `n`) and it allocation is not atomic way, so it may succeed in `e` but fail in `n`. In this case sw_crypto_acipher_alloc_rsa_public_key` will free on `e` and return as it is failed but variable ‘e’ is remained as already freed memory address . `shdr_verify_signature` will free again that memory (which is `e`) even it is freed when it failed allocate RSA key. A patch is available in version 3.22. No known workarounds are available.https://nvd.nist.gov/vuln/detail/CVE-2023-41325
CVE-2023-41880Wasmtime is a standalone runtime for WebAssembly. Wasmtime versions from 10.0.0 to versions 10.02, 11.0.2, and 12.0.1 contain a miscompilation of the WebAssembly `i64x2.shr_s` instruction on x86_64 platforms when the shift amount is a constant value that is larger than 32. Only x86_64 is affected so all other targets are not affected by this. The miscompilation results in the instruction producing an incorrect result, namely the low 32-bits of the second lane of the vector are derived from the low 32-bits of the second lane of the input vector instead of the high 32-bits. The primary impact of this issue is that any WebAssembly program using the `i64x2.shr_s` with a constant shift amount larger than 32 may produce an incorrect result.\n\nThis issue is not an escape from the WebAssembly sandbox. Execution of WebAssembly guest programs will still behave correctly with respect to memory sandboxing and isolation from the host. Wasmtime considers non-spec-compliant behavior as a security issue nonetheless.\n\nThis issue was discovered through fuzzing of Wasmtime's code generator Cranelift.\n\nWasmtime versions 10.0.2, 11.0.2, and 12.0.2 are all patched to no longer have this miscompilation. This issue only affects x86_64 hosts and the only workaround is to either scan for this pattern in wasm modules which is nontrivial or to disable the SIMD proposal for WebAssembly. Users prior to 10.0.0 are unaffected by this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-41880
CVE-2022-3261A flaw was found in OpenStack. Multiple components show plain-text passwords in /var/log/messages during the OpenStack overcloud update run, leading to a disclosure of sensitive information problem.https://nvd.nist.gov/vuln/detail/CVE-2022-3261
CVE-2023-0813A flaw was found in the Network Observability plugin for OpenShift console. Unless the Loki authToken configuration is set to FORWARD mode, authentication is no longer enforced, allowing any user who can connect to the OpenShift Console in an OpenShift cluster to retrieve flows without authentication.https://nvd.nist.gov/vuln/detail/CVE-2023-0813
CVE-2023-0923A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods from other namespaces and applications from making requests to the Jupyter API. This flaw can lead to file content exposure and other issues.https://nvd.nist.gov/vuln/detail/CVE-2023-0923
CVE-2023-41886OpenRefine is a powerful free, open source tool for working with messy data. Prior to version 3.7.5, an arbitrary file read vulnerability allows any unauthenticated user to read a file on a server. Version 3.7.5 fixes this issue.https://nvd.nist.gov/vuln/detail/CVE-2023-41886
CVE-2023-41887OpenRefine is a powerful free, open source tool for working with messy data. Prior to version 3.7.5, a remote code execution vulnerability allows any unauthenticated user to execute code on the server. Version 3.7.5 has a patch for this issue.https://nvd.nist.gov/vuln/detail/CVE-2023-41887
CVE-2023-41889SHIRASAGI is a Content Management System. Prior to version 1.18.0, SHIRASAGI is vulnerable to a Post-Unicode normalization issue. This happens when a logical validation or a security check is performed before a Unicode normalization. The Unicode character equivalent of a character would resurface after the normalization. The fix is initially performing the Unicode normalization and then strip for all whitespaces and then checking for a blank string. This issue has been fixed in version 1.18.0.\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-41889
CVE-2023-41900Jetty is a Java based web server and servlet engine. Versions 9.4.21 through 9.4.51, 10.0.15, and 11.0.15 are vulnerable to weak authentication. If a Jetty `OpenIdAuthenticator` uses the optional nested `LoginService`, and that `LoginService` decides to revoke an already authenticated user, then the current request will still treat the user as authenticated. The authentication is then cleared from the session and subsequent requests will not be treated as authenticated. So a request on a previously authenticated session could be allowed to bypass authentication after it had been rejected by the `LoginService`. This impacts usages of the jetty-openid which have configured a nested `LoginService` and where that `LoginService` will is capable of rejecting previously authenticated users. Versions 9.4.52, 10.0.16, and 11.0.16 have a patch for this issue.https://nvd.nist.gov/vuln/detail/CVE-2023-41900
CVE-2023-42439GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. A SSRF vulnerability exists starting in version 3.2.0, bypassing existing controls on the software. This can allow a user to request internal services for a full read SSRF, returning any data from the internal network. The application is using a whitelist, but the whitelist can be bypassed. The bypass will trick the application that the first host is a whitelisted address, but the browser will use `@` or `%40` as a credential to the host geoserver on port 8080, this will return the data to that host on the response. As of time of publication, no patched version is available.https://nvd.nist.gov/vuln/detail/CVE-2023-42439
CVE-2023-42442JumpServer is an open source bastion host and a professional operation and maintenance security audit system. Starting in version 3.0.0 and prior to versions 3.5.5 and 3.6.4, session replays can download without authentication. Session replays stored in S3, OSS, or other cloud storage are not affected. The api `/api/v1/terminal/sessions/` permission control is broken and can be accessed anonymously. SessionViewSet permission classes set to `[RBACPermission | IsSessionAssignee]`, relation is or, so any permission matched will be allowed. Versions 3.5.5 and 3.6.4 have a fix. After upgrading, visit the api `$HOST/api/v1/terminal/sessions/?limit=1`. The expected http response code is 401 (`not_authenticated`).\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-42442
CVE-2023-36160An issue was discovered in Qubo Smart Plug10A version HSP02_01_01_14_SYSTEM-10 A, allows local attackers to gain sensitive information and other unspecified impact via UART console.https://nvd.nist.gov/vuln/detail/CVE-2023-36160
CVE-2023-41436Cross Site Scripting vulnerability in CSZCMS v.1.3.0 allows a local attacker to execute arbitrary code via a crafted script to the Additional Meta Tag parameter in the Pages Content Menu component.https://nvd.nist.gov/vuln/detail/CVE-2023-41436
CVE-2023-39612A cross-site scripting (XSS) vulnerability in FileBrowser before v2.23.0 allows an authenticated attacker to escalate privileges to Administrator via user interaction with a crafted HTML file or URL.https://nvd.nist.gov/vuln/detail/CVE-2023-39612
CVE-2023-39777A cross-site scripting (XSS) vulnerability in the Admin Control Panel of vBulletin 5.7.5 and 6.0.0 allows attackers to execute arbitrary web scripts or HTML via the /login.php?do=login url parameter.https://nvd.nist.gov/vuln/detail/CVE-2023-39777
CVE-2023-42336An issue in NETIS SYSTEMS WF2409Ev4 v.1.0.1.705 allows a remote attacker to execute arbitrary code and obtain sensitive information via the password parameter in the /etc/shadow.sample component.https://nvd.nist.gov/vuln/detail/CVE-2023-42336
CVE-2023-41157Multiple stored cross-site scripting (XSS) vulnerabilities in Usermin 2.000 allow remote attackers to inject arbitrary web script or HTML via the folder name parameter while creating the folder to manage the folder tab, filter tab, and forward mail tab.https://nvd.nist.gov/vuln/detail/CVE-2023-41157
CVE-2023-5012A vulnerability, which was classified as problematic, was found in Topaz OFD 2.11.0.201. This affects an unknown part of the file C:\\Program Files\\Topaz OFD\\Warsaw\\core.exe of the component Protection Module Warsaw. The manipulation leads to unquoted search path. Attacking locally is a requirement. The identifier VDB-239853 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.https://nvd.nist.gov/vuln/detail/CVE-2023-5012
CVE-2023-5013A vulnerability has been found in Pluck CMS 4.7.18 and classified as problematic. This vulnerability affects unknown code of the file install.php of the component Installation Handler. The manipulation of the argument contents with the input --redacted-- leads to cross site scripting. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. VDB-239854 is the identifier assigned to this vulnerabilityhttps://nvd.nist.gov/vuln/detail/CVE-2023-5013
CVE-2023-5014A vulnerability was found in Sakshi2610 Food Ordering Website 1.0 and classified as critical. This issue affects some unknown processing of the file categoryfood.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239855.https://nvd.nist.gov/vuln/detail/CVE-2023-5014
CVE-2023-5015A vulnerability was found in UCMS 1.4.7. It has been classified as problematic. Affected is an unknown function of the file ajax.php?do=strarraylist. The manipulation of the argument strdefault leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239856.https://nvd.nist.gov/vuln/detail/CVE-2023-5015
CVE-2023-5016A vulnerability was found in spider-flow up to 0.5.0. It has been declared as critical. Affected by this vulnerability is the function DriverManager.getConnection of the file src/main/java/org/spiderflow/controller/DataSourceController.java of the component API. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239857 was assigned to this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-5016
CVE-2023-5017A vulnerability was found in lmxcms up to 1.41. It has been rated as critical. Affected by this issue is some unknown functionality of the file admin.php. The manipulation of the argument lid leads to sql injection. VDB-239858 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.https://nvd.nist.gov/vuln/detail/CVE-2023-5017
CVE-2023-5018A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. This affects an unknown part of the file /classes/Master.php?f=save_category of the component POST Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-239859.https://nvd.nist.gov/vuln/detail/CVE-2023-5018
CVE-2023-5019A vulnerability classified as critical was found in Tongda OA. This vulnerability affects unknown code of the file general/hr/manage/staff_reinstatement/delete.php. The manipulation of the argument REINSTATEMENT_ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-239860.https://nvd.nist.gov/vuln/detail/CVE-2023-5019
CVE-2023-38040A reflected XSS vulnerability exists in Revive Adserver 5.4.1 and earlier versions..https://nvd.nist.gov/vuln/detail/CVE-2023-38040
CVE-2023-5020A vulnerability, which was classified as critical, has been found in 07FLY CRM V2. This issue affects some unknown processing of the file /index.php/sysmanage/Login/login_auth/ of the component Administrator Login Page. The manipulation of the argument account leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239861 was assigned to this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-5020
CVE-2023-5021A vulnerability, which was classified as problematic, was found in SourceCodester AC Repair and Services System 1.0. Affected is an unknown function of the file admin/?page=system_info/contact_information. The manipulation of the argument telephone/mobile/address leads to cross site scripting. It is possible to launch the attack remotely. VDB-239862 is the identifier assigned to this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-5021
CVE-2023-5022A vulnerability has been found in DedeCMS up to 5.7.100 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /include/dialog/select_templets_post.php. The manipulation of the argument activepath leads to absolute path traversal. The associated identifier of this vulnerability is VDB-239863.https://nvd.nist.gov/vuln/detail/CVE-2023-5022
CVE-2023-5023A vulnerability was found in Tongda OA 2017 and classified as critical. Affected by this issue is some unknown functionality of the file general/hr/manage/staff_relatives/delete.php. The manipulation of the argument RELATIVES_ID leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239864.https://nvd.nist.gov/vuln/detail/CVE-2023-5023
CVE-2023-5024A vulnerability was found in Planno 23.04.04. It has been classified as problematic. This affects an unknown part of the component Comment Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239865 was assigned to this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-5024
CVE-2023-5025A vulnerability was found in KOHA up to 23.05.03. It has been declared as problematic. This vulnerability affects unknown code of the file /cgi-bin/koha/catalogue/search.pl of the component MARC. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-239866 is the identifier assigned to this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-5025
CVE-2023-5026A vulnerability classified as problematic has been found in Tongda OA 11.10. Affected is an unknown function of the file /general/ipanel/menu_code.php?MENU_TYPE=FAV. The manipulation of the argument OA_SUB_WINDOW leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239868.https://nvd.nist.gov/vuln/detail/CVE-2023-5026
CVE-2023-5028A vulnerability, which was classified as problematic, has been found in China Unicom TEWA-800G 4.16L.04_CT2015_Yueme. Affected by this issue is some unknown functionality. The manipulation leads to information exposure through debug log file. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. VDB-239870 is the identifier assigned to this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-5028
CVE-2023-5027A vulnerability classified as critical was found in SourceCodester Simple Membership System 1.0. Affected by this vulnerability is an unknown functionality of the file club_validator.php. The manipulation of the argument club leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239869 was assigned to this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-5027
CVE-2023-5029A vulnerability, which was classified as critical, was found in mccms 2.6. This affects an unknown part of the file /category/order/hits/copyright/46/finish/1/list/1. The manipulation with the input '"1 leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239871.https://nvd.nist.gov/vuln/detail/CVE-2023-5029
CVE-2023-5030A vulnerability has been found in Tongda OA up to 11.10 and classified as critical. This vulnerability affects unknown code of the file general/hr/recruit/plan/delete.php. The manipulation of the argument PLAN_ID leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239872.https://nvd.nist.gov/vuln/detail/CVE-2023-5030
CVE-2023-42520Certain WithSecure products allow a remote crash of a scanning engine via unpacking of crafted data files. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.https://nvd.nist.gov/vuln/detail/CVE-2023-42520
CVE-2023-42526Certain WithSecure products allow a remote crash of a scanning engine via decompression of crafted data files. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.https://nvd.nist.gov/vuln/detail/CVE-2023-42526
CVE-2023-42521Certain WithSecure products allow a remote crash of a scanning engine via processing of a compressed file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.https://nvd.nist.gov/vuln/detail/CVE-2023-42521
CVE-2023-42522Certain WithSecure products allow a remote crash of a scanning engine via processing of an import struct in a PE file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.https://nvd.nist.gov/vuln/detail/CVE-2023-42522
CVE-2023-42523Certain WithSecure products allow a remote crash of a scanning engine via unpacking of a PE file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.https://nvd.nist.gov/vuln/detail/CVE-2023-42523
CVE-2023-42524Certain WithSecure products allow an infinite loop in a scanning engine via unspecified file types. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.https://nvd.nist.gov/vuln/detail/CVE-2023-42524
CVE-2023-42525Certain WithSecure products allow an infinite loop in a scanning engine via unspecified file types. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1.https://nvd.nist.gov/vuln/detail/CVE-2023-42525
CVE-2023-43114An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addApplicationFont{FromData], then it can cause the application to crash because of missing length checks.https://nvd.nist.gov/vuln/detail/CVE-2023-43114
CVE-2023-43115In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a documented risk that the IJS server can be specified on a gs command line (the IJS device inherently must execute a command to start the IJS server).https://nvd.nist.gov/vuln/detail/CVE-2023-43115
CVE-2023-41929A DLL hijacking vulnerability in Samsung Memory Card & UFD Authentication Utility PC Software before 1.0.1 could allow a local attacker to escalate privileges. (An attacker must already have user privileges on Windows to exploit this vulnerability.)https://nvd.nist.gov/vuln/detail/CVE-2023-41929
CVE-2023-32187An Allocation of Resources Without Limits or Throttling vulnerability in SUSE k3s allows attackers with access to K3s servers' apiserver/supervisor port (TCP 6443) cause denial of service.\nThis issue affects k3s: from v1.24.0 before v1.24.17+k3s1, from v1.25.0 before v1.25.13+k3s1, from v1.26.0 before v1.26.8+k3s1, from sev1.27.0 before v1.27.5+k3s1, from v1.28.0 before v1.28.1+k3s1.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-32187
CVE-2023-34195An issue was discovered in SystemFirmwareManagementRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. The implementation of the GetImage method retrieves the value of a runtime variable named GetImageProgress, and later uses this value as a function pointer. This variable is wiped out by the same module near the end of the function. By setting this UEFI variable from the OS to point into custom code, an attacker could achieve arbitrary code execution in the DXE phase, before several chipset locks are set.https://nvd.nist.gov/vuln/detail/CVE-2023-34195
CVE-2023-42371Cross Site Scripting vulnerability in Summernote Rich Text Editor v.0.8.18 and before allows a remote attacker to execute arbitrary code via a crafted script to the insert link function in the editor component.https://nvd.nist.gov/vuln/detail/CVE-2023-42371
CVE-2023-42387An issue in TDSQL Chitu management platform v.10.3.19.5.0 allows a remote attacker to obtain sensitive information via get_db_info function in install.php.https://nvd.nist.gov/vuln/detail/CVE-2023-42387
CVE-2023-41595An issue in xui-xray v1.8.3 allows attackers to obtain sensitive information via default password.https://nvd.nist.gov/vuln/detail/CVE-2023-41595
CVE-2023-42320Buffer Overflow vulnerability in Tenda AC10V4 v.US_AC10V4.0si_V16.03.10.13_cn_TDC01 allows a remote attacker to cause a denial of service via the mac parameter in the GetParentControlInfo function.https://nvd.nist.gov/vuln/detail/CVE-2023-42320
CVE-2023-42328An issue in PeppermintLabs Peppermint v.0.2.4 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the hardcoded session cookie.https://nvd.nist.gov/vuln/detail/CVE-2023-42328
CVE-2023-4527A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.https://nvd.nist.gov/vuln/detail/CVE-2023-4527
CVE-2023-4806A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.https://nvd.nist.gov/vuln/detail/CVE-2023-4806
CVE-2023-41030Hard-coded credentials in Juplink RX4-1500 versions V1.0.2 through V1.0.5 allow unauthenticated attackers to log in to the web interface or telnet service as the 'user' user.https://nvd.nist.gov/vuln/detail/CVE-2023-41030
CVE-2023-39043An information leak in YKC Tokushima_awayokocho Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.https://nvd.nist.gov/vuln/detail/CVE-2023-39043
CVE-2023-39058An information leak in THE_B_members card v13.6.1 allows attackers to obtain the channel access token and send crafted messages.https://nvd.nist.gov/vuln/detail/CVE-2023-39058
CVE-2023-42441Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). Starting in version 0.2.9 and prior to version 0.3.10, locks of the type `@nonreentrant("")` or `@nonreentrant('')` do not produce reentrancy checks at runtime. This issue is fixed in version 0.3.10. As a workaround, ensure the lock name is a non-empty string.https://nvd.nist.gov/vuln/detail/CVE-2023-42441
CVE-2023-42443Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). In version 0.3.9 and prior, under certain conditions, the memory used by the builtins `raw_call`, `create_from_blueprint` and `create_copy_of` can be corrupted. For `raw_call`, the argument buffer of the call can be corrupted, leading to incorrect `calldata` in the sub-context. For `create_from_blueprint` and `create_copy_of`, the buffer for the to-be-deployed bytecode can be corrupted, leading to deploying incorrect bytecode.\n\nEach builtin has conditions that must be fulfilled for the corruption to happen. For `raw_call`, the `data` argument of the builtin must be `msg.data` and the `value` or `gas` passed to the builtin must be some complex expression that results in writing to the memory. For `create_copy_of`, the `value` or `salt` passed to the builtin must be some complex expression that results in writing to the memory. For `create_from_blueprint`, either no constructor parameters should be passed to the builtin or `raw_args` should be set to True, and the `value` or `salt` passed to the builtin must be some complex expression that results in writing to the memory.\n\nAs of time of publication, no patched version exists. The issue is still being investigated, and there might be other cases where the corruption might happen. When the builtin is being called from an `internal` function `F`, the issue is not present provided that the function calling `F` wrote to memory before calling `F`. As a workaround, the complex expressions that are being passed as kwargs to the builtin should be cached in memory prior to the call to the builtin.https://nvd.nist.gov/vuln/detail/CVE-2023-42443
CVE-2023-39046An information leak in TonTon-Tei_waiting Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages.https://nvd.nist.gov/vuln/detail/CVE-2023-39046
CVE-2023-41443SQL injection vulnerability in Novel-Plus v.4.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the sort parameter in /sys/menu/list.https://nvd.nist.gov/vuln/detail/CVE-2023-41443
CVE-2023-42446Pow is a authentication and user management solution for Phoenix and Plug-based apps. Starting in version 1.0.14 and prior to version 1.0.34, use of `Pow.Store.Backend.MnesiaCache` is susceptible to session hijacking as expired keys are not being invalidated correctly on startup. A session may expire when all `Pow.Store.Backend.MnesiaCache` instances have been shut down for a period that is longer than a session's remaining TTL. Version 1.0.34 contains a patch for this issue. As a workaround, expired keys, including all expired sessions, can be manually invalidated.https://nvd.nist.gov/vuln/detail/CVE-2023-42446
CVE-2023-42454SQLpage is a SQL-only webapp builder. Someone using SQLpage versions prior to 0.11.1, whose SQLpage instance is exposed publicly, with a database connection string specified in the `sqlpage/sqlpage.json` configuration file (not in an environment variable), with the web_root is the current working directory (the default), and with their database exposed publicly, is vulnerable to an attacker retrieving database connection information from SQLPage and using it to connect to their database directly. Version 0.11.0 fixes this issue. Some workarounds are available. Using an environment variable instead of the configuration file to specify the database connection string prevents exposing it on vulnerable versions. Using a different web root (that is not a parent of the SQLPage configuration directory) fixes the issue. One should also avoid exposing one's database publicly.https://nvd.nist.gov/vuln/detail/CVE-2023-42454
CVE-2021-26837SQL Injection vulnerability in SearchTextBox parameter in Fortra (Formerly HelpSystems) DeliverNow before version 1.2.18, allows attackers to execute arbitrary code, escalate privileges, and gain sensitive information.https://nvd.nist.gov/vuln/detail/CVE-2021-26837
CVE-2023-42399Cross Site Scripting vulnerability in xdsoft.net Jodit Editor v.4.0.0-beta.86 allows a remote attacker to obtain sensitive information via the rich text editor component.https://nvd.nist.gov/vuln/detail/CVE-2023-42399
CVE-2023-26143Versions of the package blamer before 1.0.4 are vulnerable to Arbitrary Argument Injection via the blameByFile() API. The library does not sanitize for user input or validate the given file path conforms to a specific schema, nor does it properly pass command-line flags to the git binary using the double-dash POSIX characters (--) to communicate the end of options.https://nvd.nist.gov/vuln/detail/CVE-2023-26143
CVE-2023-5009An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2.7, all versions starting from 16.3 before 16.3.4. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies. This was a bypass of [CVE-2023-3932](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3932) showing additional impact.https://nvd.nist.gov/vuln/detail/CVE-2023-5009
CVE-2023-41387A SQL injection in the flutter_downloader component through 1.11.1 for iOS allows remote attackers to steal session tokens and overwrite arbitrary files inside the app's container. The internal database of the framework is exposed to the local user if an app uses UIFileSharingEnabled and LSSupportsOpeningDocumentsInPlace properties. As a result, local users can obtain the same attack primitives as remote attackers by tampering with the internal database of the framework on the device.https://nvd.nist.gov/vuln/detail/CVE-2023-41387
CVE-2023-0773The vulnerability exists in Uniview IP Camera due to identification and authentication failure at its web-based management interface. A remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device.\n\nSuccessful exploitation of this vulnerability could allow the attacker to gain complete control of the targeted device.\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-0773
CVE-2023-32184A Insecure Storage of Sensitive Information vulnerability in openSUSE opensuse-welcome allows local attackers to execute code as the user that runs opensuse-welcome if a custom layout is chosen\nThis issue affects opensuse-welcome: from 0.1 before 0.1.9+git.35.4b9444a.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-32184
CVE-2023-32186A Allocation of Resources Without Limits or Throttling vulnerability in SUSE RKE2 allows attackers with access to K3s servers apiserver/supervisor port (TCP 6443) cause denial of service.\nThis issue affects RKE2: from 1.24.0 before 1.24.17+rke2r1, from v1.25.0 before v1.25.13+rke2r1, from v1.26.0 before v1.26.8+rke2r1, from v1.27.0 before v1.27.5+rke2r1, from v1.28.0 before v1.28.1+rke2r1.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-32186
CVE-2023-29245A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, may allow an unauthenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application by sending specially crafted malicious network packets.\n\nMalicious users with extensive knowledge on the underlying system may be able to extract arbitrary information from the DBMS in an uncontrolled way, or to alter its structure and data.\n\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-29245
CVE-2023-2567A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain parameters used in the Query functionality, allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application.\nAuthenticated users can extract arbitrary information from the DBMS in an uncontrolled way.\n\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-2567
CVE-2023-32649A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, allows an unauthenticated attacker to crash the IDS module by sending specially crafted malformed network packets.\n\nDuring the (limited) time window before the IDS module is automatically restarted, network traffic may not be analyzed.\n\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-32649
CVE-2023-23957An authenticated user can see and modify the value for ‘next’ query parameter in Symantec Identity Portal 14.4https://nvd.nist.gov/vuln/detail/CVE-2023-23957
CVE-2023-41834Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Flink Stateful Functions 3.1.0, 3.1.1 and 3.2.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted HTTP requests. Attackers could potentially inject malicious content into the HTTP response that is sent to the user's browser. \n\nUsers should upgrade to Apache Flink Stateful Functions version 3.3.0.https://nvd.nist.gov/vuln/detail/CVE-2023-41834
CVE-2023-4092SQL injection vulnerability in Arconte Áurea, in its 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to read sensitive data from the database, modify data (insert/update/delete), perform database administration operations and, in some cases, execute commands on the operating system.https://nvd.nist.gov/vuln/detail/CVE-2023-4092
CVE-2023-31808Technicolor TG670 10.5.N.9 devices contain multiple accounts with hard-coded passwords. One account has administrative privileges, allowing for unrestricted access over the WAN interface if Remote Administration is enabled.https://nvd.nist.gov/vuln/detail/CVE-2023-31808
CVE-2023-41179A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an attacker to manipulate the module to execute arbitrary commands on an affected installation.\r\n\r\nNote that an attacker must first obtain administrative console access on the target system in order to exploit this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-41179
CVE-2023-4093Reflected and persistent XSS vulnerability in Arconte Áurea, in its 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to inject malicious JavaScript code, compromise the victim's browser and take control of it, redirect the user to malicious domains or access information being viewed by the legitimate user.https://nvd.nist.gov/vuln/detail/CVE-2023-4093
CVE-2023-4094ARCONTE Aurea's authentication system, in its 1.5.0.0 version, could allow an attacker to make incorrect access requests in order to block each legitimate account and cause a denial of service. In addition, a resource has been identified that could allow circumventing the attempt limit set in the login form.https://nvd.nist.gov/vuln/detail/CVE-2023-4094
CVE-2023-4095User enumeration vulnerability in Arconte Áurea 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to obtain a list of registered users in the application, obtaining the necessary information to perform more complex attacks on the platform.https://nvd.nist.gov/vuln/detail/CVE-2023-4095
CVE-2023-4096Weak password recovery mechanism vulnerability in Fujitsu Arconte Áurea version 1.5.0.0, which exploitation could allow an attacker to perform a brute force attack on the emailed PIN number in order to change the password of a legitimate user.https://nvd.nist.gov/vuln/detail/CVE-2023-4096
CVE-2023-3892Improper Restriction of XML External Entity Reference vulnerability in MIM Assistant and Client DICOM RTst Loading modules allows XML Entity Linking / XML External Entities Blowup.\n\n\n\n\nIn order to take advantage of this vulnerability, an attacker must \ncraft a malicious XML document, embed this document into specific 3rd \nparty private RTst metadata tags, transfer the now compromised \nDICOM object to MIM, and force MIM to archive and load the data.\n\nUsers on either version are strongly encouraged to update to an unaffected version (7.2.11+, 7.3.4+).\n\nThis issue was found and analyzed by MIM Software's internal security team.  We are unaware of any proof of concept or actual exploit available in the wild.\n\n\nFor more information, visit https://www.mimsoftware.com/cve-2023-3892 https://www.mimsoftware.com/cve-2023-3892 \n\n\n\n\nThis issue affects MIM Assistant: 7.2.10, 7.3.3; MIM Client: 7.2.10, 7.3.3.\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-3892
CVE-2023-41890Sustainsys.Saml2 library adds SAML2P support to ASP.NET web sites, allowing the web site to act as a SAML2 Service Provider. \nPrior to versions 1.0.3 and 2.9.2, when a response is processed, the issuer of the Identity Provider is not sufficiently validated. This could allow a malicious identity provider to craft a Saml2 response that is processed as if issued by another identity provider. It is also possible for a malicious end user to cause stored state intended for one identity provider to be used when processing the response from another provider. An application is impacted if they rely on any of these features in their authentication/authorization logic: the issuer of the generated identity and claims; or items in the stored request state (AuthenticationProperties). This issue is patched in versions 2.9.2 and 1.0.3. The `AcsCommandResultCreated` notification can be used to add the validation required if an upgrade to patched packages is not possible.https://nvd.nist.gov/vuln/detail/CVE-2023-41890
CVE-2023-42444phonenumber is a library for parsing, formatting and validating international phone numbers. Prior to versions `0.3.3+8.13.9` and `0.2.5+8.11.3`, the phonenumber parsing code may panic due to a panic-guarded out-of-bounds access on the phonenumber string. In a typical deployment of `rust-phonenumber`, this may get triggered by feeding a maliciously crafted phonenumber over the network, specifically the string `.;phone-context=`. Versions `0.3.3+8.13.9` and `0.2.5+8.11.3` contain a patch for this issue. There are no known workarounds.https://nvd.nist.gov/vuln/detail/CVE-2023-42444
CVE-2023-42447blurhash-rs is a pure Rust implementation of Blurhash, software for encoding images into ASCII strings that can be turned into a gradient of colors representing the original image. In version 0.1.1, the blurhash parsing code may panic due to multiple panic-guarded out-of-bounds accesses on untrusted input. In a typical deployment, this may get triggered by feeding a maliciously crafted blurhashes over the network. These may include UTF-8 compliant strings containing multi-byte UTF-8 characters. A patch is available in version 0.2.0, which requires user intervention because of slight API churn. No known workarounds are available.https://nvd.nist.gov/vuln/detail/CVE-2023-42447
CVE-2023-32182A Improper Link Resolution Before File Access ('Link Following') vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 postfix, SUSE openSUSE Leap 15.5 postfix.This issue affects SUSE Linux Enterprise Desktop 15 SP5: before 3.7.3-150500.3.5.1; SUSE Linux Enterprise High Performance Computing 15 SP5: before 3.7.3-150500.3.5.1; openSUSE Leap 15.5 : before 3.7.3-150500.3.5.1.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-32182
CVE-2023-38351MiniTool Partition Wizard 12.8 contains an insecure installation mechanism that allows attackers to achieve remote code execution through a man in the middle attack.https://nvd.nist.gov/vuln/detail/CVE-2023-38351
CVE-2023-38352MiniTool Partition Wizard 12.8 contains an insecure update mechanism that allows attackers to achieve remote code execution through a man in the middle attack.https://nvd.nist.gov/vuln/detail/CVE-2023-38352
CVE-2023-38353MiniTool Power Data Recovery 11.5 contains an insecure in-app payment system that allows attackers to steal highly sensitive information through a man in the middle attack.https://nvd.nist.gov/vuln/detail/CVE-2023-38353
CVE-2023-38354MiniTool Movie Maker 4.1 contains an insecure installation process that allows attackers to achieve remote code execution through a man in the middle attack.https://nvd.nist.gov/vuln/detail/CVE-2023-38354
CVE-2023-38355MiniTool Movie Maker 6.1.0 contains an insecure installation process that allows attackers to achieve remote code execution through a man in the middle attack.https://nvd.nist.gov/vuln/detail/CVE-2023-38355
CVE-2023-38356MiniTool Power Data Recovery 11.6 contains an insecure installation process that allows attackers to achieve remote code execution through a man in the middle attack.https://nvd.nist.gov/vuln/detail/CVE-2023-38356
CVE-2023-42450Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 4.2.0-beta1 and prior to version 4.2.0-rc2, by crafting specific input, attackers can inject arbitrary data into HTTP requests issued by Mastodon. This can be used to perform confused deputy attacks if the server configuration includes `ALLOWED_PRIVATE_ADDRESSES` to allow access to local exploitable services. Version 4.2.0-rc2 has a patch for the issue.https://nvd.nist.gov/vuln/detail/CVE-2023-42450
CVE-2023-42451Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 3.5.14, 4.0.10, 4.1.8, and 4.2.0-rc2, under certain circumstances, attackers can exploit a flaw in domain name normalization to spoof domains they do not own. Versions 3.5.14, 4.0.10, 4.1.8, and 4.2.0-rc2 contain a patch for this issue.https://nvd.nist.gov/vuln/detail/CVE-2023-42451
CVE-2023-42452Mastodon is a free, open-source social network server based on ActivityPub. In versions on the 4.x branch prior to versions 4.0.10, 4.2.8, and 4.2.0-rc2, under certain conditions, attackers can abuse the translation feature to bypass the server-side HTML sanitization, allowing unescaped HTML to execute in the browser. The impact is limited thanks to Mastodon's strict Content Security Policy, blocking inline scripts, etc. However a CSP bypass or loophole could be exploited to execute malicious XSS. Furthermore, it requires user interaction, as this can only occur upon clicking the “Translate” button on a malicious post. Versions 4.0.10, 4.2.8, and 4.2.0-rc2 contain a patch for this issue.https://nvd.nist.gov/vuln/detail/CVE-2023-42452
CVE-2023-22513This High severity RCE (Remote Code Execution) vulnerability was introduced in version 8.0.0 of Bitbucket Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Bitbucket Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Bitbucket Data Center and Server 8.9: Upgrade to a release greater than or equal to 8.9.5 Bitbucket Data Center and Server 8.10: Upgrade to a release greater than or equal to 8.10.5 Bitbucket Data Center and Server 8.11: Upgrade to a release greater than or equal to 8.11.4 Bitbucket Data Center and Server 8.12: Upgrade to a release greater than or equal to 8.12.2 Bitbucket Data Center and Server 8.13: Upgrade to a release greater than or equal to 8.13.1 Bitbucket Data Center and Server 8.14: Upgrade to a release greater than or equal to 8.14.0 Bitbucket Data Center and Server version >= 8.0 and < 8.9: Upgrade to any of the listed fix versions. See the release notes (https://confluence.atlassian.com/bitbucketserver/release-notes). You can download the latest version of Bitbucket Data Center and Server from the download center (https://www.atlassian.com/software/bitbucket/download-archives). This vulnerability was discovered by a private user and reported via our Bug Bounty programhttps://nvd.nist.gov/vuln/detail/CVE-2023-22513
CVE-2023-42793In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possiblehttps://nvd.nist.gov/vuln/detail/CVE-2023-42793
CVE-2023-43566In JetBrains TeamCity before 2023.05.4 stored XSS was possible during nodes configurationhttps://nvd.nist.gov/vuln/detail/CVE-2023-43566
CVE-2023-2995The Leyka WordPress plugin through 3.30.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)https://nvd.nist.gov/vuln/detail/CVE-2023-2995
CVE-2023-4376The Serial Codes Generator and Validator with WooCommerce Support WordPress plugin before 2.4.15 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)https://nvd.nist.gov/vuln/detail/CVE-2023-4376
CVE-2023-40931A SQL injection vulnerability in Nagios XI from version 5.11.0 up to and including 5.11.1 allows authenticated attackers to execute arbitrary SQL commands via the ID parameter in the POST request to /nagiosxi/admin/banner_message-ajaxhelper.phphttps://nvd.nist.gov/vuln/detail/CVE-2023-40931
CVE-2023-40932A Cross-site scripting (XSS) vulnerability in Nagios XI version 5.11.1 and below allows authenticated attackers with access to the custom logo component to inject arbitrary javascript or HTML via the alt-text field. This affects all pages containing the navbar including the login page which means the attacker is able to to steal plaintext credentials.https://nvd.nist.gov/vuln/detail/CVE-2023-40932
CVE-2023-40933A SQL injection vulnerability in Nagios XI v5.11.1 and below allows authenticated attackers with announcement banner configuration privileges to execute arbitrary SQL commands via the ID parameter sent to the update_banner_message() function.https://nvd.nist.gov/vuln/detail/CVE-2023-40933
CVE-2023-40934A SQL injection vulnerability in Nagios XI 5.11.1 and below allows authenticated attackers with privileges to manage host escalations in the Core Configuration Manager to execute arbitrary SQL commands via the host escalation notification settings.https://nvd.nist.gov/vuln/detail/CVE-2023-40934