Published on 27 Sep 2023
SingCERT's Security Bulletin summarises the list of vulnerabilities collated from the National Institute of Standards and Technology (NIST)'s National Vulnerability Database (NVD) in the past week.
The vulnerabilities are tabled based on severity, in accordance to their CVSSv3 base scores:
Critical | vulnerabilities with a base score of 9.0 to 10.0 |
High | vulnerabilities with a base score of 7.0 to 8.9 |
Medium | vulnerabilities with a base score of 4.0 to 6.9 |
Low | vulnerabilities with a base score of 0.1 to 3.9 |
None | vulnerabilities with a base score of 0.0 |
For those vulnerabilities without assigned CVSS scores, please visit NVD for the updated CVSS vulnerability entries.
CVE Number | Description | Base Score | Reference |
---|---|---|---|
CVE-2023-43632 | As noted in the “VTPM.md” file in the eve documentation, “VTPM is a server listening on port 8877 in EVE, exposing limited functionality of the TPM to the clients. VTPM allows clients to execute tpm2-tools binaries from a list of hardcoded options” The communication with this server is done using protobuf, and the data is comprised of 2 parts: 1. Header 2. Data When a connection is made, the server is waiting for 4 bytes of data, which will be the header, and these 4 bytes would be parsed as uint32 size of the actual data to come. Then, in the function “handleRequest” this size is then used in order to allocate a payload on the stack for the incoming data. As this payload is allocated on the stack, this will allow overflowing the stack size allocated for the relevant process with freely controlled data. * An attacker can crash the system. * An attacker can gain control over the system, specifically on the “vtpm_server” process which has very high privileges. | 9.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-43632 |
CVE-2020-35466 | The Blackfire Docker image through 2020-12-14 contains a blank password for the root user. Systems deployed using affected versions of the Blackfire container may allow a remote attacker to achieve root access with a blank password. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-35466 |
CVE-2020-35427 | SQL injection vulnerability in PHPGurukul Employee Record Management System 1.1 allows remote attackers to execute arbitrary SQL commands and bypass authentication. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-35427 |
CVE-2021-36767 | In Digi RealPort through 4.10.490, authentication relies on a challenge-response mechanism that gives access to the server password, making the protection ineffective. An attacker may send an unauthenticated request to the server. The server will reply with a weakly-hashed version of the server's access password. The attacker may then crack this hash offline in order to successfully login to the server. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-36767 |
CVE-2021-43451 | SQL Injection vulnerability exists in PHPGURUKUL Employee Record Management System 1.2 via the Email POST parameter in /forgetpassword.php. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-43451 |
CVE-2021-44966 | SQL injection bypass authentication vulnerability in PHPGURUKUL Employee Record Management System 1.2 via index.php. An attacker can log in as an admin account of this system and can destroy, change or manipulate all sensitive information on the system. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-44966 |
CVE-2022-39135 | Apache Calcite 1.22.0 introduced the SQL operators EXISTS_NODE, EXTRACT_XML, XML_TRANSFORM and EXTRACT_VALUE do not restrict XML External Entity references in their configuration, making them vulnerable to a potential XML External Entity (XXE) attack. Therefore any client exposing these operators, typically by using Oracle dialect (the first three) or MySQL dialect (the last one), is affected by this vulnerability (the extent of it will depend on the user under which the application is running). From Apache Calcite 1.32.0 onwards, Document Type Declarations and XML External Entity resolution are disabled on the impacted operators. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-39135 |
CVE-2021-37782 | Employee Record Management System v 1.2 is vulnerable to SQL Injection via editempprofile.php. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-37782 |
CVE-2022-0194 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ad_addcomment function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15876. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-0194 |
CVE-2022-23121 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parse_entries function. The issue results from the lack of proper error handling when parsing AppleDouble entries. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15819. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-23121 |
CVE-2022-23122 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setfilparams function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15837. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-23122 |
CVE-2022-23123 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getdirparams method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15830. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-23123 |
CVE-2022-23124 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the get_finderinfo method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15870. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-23124 |
CVE-2022-23125 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the copyapplfile function. When parsing the len element, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15869. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-23125 |
CVE-2022-43634 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dsi_writeinit function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-17646. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-43634 |
CVE-2023-30013 | TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the "command" parameter. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30013 |
CVE-2023-2652 | A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. Affected is an unknown function of the file /classes/Master.php?f=delete_item. The manipulation leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228780. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2652 |
CVE-2023-2653 | A vulnerability classified as critical was found in SourceCodester Lost and Found Information System 1.0. Affected by this vulnerability is an unknown functionality of the file items/index.php. The manipulation of the argument cid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228781 was assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2653 |
CVE-2023-2656 | A vulnerability classified as critical has been found in SourceCodester AC Repair and Services System 1.0. Affected is an unknown function of the file /classes/Master.php?f=delete_service. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-228798 is the identifier assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2656 |
CVE-2023-2668 | A vulnerability was found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this issue is the function manager_category of the file admin/?page=categories/manage_category of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-228884. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2668 |
CVE-2023-2669 | A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been classified as critical. This affects an unknown part of the file admin/?page=categories/view_category of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-228885 was assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2669 |
CVE-2023-2670 | A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file admin/?page=user/manage_user. The manipulation leads to improper access controls. The attack can be initiated remotely. VDB-228886 is the identifier assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2670 |
CVE-2023-2672 | A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. Affected is an unknown function of the file items/view.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-228888. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2672 |
CVE-2023-2698 | A vulnerability classified as critical was found in SourceCodester Lost and Found Information System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/?page=items/manage_item of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228979. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2698 |
CVE-2023-2699 | A vulnerability, which was classified as critical, has been found in SourceCodester Lost and Found Information System 1.0. Affected by this issue is some unknown functionality of the file admin/?page=items/view_item of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228980. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2699 |
CVE-2023-3028 | Insufficient authentication in the MQTT backend (broker) allows an attacker to access and even manipulate the telemetry data of the entire fleet of vehicles using the HopeChart HQT-401 telematics unit. Other models are possibly affected too. Multiple vulnerabilities were identified: | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-3028 |
CVE-2023-33592 | Lost and Found Information System v1.0 was discovered to contain a SQL injection vulnerability via the component /php-lfis/admin/?page=system_info/contact_information. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-33592 |
CVE-2023-3619 | A vulnerability was found in SourceCodester AC Repair and Services System 1.0 and classified as critical. This issue affects some unknown processing of the file Master.php?f=save_service of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The identifier VDB-233573 was assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-3619 |
CVE-2023-3657 | A vulnerability, which was classified as critical, has been found in SourceCodester AC Repair and Services System 1.0. This issue affects some unknown processing of the file Master.php?f=save_book of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-234011. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-3657 |
CVE-2023-3658 | A vulnerability, which was classified as critical, was found in SourceCodester AC Repair and Services System 1.0. Affected is an unknown function of the file Master.php?f=delete_book of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-234012. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-3658 |
CVE-2023-3661 | A vulnerability was found in SourceCodester AC Repair and Services System 1.0. It has been classified as critical. This affects an unknown part of the file /classes/Master.php?f=save_inquiry. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-234015. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-3661 |
CVE-2023-3678 | A vulnerability was found in SourceCodester AC Repair and Services System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=delete_inquiry of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-234223. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-3678 |
CVE-2023-3679 | A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /classes/Master.php?f=save_inquiry of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-234224. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-3679 |
CVE-2023-3680 | A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. This affects an unknown part of the file /classes/Master.php?f=save_item of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The identifier VDB-234225 was assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-3680 |
CVE-2023-38408 | The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-38408 |
CVE-2023-3850 | A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=delete_category of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The identifier VDB-235201 was assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-3850 |
CVE-2023-39018 | FFmpeg 0.7.0 and below was discovered to contain a code injection vulnerability in the component net.bramp.ffmpeg.FFmpeg.<constructor>. This vulnerability is exploited via passing an unchecked argument. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-39018 |
CVE-2020-35357 | A buffer overflow can occur when calculating the quantile value using the Statistics Library of GSL (GNU Scientific Library), versions 2.5 and 2.6. Processing a maliciously crafted input data for gsl_stats_quantile_from_sorted_data of the library may lead to unexpected application termination or arbitrary code execution. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-35357 |
CVE-2021-29390 | libjpeg-turbo version 2.0.90 has a heap-based buffer over-read (2 bytes) in decompress_smooth_data in jdcoefct.c. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-29390 |
CVE-2021-32292 | An issue was discovered in json-c from 20200420 (post 0.14 unreleased code) through 0.15-20200726. A stack-buffer-overflow exists in the auxiliary sample program json_parse which is located in the function parseit. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-32292 |
CVE-2022-48565 | An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-48565 |
CVE-2023-39352 | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an invalid offset validation leading to Out Of Bound Write. This can be triggered when the values `rect->left` and `rect->top` are exactly equal to `surface->width` and `surface->height`. eg. `rect->left` == `surface->width` && `rect->top` == `surface->height`. In practice this should cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-39352 |
CVE-2023-40186 | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an IntegerOverflow leading to Out-Of-Bound Write Vulnerability in the `gdi_CreateSurface` function. This issue affects FreeRDP based clients only. FreeRDP proxies are not affected as image decoding is not done by a proxy. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40186 |
CVE-2023-40567 | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `clear_decompress_bands_data` function in which there is no offset validation. Abuse of this vulnerability may lead to an out of bounds write. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. there are no known workarounds for this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40567 |
CVE-2023-40569 | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `progressive_decompress` function. This issue is likely down to incorrect calculations of the `nXSrc` and `nYSrc` variables. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. there are no known workarounds for this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40569 |
CVE-2023-41910 | An issue was discovered in lldpd before 1.0.17. By crafting a CDP PDU packet with specific CDP_TLV_ADDRESSES TLVs, a malicious actor can remotely force the lldpd daemon to perform an out-of-bounds read on heap memory. This occurs in cdp_decode in daemon/protocols/cdp.c. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41910 |
CVE-2023-37756 | I-doit pro 25 and below and I-doit open 25 and below employ weak password requirements for Administrator account creation. Attackers are able to easily guess users' passwords via a bruteforce attack. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-37756 |
CVE-2023-39638 | D-LINK DIR-859 A1 1.05 and A1 1.06B01 Beta01 was discovered to contain a command injection vulnerability via the lxmldbc_system function at /htdocs/cgibin. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-39638 |
CVE-2023-39641 | Active Design psaffiliate before v1.9.8 was discovered to contain a SQL injection vulnerability via the component PsaffiliateGetaffiliatesdetailsModuleFrontController::initContent(). | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-39641 |
CVE-2023-39643 | Bl Modules xmlfeeds before v3.9.8 was discovered to contain a SQL injection vulnerability via the component SearchApiXml::Xmlfeeds(). | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-39643 |
CVE-2023-4974 | A vulnerability was found in Academy LMS 6.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument price_min/price_max leads to sql injection. The attack may be launched remotely. VDB-239750 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4974 |
CVE-2023-4673 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sanalogy Turasistan allows SQL Injection.This issue affects Turasistan: before 20230911 . | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4673 |
CVE-2023-4830 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tura Signalix allows SQL Injection.This issue affects Signalix: 7T_0228. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4830 |
CVE-2023-4231 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Cevik Informatics Online Payment System allows SQL Injection.This issue affects Online Payment System: before 4.09. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4231 |
CVE-2023-4670 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Innosa Probbys allows SQL Injection.This issue affects Probbys: before 2. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4670 |
CVE-2023-4831 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ncode Ncep allows SQL Injection.This issue affects Ncep: before 20230914 . | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4831 |
CVE-2023-4661 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saphira Saphira Connect allows SQL Injection.This issue affects Saphira Connect: before 9. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4661 |
CVE-2023-4662 | Execution with Unnecessary Privileges vulnerability in Saphira Saphira Connect allows Remote Code Inclusion.This issue affects Saphira Connect: before 9. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4662 |
CVE-2023-4833 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Besttem Network Marketing Software allows SQL Injection.This issue affects Network Marketing Software: before 1.0.2309.6. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4833 |
CVE-2023-4835 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in CF Software Oil Management Software allows SQL Injection.This issue affects Oil Management Software: before 20230912 . | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4835 |
CVE-2023-4988 | A vulnerability, which was classified as problematic, was found in Bettershop LaikeTui. This affects an unknown part of the file index.php?module=system&action=uploadImg. The manipulation of the argument imgFile leads to unrestricted upload. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-239799. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4988 |
CVE-2023-28614 | Freewill iFIS (aka SMART Trade) 20.01.01.04 allows OS Command Injection via shell metacharacters to a report page. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28614 |
CVE-2023-42398 | An issue in zzCMS v.2023 allows a remote attacker to execute arbitrary code and obtain sensitive information via the ueditor component in controller.php. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-42398 |
CVE-2023-38507 | Strapi is the an open-source headless content management system. Prior to version 4.12.1, there is a rate limit on the login function of Strapi's admin screen, but it is possible to circumvent it. Therefore, the possibility of unauthorized login by login brute force attack increases. Version 4.12.1 has a fix for this issue. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-38507 |
CVE-2023-0923 | A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods from other namespaces and applications from making requests to the Jupyter API. This flaw can lead to file content exposure and other issues. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0923 |
CVE-2023-41887 | OpenRefine is a powerful free, open source tool for working with messy data. Prior to version 3.7.5, a remote code execution vulnerability allows any unauthenticated user to execute code on the server. Version 3.7.5 has a patch for this issue. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41887 |
CVE-2023-42336 | An issue in NETIS SYSTEMS WF2409Ev4 v.1.0.1.705 allows a remote attacker to execute arbitrary code and obtain sensitive information via the password parameter in the /etc/shadow.sample component. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-42336 |
CVE-2023-5014 | A vulnerability was found in Sakshi2610 Food Ordering Website 1.0 and classified as critical. This issue affects some unknown processing of the file categoryfood.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239855. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5014 |
CVE-2023-5016 | A vulnerability was found in spider-flow up to 0.5.0. It has been declared as critical. Affected by this vulnerability is the function DriverManager.getConnection of the file src/main/java/org/spiderflow/controller/DataSourceController.java of the component API. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239857 was assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5016 |
CVE-2023-5017 | A vulnerability was found in lmxcms up to 1.41. It has been rated as critical. Affected by this issue is some unknown functionality of the file admin.php. The manipulation of the argument lid leads to sql injection. VDB-239858 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5017 |
CVE-2023-5018 | A vulnerability classified as critical has been found in SourceCodester Lost and Found Information System 1.0. This affects an unknown part of the file /classes/Master.php?f=save_category of the component POST Parameter Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-239859. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5018 |
CVE-2023-5019 | A vulnerability classified as critical was found in Tongda OA. This vulnerability affects unknown code of the file general/hr/manage/staff_reinstatement/delete.php. The manipulation of the argument REINSTATEMENT_ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-239860. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5019 |
CVE-2023-5020 | A vulnerability, which was classified as critical, has been found in 07FLY CRM V2. This issue affects some unknown processing of the file /index.php/sysmanage/Login/login_auth/ of the component Administrator Login Page. The manipulation of the argument account leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239861 was assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5020 |
CVE-2023-43115 | In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote code execution via crafted PostScript documents because they can switch to the IJS device, or change the IjsServer parameter, after SAFER has been activated. NOTE: it is a documented risk that the IJS server can be specified on a gs command line (the IJS device inherently must execute a command to start the IJS server). | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43115 |
CVE-2023-42320 | Buffer Overflow vulnerability in Tenda AC10V4 v.US_AC10V4.0si_V16.03.10.13_cn_TDC01 allows a remote attacker to cause a denial of service via the mac parameter in the GetParentControlInfo function. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-42320 |
CVE-2023-41030 | Hard-coded credentials in Juplink RX4-1500 versions V1.0.2 through V1.0.5 allow unauthenticated attackers to log in to the web interface or telnet service as the 'user' user. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41030 |
CVE-2021-26837 | SQL Injection vulnerability in SearchTextBox parameter in Fortra (Formerly HelpSystems) DeliverNow before version 1.2.18, allows attackers to execute arbitrary code, escalate privileges, and gain sensitive information. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-26837 |
CVE-2023-5009 | An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2.7, all versions starting from 16.3 before 16.3.4. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies. This was a bypass of [CVE-2023-3932](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3932) showing additional impact. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5009 |
CVE-2023-0773 | The vulnerability exists in Uniview IP Camera due to identification and authentication failure at its web-based management interface. A remote attacker could exploit this vulnerability by sending specially crafted HTTP requests to the vulnerable device. Successful exploitation of this vulnerability could allow the attacker to gain complete control of the targeted device. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0773 |
CVE-2023-4092 | SQL injection vulnerability in Arconte Áurea, in its 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to read sensitive data from the database, modify data (insert/update/delete), perform database administration operations and, in some cases, execute commands on the operating system. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4092 |
CVE-2023-42793 | In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-42793 |
CVE-2023-25528 | NVIDIA DGX H100 baseboard management controller (BMC) contains a vulnerability in a web server plugin, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25528 |
CVE-2023-25530 | NVIDIA DGX H100 BMC contains a vulnerability in the KVM service, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, and information disclosure. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25530 |
CVE-2023-25531 | NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient protection of credentials. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and escalation of privileges. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25531 |
CVE-2023-25533 | NVIDIA DGX H100 BMC contains a vulnerability in the web UI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to information disclosure, code execution, and escalation of privileges. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25533 |
CVE-2023-25534 | NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25534 |
CVE-2023-31009 | NVIDIA DGX H100 BMC contains a vulnerability in the REST service, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, and information disclosure. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-31009 |
CVE-2023-4853 | A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security policy altogether, resulting in unauthorized endpoint access and possibly a denial of service. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4853 |
CVE-2019-19450 | paraparser in ReportLab before 3.5.31 allows remote code execution because start_unichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with '<unichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-19450 |
CVE-2023-43196 | D-Link DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the zn_jb parameter in the arp_sys.asp function. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43196 |
CVE-2023-43197 | D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the fn parameter in the tgfile.asp function. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43197 |
CVE-2023-43198 | D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the popupId parameter in the H5/hi_block.asp function. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43198 |
CVE-2023-43199 | D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the prev parameter in the H5/login.cgi function. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43199 |
CVE-2023-43200 | D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the id parameter in the yyxz.data function. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43200 |
CVE-2023-43201 | D-Link device DI-7200GV2.E1 v21.04.09E1 was discovered to contain a stack overflow via the hi_up parameter in the qos_ext.asp function. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43201 |
CVE-2023-43202 | D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function pcap_download_handler. This vulnerability allows attackers to execute arbitrary commands via the update.device.packet-capture.tftp-file-name parameter. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43202 |
CVE-2023-43203 | D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a stack overflow vulnerability in the function update_users. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43203 |
CVE-2023-43204 | D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function sub_2EF50. This vulnerability allows attackers to execute arbitrary commands via the manual-time-string parameter. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43204 |
CVE-2023-43206 | D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function web_cert_download_handler. This vulnerability allows attackers to execute arbitrary commands via the certDownload parameter. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43206 |
CVE-2023-43207 | D-LINK DWL-6610 FW_v_4.3.0.8B003C was discovered to contain a command injection vulnerability in the function config_upload_handler. This vulnerability allows attackers to execute arbitrary commands via the configRestore parameter. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43207 |
CVE-2023-43478 | fake_upload.cgi on the Telstra Smart Modem Gen 2 (Arcadyan LH1000), firmware versions < 0.18.15r, allows unauthenticated attackers to upload firmware images and configuration backups, which could allow them to alter the firmware or the configuration on the device, ultimately leading to code execution as root. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43478 |
CVE-2023-42464 | A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. When parsing Spotlight RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the underlying protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a malicious actor may be able to fully control the value of the pointer and theoretically achieve Remote Code Execution on the host. This issue is similar to CVE-2023-34967. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-42464 |
CVE-2023-2262 | A buffer overflow vulnerability exists in the Rockwell Automation select 1756-EN* communication devices. If exploited, a threat actor could potentially leverage this vulnerability to perform a remote code execution. To exploit this vulnerability, a threat actor would have to send a maliciously crafted CIP request to device. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2262 |
CVE-2023-5074 | Use of a static key to protect a JWT token used in user authentication can allow an for an authentication bypass in D-Link D-View 8 v2.0.1.28 | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5074 |
CVE-2023-40619 | phpPgAdmin 7.14.4 and earlier is vulnerable to deserialization of untrusted data which may lead to remote code execution because user-controlled data is directly passed to the PHP 'unserialize()' function in multiple places. An example is the functionality to manage tables in 'tables.php' where the 'ma[]' POST parameter is deserialized. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40619 |
CVE-2023-43371 | Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the numcaselle parameter at /hoteldruid/creaprezzi.php. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43371 |
CVE-2023-43373 | Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the n_utente_agg parameter at /hoteldruid/interconnessioni.php. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43373 |
CVE-2023-43374 | Hoteldruid v3.0.5 was discovered to contain a SQL injection vulnerability via the id_utente_log parameter at /hoteldruid/personalizza.php. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43374 |
CVE-2023-43375 | Hoteldruid v3.0.5 was discovered to contain multiple SQL injection vulnerabilities at /hoteldruid/clienti.php via the annonascita, annoscaddoc, giornonascita, giornoscaddoc, lingua_cli, mesenascita, and mesescaddoc parameters. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43375 |
CVE-2023-43134 | There is an unauthorized access vulnerability in Netis 360RAC1200 v1.3.4517, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43134 |
CVE-2023-42322 | Insecure Permissions vulnerability in icmsdev iCMS v.7.0.16 allows a remote attacker to obtain sensitive information. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-42322 |
CVE-2023-34575 | SQL injection vulnerability in PrestaShop opartsavecart through 2.0.7 allows remote attackers to run arbitrary SQL commands via OpartSaveCartDefaultModuleFrontController::initContent() and OpartSaveCartDefaultModuleFrontController::displayAjaxSendCartByEmail() methods. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-34575 |
CVE-2023-36109 | Buffer Overflow vulnerability in JerryScript version 3.0, allows remote attackers to execute arbitrary code via ecma_stringbuilder_append_raw component at /jerry-core/ecma/base/ecma-helpers-string.c. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36109 |
CVE-2023-39675 | SimpleImportProduct Prestashop Module v6.2.9 was discovered to contain a SQL injection vulnerability via the key parameter at send.php. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-39675 |
CVE-2023-43135 | There is an unauthorized access vulnerability in TP-LINK ER5120G 4.0 2.0.0 Build 210817 Rel.80868n, which allows attackers to obtain sensitive information of the device without authentication, obtain user tokens, and ultimately log in to the device backend management. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43135 |
CVE-2015-5467 | web\\ViewAction in Yii (aka Yii2) 2.x before 2.0.5 allows attackers to execute any local .php file via a relative path in the view parameeter. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2015-5467 |
CVE-2023-4291 | Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a remote code execution (RCE) vulnerability via manipulated parameters of the web interface without authentication. This could lead to a full compromise of the FDS101 device. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4291 |
CVE-2023-4760 | In Eclipse RAP versions from 3.0.0 up to and including 3.25.0, Remote Code Execution is possible on Windows when using the FileUpload component. The reason for this is a not completely secure extraction of the file name in the FileUploadProcessor.stripFileName(String name) method. As soon as this finds a / in the path, everything before it is removed, but potentially \\ (backslashes) coming further back are kept. For example, a file name such as /..\\..\\webapps\\shell.war can be used to upload a file to a Tomcat server under Windows, which is then saved as ..\\..\\webapps\\shell.war in its webapps directory and can then be executed. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4760 |
CVE-2023-43235 | D-Link DIR-823G v1.0.2B05 was discovered to contain a stack overflow via parameter StartTime and EndTime in SetWifiDownSettings. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43235 |
CVE-2023-43236 | D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter statuscheckpppoeuser in dir_setWanWifi. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43236 |
CVE-2023-43237 | D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter macCloneMac in setMAC. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43237 |
CVE-2023-43238 | D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter nvmacaddr in form2Dhcpip.cgi. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43238 |
CVE-2023-43239 | D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter flag_5G in showMACfilterMAC. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43239 |
CVE-2023-43240 | D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter sip_address in ipportFilter. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43240 |
CVE-2023-43241 | D-Link DIR-823G v1.0.2B05 was discovered to contain a stack overflow via parameter TXPower and GuardInt in SetWLanRadioSecurity. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43241 |
CVE-2023-43242 | D-Link DIR-816 A2 v1.10CNB05 was discovered to contain a stack overflow via parameter removeRuleList in form2IPQoSTcDel. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43242 |
CVE-2023-34577 | SQL injection vulnerability in Prestashop opartplannedpopup 1.4.11 and earlier allows remote attackers to run arbitrary SQL commands via OpartPlannedPopupModuleFrontController::prepareHook() method. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-34577 |
CVE-2023-42807 | Frappe LMS is an open source learning management system. In versions 1.0.0 and prior, on the People Page of LMS, there was an SQL Injection vulnerability. The issue has been fixed in the `main` branch. Users won't face this issue if they are using the latest main branch of the app. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-42807 |
CVE-2023-42279 | Dreamer CMS 4.1.3 is vulnerable to SQL Injection. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-42279 |
CVE-2023-42810 | systeminformation is a System Information Library for Node.JS. Versions 5.0.0 through 5.21.6 have a SSID Command Injection Vulnerability. The problem was fixed with a parameter check in version 5.21.7. As a workaround, check or sanitize parameter strings that are passed to `wifiConnections()`, `wifiNetworks()` (string only). | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-42810 |
CVE-2023-41993 | The issue was addressed with improved checks. This issue is fixed in iOS 16.7 and iPadOS 16.7, iOS 17.0.1 and iPadOS 17.0.1, Safari 16.6.1. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41993 |
CVE-2023-34576 | SQL injection vulnerability in updatepos.php in PrestaShop opartfaq through 1.0.3 allows remote attackers to run arbitrary SQL commands via unspedified vector. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-34576 |
CVE-2023-43128 | D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulnerable to command injection due to lax filtering of HTTP_ST parameters. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43128 |
CVE-2023-31719 | FUXA <= 1.1.12 is vulnerable to SQL Injection via /api/signin. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-31719 |
CVE-2023-23363 | A buffer copy without checking size of input vulnerability has been reported to affect QNAP operating system. If exploited, the vulnerability possibly allows remote users to execute code via unspecified vectors. We have already fixed the vulnerability in the following versions: QTS 4.3.6.2441 build 20230621 and later QTS 4.3.3.2420 build 20230621 and later QTS 4.2.6 build 20230621 and later QTS 4.3.4.2451 build 20230621 and later | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23363 |
CVE-2023-23364 | A buffer copy without checking size of input vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote users to execute code via unspecified vectors. We have already fixed the vulnerability in the following versions: Multimedia Console 2.1.1 ( 2023/03/29 ) and later Multimedia Console 1.4.7 ( 2023/03/20 ) and later | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23364 |
CVE-2023-43762 | Certain WithSecure products allow Unauthenticated Remote Code Execution via the web server (backend), issue 1 of 2. This affects WithSecure Policy Manager 15 and Policy Manager Proxy 15. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43762 |
CVE-2023-43764 | Certain WithSecure products allow Unauthenticated Remote Code Execution via the web server (backend), issue 2 of 2. This affects WithSecure Policy Manager 15 on Windows and Linux. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43764 |
CVE-2022-4039 | A flaw was found in Red Hat Single Sign-On for OpenShift container images, which are configured with an unsecured management interface enabled. This flaw allows an attacker to use this interface to deploy malicious code and access and modify potentially sensitive information in the app server configuration. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-4039 |
CVE-2023-43144 | Projectworldsl Assets-management-system-in-php 1.0 is vulnerable to SQL Injection via the "id" parameter in delete.php. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43144 |
CVE-2023-43270 | dst-admin v1.5.0 was discovered to contain a remote command execution (RCE) vulnerability via the userId parameter at /home/playerOperate. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43270 |
CVE-2023-40989 | SQL injection vulnerbility in jeecgboot jeecg-boot v 3.0, 3.5.3 that allows a remote attacker to execute arbitrary code via a crafted request to the report/jeecgboot/jmreport/queryFieldBySql component. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40989 |
CVE-2023-43129 | D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulnerable to command injection due to lax filtering of REMOTE_PORT parameters. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43129 |
CVE-2023-43130 | D-LINK DIR-806 1200M11AC wireless router DIR806A1_FW100CNb11 is vulnerable to command injection. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43130 |
CVE-2023-43338 | Cesanta mjs v2.20.0 was discovered to contain a function pointer hijacking vulnerability via the function mjs_get_ptr(). This vulnerability allows attackers to execute arbitrary code via a crafted input. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43338 |
CVE-2023-43468 | SQL injection vulnerability in janobe Online Job Portal v.2020 allows a remote attacker to execute arbitrary code via the login.php component. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43468 |
CVE-2023-43469 | SQL injection vulnerability in janobe Online Job Portal v.2020 allows a remote attacker to execute arbitrary code via the ForPass.php component. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43469 |
CVE-2023-43470 | SQL injection vulnerability in janobe Online Voting System v.1.0 allows a remote attacker to execute arbitrary code via the checklogin.php component. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43470 |
CVE-2023-41294 | The DP module has a service hijacking vulnerability.Successful exploitation of this vulnerability may affect some Super Device services. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41294 |
CVE-2023-41297 | Vulnerability of defects introduced in the design process in the HiviewTunner module. Successful exploitation of this vulnerability may cause service hijacking. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41297 |
CVE-2023-41419 | An issue in Gevent Gevent before version 23.9.1 allows a remote attacker to escalate privileges via a crafted script to the WSGIServer component. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41419 |
CVE-2022-48605 | Input verification vulnerability in the fingerprint module. Successful exploitation of this vulnerability will affect confidentiality, integrity, and availability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-48605 |
CVE-2023-43131 | General Device Manager 2.5.2.2 is vulnerable to Buffer Overflow. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43131 |
CVE-2023-0625 | Docker Desktop before 4.12.0 is vulnerable to RCE via a crafted extension description or changelog. This issue affects Docker Desktop: before 4.12.0. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0625 |
CVE-2023-0626 | Docker Desktop before 4.12.0 is vulnerable to RCE via query parameters in message-box route. This issue affects Docker Desktop: before 4.12.0. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0626 |
CVE-2023-32284 | An out-of-bounds write vulnerability exists in the tiff_planar_adobe functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-32284 |
CVE-2023-32614 | A heap-based buffer overflow vulnerability exists in the create_png_object functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-32614 |
CVE-2023-35002 | A heap-based buffer overflow vulnerability exists in the pictwread functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-35002 |
CVE-2023-39453 | A use-after-free vulnerability exists in the tif_parse_sub_IFD functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to arbitrary code execution. An attacker can deliver file to trigger this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-39453 |
CVE-2023-40163 | An out-of-bounds write vulnerability exists in the allocate_buffer_for_jpeg_decoding functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40163 |
CVE-2023-43141 | TOTOLINK A3700R V9.1.2u.6134_B20201202 and N600R V5.3c.5137 are vulnerable to Incorrect Access Control. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43141 |
CVE-2023-4490 | The WP Job Portal WordPress plugin through 2.0.3 does not sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4490 |
CVE-2023-4521 | The Import XML and RSS Feeds WordPress plugin before 2.1.5 contains a web shell, allowing unauthenticated attackers to perform RCE. The plugin/vendor was not compromised and the files are the result of running a PoC for a previously reported issue (https://wpscan.com/vulnerability/d4220025-2272-4d5f-9703-4b2ac4a51c42) and not deleting the created files when releasing the new version. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4521 |
CVE-2023-39640 | UpLight cookiebanner before 1.5.1 was discovered to contain a SQL injection vulnerability via the component Hook::getHookModuleExecList(). | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-39640 |
CVE-2023-43644 | Sing-box is an open source proxy system. Affected versions are subject to an authentication bypass when specially crafted requests are sent to sing-box. This affects all SOCKS5 inbounds with user authentication and an attacker may be able to bypass authentication. Users are advised to update to sing-box 1.4.4 or to 1.5.0-rc.4. Users unable to update should not expose the SOCKS5 inbound to insecure environments. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43644 |
CVE-2023-43457 | An issue in Service Provider Management System v.1.0 allows a remote attacker to gain privileges via the ID parameter in the /php-spms/admin/?page=user/ endpoint. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43457 |
CVE-2023-36735 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | 9.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-36735 |
CVE-2023-38888 | Cross Site Scripting vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the REST API module, related to analyseVarsForSqlAndScriptsInjection and testSqlAndScriptInject. | 9.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-38888 |
CVE-2023-40260 | EmpowerID before 7.205.0.1 allows an attacker to bypass an MFA (multi factor authentication) requirement if the first factor (username and password) is known, because the first factor is sufficient to change an account's email address, and the product would then send MFA codes to the new email address (which may be attacker-controlled). NOTE: this is different from CVE-2023-4177, which claims to be about "some unknown processing of the component Multi-Factor Authentication Code Handler" and thus cannot be correlated with other vulnerability information. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-40260 |
CVE-2023-39353 | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to a missing offset validation leading to Out Of Bound Read. In the `libfreerdp/codec/rfx.c` file there is no offset validation in `tile->quantIdxY`, `tile->quantIdxCb`, and `tile->quantIdxCr`. As a result crafted input can lead to an out of bounds read access which in turn will cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-39353 |
CVE-2023-39356 | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a missing offset validation may lead to an Out Of Bound Read in the function `gdi_multi_opaque_rect`. In particular there is no code to validate if the value `multi_opaque_rect->numRectangles` is less than 45. Looping through `multi_opaque_rect->`numRectangles without proper boundary checks can lead to Out-of-Bounds Read errors which will likely lead to a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-39356 |
CVE-2023-40181 | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Integer-Underflow leading to Out-Of-Bound Read in the `zgfx_decompress_segment` function. In the context of `CopyMemory`, it's possible to read data beyond the transmitted packet range and likely cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-40181 |
CVE-2023-40188 | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `general_LumaToYUV444` function. This Out-Of-Bounds Read occurs because processing is done on the `in` variable without checking if it contains data of sufficient length. Insufficient data for the `in` variable may cause errors or crashes. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-40188 |
CVE-2023-42454 | SQLpage is a SQL-only webapp builder. Someone using SQLpage versions prior to 0.11.1, whose SQLpage instance is exposed publicly, with a database connection string specified in the `sqlpage/sqlpage.json` configuration file (not in an environment variable), with the web_root is the current working directory (the default), and with their database exposed publicly, is vulnerable to an attacker retrieving database connection information from SQLPage and using it to connect to their database directly. Version 0.11.0 fixes this issue. Some workarounds are available. Using an environment variable instead of the configuration file to specify the database connection string prevents exposing it on vulnerable versions. Using a different web root (that is not a parent of the SQLPage configuration directory) fixes the issue. One should also avoid exposing one's database publicly. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-42454 |
CVE-2023-26143 | Versions of the package blamer before 1.0.4 are vulnerable to Arbitrary Argument Injection via the blameByFile() API. The library does not sanitize for user input or validate the given file path conforms to a specific schema, nor does it properly pass command-line flags to the git binary using the double-dash POSIX characters (--) to communicate the end of options. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-26143 |
CVE-2023-41387 | A SQL injection in the flutter_downloader component through 1.11.1 for iOS allows remote attackers to steal session tokens and overwrite arbitrary files inside the app's container. The internal database of the framework is exposed to the local user if an app uses UIFileSharingEnabled and LSSupportsOpeningDocumentsInPlace properties. As a result, local users can obtain the same attack primitives as remote attackers by tampering with the internal database of the framework on the device. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-41387 |
CVE-2023-0118 | An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute arbitrary code on the underlying operating system. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-0118 |
CVE-2023-0462 | An arbitrary code execution flaw was found in Foreman. This issue may allow an admin user to execute arbitrary code on the underlying operating system by setting global parameters with a YAML payload. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-0462 |
CVE-2022-3874 | A command injection flaw was found in foreman. This flaw allows an authenticated user with admin privileges on the foreman instance to transpile commands through CoreOS and Fedora CoreOS configurations in templates, possibly resulting in arbitrary command execution on the underlying operating system. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-3874 |
CVE-2023-42798 | AutomataCI is a template git repository equipped with a native built-in semi-autonomous CI tools. An issue in versions 1.4.1 and below can let a release job reset the git root repository to the first commit. Version 1.5.0 has a patch for this issue. As a workaround, make sure the `PROJECT_PATH_RELEASE` (e.g. `releases/`) directory is manually and actually `git cloned` properly, making it a different git repostiory from the root git repository. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-42798 |
CVE-2023-1260 | An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions "update, patch" the "pods/ephemeralcontainers" subresource beyond what the default is. They would then need to create a new pod or patch one that they already have access to. This might allow evasion of SCC admission restrictions, thereby gaining control of a privileged pod. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-1260 |
CVE-2023-39407 | The Watchkit has a risk of unauthorized file access.Successful exploitation of this vulnerability may affect confidentiality and integrity. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-39407 |
CVE-2023-41296 | Vulnerability of missing authorization in the kernel module. Successful exploitation of this vulnerability may affect integrity and confidentiality. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-41296 |
CVE-2023-39612 | A cross-site scripting (XSS) vulnerability in FileBrowser before v2.23.0 allows an authenticated attacker to escalate privileges to Administrator via user interaction with a crafted HTML file or URL. | 9 | https://nvd.nist.gov/vuln/detail/CVE-2023-39612 |
CVE-2023-0829 | Plesk 17.0 through 18.0.31 version, is vulnerable to a Cross-Site Scripting. A malicious subscription owner (either a customer or an additional user), can fully compromise the server if an administrator visits a certain page in Plesk related to the malicious subscription. | 9 | https://nvd.nist.gov/vuln/detail/CVE-2023-0829 |
CVE-2023-3550 | Mediawiki v1.40.0 does not validate namespaces used in XML files. Therefore, if the instance administrator allows XML file uploads, a remote attacker with a low-privileged user account can use this exploit to become an administrator by sending a malicious link to the instance administrator. | 9 | https://nvd.nist.gov/vuln/detail/CVE-2023-3550 |
CVE Number | Description | Base Score | Reference |
---|---|---|---|
CVE-2021-31439 | This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology DiskStation Manager. Authentication is not required to exploit this vulnerablity. The specific flaw exists within the processing of DSI structures in Netatalk. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12326. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-31439 |
CVE-2022-46146 | Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, if someone has access to a Prometheus web.yml file and users' bcrypted passwords, they can bypass security by poisoning the built-in authentication cache. Versions 0.7.2 and 0.8.2 contain a fix for the issue. There is no workaround, but attacker must have access to the hashed password to use this functionality. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-46146 |
CVE-2023-3018 | A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/?page=user/list. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-230362 is the identifier assigned to this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-3018 |
CVE-2023-3176 | A vulnerability, which was classified as critical, was found in SourceCodester Lost and Found Information System 1.0. Affected is an unknown function of the file admin\\user\\manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-231150 is the identifier assigned to this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-3176 |
CVE-2023-3177 | A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file admin\\inquiries\\view_inquiry.php. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-231151. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-3177 |
CVE-2023-3421 | Use after free in Media in Google Chrome prior to 114.0.5735.198 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-3421 |
CVE-2023-4429 | Use after free in Loader in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4429 |
CVE-2023-4430 | Use after free in Vulkan in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4430 |
CVE-2023-4572 | Use after free in MediaStream in Google Chrome prior to 116.0.5845.140 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4572 |
CVE-2023-4762 | Type Confusion in V8 in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4762 |
CVE-2023-4763 | Use after free in Networks in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4763 |
CVE-2023-4863 | Heap buffer overflow in WebP in Google Chrome prior to 116.0.5845.187 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4863 |
CVE-2023-4916 | The Login with phone number plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.6. This is due to missing nonce validation on the 'lwp_update_password_action' function. This makes it possible for unauthenticated attackers to change user password via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4916 |
CVE-2023-2848 | Movim prior to version 0.22 is affected by a Cross-Site WebSocket Hijacking vulnerability. This was the result of a missing header validation. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2848 |
CVE-2023-38891 | SQL injection vulnerability in Vtiger CRM v.7.5.0 allows a remote authenticated attacker to escalate privileges via the getQueryColumnsList function in ReportRun.php. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-38891 |
CVE-2023-4664 | Incorrect Default Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation.This issue affects Saphira Connect: before 9. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4664 |
CVE-2023-4665 | Incorrect Execution-Assigned Permissions vulnerability in Saphira Saphira Connect allows Privilege Escalation.This issue affects Saphira Connect: before 9. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4665 |
CVE-2023-42270 | Grocy <= 4.0.2 is vulnerable to Cross Site Request Forgery (CSRF). | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-42270 |
CVE-2023-5022 | A vulnerability has been found in DedeCMS up to 5.7.100 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /include/dialog/select_templets_post.php. The manipulation of the argument activepath leads to absolute path traversal. The associated identifier of this vulnerability is VDB-239863. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5022 |
CVE-2023-5023 | A vulnerability was found in Tongda OA 2017 and classified as critical. Affected by this issue is some unknown functionality of the file general/hr/manage/staff_relatives/delete.php. The manipulation of the argument RELATIVES_ID leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239864. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5023 |
CVE-2023-5029 | A vulnerability, which was classified as critical, was found in mccms 2.6. This affects an unknown part of the file /category/order/hits/copyright/46/finish/1/list/1. The manipulation with the input '"1 leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239871. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5029 |
CVE-2023-5030 | A vulnerability has been found in Tongda OA up to 11.10 and classified as critical. This vulnerability affects unknown code of the file general/hr/recruit/plan/delete.php. The manipulation of the argument PLAN_ID leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239872. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5030 |
CVE-2023-42328 | An issue in PeppermintLabs Peppermint v.0.2.4 and before allows a remote attacker to obtain sensitive information and execute arbitrary code via the hardcoded session cookie. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-42328 |
CVE-2023-22513 | This High severity RCE (Remote Code Execution) vulnerability was introduced in version 8.0.0 of Bitbucket Data Center and Server. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Bitbucket Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Bitbucket Data Center and Server 8.9: Upgrade to a release greater than or equal to 8.9.5 Bitbucket Data Center and Server 8.10: Upgrade to a release greater than or equal to 8.10.5 Bitbucket Data Center and Server 8.11: Upgrade to a release greater than or equal to 8.11.4 Bitbucket Data Center and Server 8.12: Upgrade to a release greater than or equal to 8.12.2 Bitbucket Data Center and Server 8.13: Upgrade to a release greater than or equal to 8.13.1 Bitbucket Data Center and Server 8.14: Upgrade to a release greater than or equal to 8.14.0 Bitbucket Data Center and Server version >= 8.0 and < 8.9: Upgrade to any of the listed fix versions. See the release notes (https://confluence.atlassian.com/bitbucketserver/release-notes). You can download the latest version of Bitbucket Data Center and Server from the download center (https://www.atlassian.com/software/bitbucket/download-archives). This vulnerability was discovered by a private user and reported via our Bug Bounty program | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22513 |
CVE-2023-40933 | A SQL injection vulnerability in Nagios XI v5.11.1 and below allows authenticated attackers with announcement banner configuration privileges to execute arbitrary SQL commands via the ID parameter sent to the update_banner_message() function. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40933 |
CVE-2023-36319 | File Upload vulnerability in Openupload Stable v.0.4.3 allows a remote attacker to execute arbitrary code via the action parameter of the compress-inc.php file. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36319 |
CVE-2023-38887 | File Upload vulnerability in Dolibarr ERP CRM v.17.0.1 and before allows a remote attacker to execute arbitrary code and obtain sensitive information via the extension filtering and renaming functions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-38887 |
CVE-2023-31010 | NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of privileges, information disclosure, and denial of service. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-31010 |
CVE-2023-31011 | NVIDIA DGX H100 BMC contains a vulnerability in the REST service where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of privileges and information disclosure. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-31011 |
CVE-2023-31012 | NVIDIA DGX H100 BMC contains a vulnerability in the REST service where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of privileges and information disclosure. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-31012 |
CVE-2023-31013 | NVIDIA DGX H100 BMC contains a vulnerability in the REST service, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to escalation of privileges and information disclosure. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-31013 |
CVE-2023-2163 | Incorrect verifier pruning in BPF in Linux Kernel >=5.4 leads to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2163 |
CVE-2023-43477 | The ping_from parameter of ping_tracerte.cgi in the web UI of Telstra Smart Modem Gen 2 (Arcadyan LH1000), firmware versions < 0.18.15r, was not properly sanitized before being used in a system call, which could allow an authenticated attacker to achieve command injection as root on the device. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43477 |
CVE-2023-43630 | PCR14 is not in the list of PCRs that seal/unseal the “vault” key, but An attacker could modify the config partition without triggering the measured boot, this could | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43630 |
CVE-2023-43635 | Vault Key Sealed With SHA1 PCRs The measured boot solution implemented in EVE OS leans on a PCR locking mechanism. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43635 |
CVE-2023-43636 | In EVE OS, the “measured boot” mechanism prevents a compromised device from accessing An attacker can gain full control over the device without changing the PCR values, thus not Note: This issue was made viable in version 9.0.0 when the calculation was moved to PCR14 but it was not included in the measured boot. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43636 |
CVE-2023-42660 | In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a SQL injection vulnerability has been identified in the MOVEit Transfer machine interface that could allow an authenticated attacker to gain unauthorized access to the MOVEit Transfer database. An attacker could submit a crafted payload to the MOVEit Transfer machine interface which could result in modification and disclosure of MOVEit database content. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-42660 |
CVE-2023-43496 | Jenkins 2.423 and earlier, LTS 2.414.1 and earlier creates a temporary file in the system temporary directory with the default permissions for newly created files when installing a plugin from a URL, potentially allowing attackers with access to the system temporary directory to replace the file before it is installed in Jenkins, potentially resulting in arbitrary code execution. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43496 |
CVE-2023-43500 | A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to connect to an attacker-specified hostname and port using attacker-specified username and password. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43500 |
CVE-2023-42331 | A file upload vulnerability in EliteCMS 1.01 allows a remote attacker to execute arbitrary code via the manage_uploads.php component. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-42331 |
CVE-2023-42335 | Unrestricted File Upload vulnerability in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to execute arbitrary code via the add attachment function in the New Expense component. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-42335 |
CVE-2023-43137 | TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds ACL rules after authentication, and the rule name parameter has injection points. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43137 |
CVE-2023-43138 | TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds NAPT rules after authentication, and the rule name has an injection point. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43138 |
CVE-2023-42321 | Cross Site Request Forgery (CSRF) vulnerability in icmsdev iCMSv.7.0.16 allows a remote attacker to execute arbitrary code via the user.admincp.php, members.admincp.php, and group.admincp.php files. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-42321 |
CVE-2023-43631 | On boot, the Pillar eve container checks for the existence and content of Note: | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43631 |
CVE-2023-43633 | On boot, the Pillar eve container checks for the existence and content of “/config/GlobalConfig/global.json”. If the file exists, it overrides the existing configuration on the device on boot. This allows an attacker to change the system’s configuration, which also includes some debug functions. This could be used to unlock the ssh with custom “authorized_keys” via the “debug.enable.ssh” key, similar to the “authorized_keys” finding that was noted before. Other usages include unlocking the usb to enable the keyboard via the “debug.enable.usb” key, allowing VNC access via the “app.allow.vnc” key, and more. An attacker could easily enable these debug functionalities without triggering the “measured boot” mechanism implemented by EVE OS, and without marking the device as “UUD” (“Unknown Update Detected”). This is because the “/config” partition is not protected by “measured boot”, it is mutable and it is not encrypted in any way. An attacker can gain full control over the device without changing the PCR values, thereby not triggering the “measured boot” mechanism, and having full access to the vault. Note: This issue was partially fixed in these commits (after disclosure to Zededa), where the config partition measurement was added to PCR13: • aa3501d6c57206ced222c33aea15a9169d629141 • 5fef4d92e75838cc78010edaed5247dfbdae1889. This issue was made viable in version 9.0.0 when the calculation was moved to PCR14 but it was not included in the measured boot. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43633 |
CVE-2023-43634 | When sealing/unsealing the “vault” key, a list of PCRs is used, which defines which PCRs are used. In a previous project, CYMOTIVE found that the configuration is not protected by the secure boot, and in response Zededa implemented measurements on the config partition that was mapped to PCR 13. In that process, PCR 13 was added to the list of PCRs that seal/unseal the key. In commit “56e589749c6ff58ded862d39535d43253b249acf”, the config partition measurement moved from PCR 13 to PCR 14, but PCR 14 was not added to the list of PCRs that seal/unseal the key. This change makes the measurement of PCR 14 effectively redundant as it would not affect the sealing/unsealing of the key. An attacker could modify the config partition without triggering the measured boot, this could result in the attacker gaining full control over the device with full access to the contents of the encrypted “vault” | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43634 |
CVE-2023-23362 | An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability allows remote authenticated users to execute commands via susceptible QNAP devices. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2376 build 20230421 and later QTS 4.5.4.2374 build 20230416 and later QuTS hero h5.0.1.2376 build 20230421 and later QuTS hero h4.5.4.2374 build 20230417 and later QuTScloud c5.0.1.2374 and later | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23362 |
CVE-2023-5002 | A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. Versions of pgAdmin prior to 7.6 failed to properly control the server code executed on this API, allowing an authenticated user to run arbitrary commands on the server. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5002 |
CVE-2023-41027 | Credential disclosure in the '/webs/userpasswd.htm' endpoint in Juplink RX4-1500 Wifi router firmware versions V1.0.4 and V1.0.5 allows an authenticated attacker to leak the password for the administrative account via requests to the vulnerable endpoint. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41027 |
CVE-2023-41029 | Command injection vulnerability in the homemng.htm endpoint in Juplink RX4-1500 Wifi router firmware versions V1.0.2, V1.0.3, V1.0.4, and V1.0.5 allows authenticated remote attackers to execute commands as root via specially crafted HTTP requests to the vulnerable endpoint. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41029 |
CVE-2023-41031 | Command injection in homemng.htm in Juplink RX4-1500 versions V1.0.2, V1.0.3, V1.0.4, and V1.0.5 allows remote authenticated attackers to execute commands via specially crafted requests to the vulnerable endpoint. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41031 |
CVE-2023-38346 | An issue was discovered in Wind River VxWorks 6.9 and 7. The function ``tarExtract`` implements TAR file extraction and thereby also processes files within an archive that have relative or absolute file paths. A developer using the "tarExtract" function may expect that the function will strip leading slashes from absolute paths or stop processing when encountering relative paths that are outside of the extraction path, unless otherwise forced. This could lead to unexpected and undocumented behavior, which in general could result in a directory traversal, and associated unexpected behavior. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-38346 |
CVE-2023-23567 | A heap-based buffer overflow vulnerability exists in the CreateDIBfromPict functionality of Accusoft ImageGear 20.1. A specially crafted file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23567 |
CVE-2023-28393 | A stack-based buffer overflow vulnerability exists in the tif_processing_dng_channel_count functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to memory corruption. An attacker can provide a malicious file to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28393 |
CVE-2023-32653 | An out-of-bounds write vulnerability exists in the dcm_pixel_data_decode functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-32653 |
CVE-2023-3547 | The All in One B2B for WooCommerce WordPress plugin through 1.0.3 does not properly check nonce values in several actions, allowing an attacker to perform CSRF attacks. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-3547 |
CVE-2023-43382 | Directory Traversal vulnerability in itechyou dreamer CMS v.4.1.3 allows a remote attacker to execute arbitrary code via the themePath in the uploaded template function. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43382 |
CVE-2023-5165 | Docker Desktop before 4.23.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions via the debug shell which remains accessible for a short time window after launching Docker Desktop. The affected functionality is available for Docker Business customers only and assumes an environment where users are not granted local root or Administrator privileges. This issue has been fixed in Docker Desktop 4.23.0. Affected Docker Desktop versions: from 4.13.0 before 4.23.0. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5165 |
CVE-2023-43278 | A Cross-Site Request Forgery (CSRF) in admin_manager.php of Seacms up to v12.8 allows attackers to arbitrarily add an admin account. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43278 |
CVE-2023-4259 | Two potential buffer overflow vulnerabilities at the following locations in the Zephyr eS-WiFi driver source code. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4259 |
CVE-2023-4094 | ARCONTE Aurea's authentication system, in its 1.5.0.0 version, could allow an attacker to make incorrect access requests in order to block each legitimate account and cause a denial of service. In addition, a resource has been identified that could allow circumventing the attempt limit set in the login form. | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-4094 |
CVE-2023-4096 | Weak password recovery mechanism vulnerability in Fujitsu Arconte Áurea version 1.5.0.0, which exploitation could allow an attacker to perform a brute force attack on the emailed PIN number in order to change the password of a legitimate user. | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-4096 |
CVE-2020-10627 | Insulet Omnipod Insulin Management System insulin pump product ID 19191 and 40160 is designed to communicate using a wireless RF with an Insulet manufactured Personal Diabetes Manager device. This wireless RF communication protocol does not properly implement authentication or authorization. An attacker with access to one of the affected insulin pump models may be able to modify and/or intercept data. This vulnerability could also allow attackers to change pump settings and control insulin delivery. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-10627 |
CVE-2022-48566 | An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-48566 |
CVE-2023-4427 | Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-4427 |
CVE-2023-4428 | Out of bounds memory access in CSS in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-4428 |
CVE-2023-4431 | Out of bounds memory access in Fonts in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-4431 |
CVE-2023-4761 | Out of bounds memory access in FedCM in Google Chrome prior to 116.0.5845.179 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-4761 |
CVE-2023-42443 | Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). In version 0.3.9 and prior, under certain conditions, the memory used by the builtins `raw_call`, `create_from_blueprint` and `create_copy_of` can be corrupted. For `raw_call`, the argument buffer of the call can be corrupted, leading to incorrect `calldata` in the sub-context. For `create_from_blueprint` and `create_copy_of`, the buffer for the to-be-deployed bytecode can be corrupted, leading to deploying incorrect bytecode. Each builtin has conditions that must be fulfilled for the corruption to happen. For `raw_call`, the `data` argument of the builtin must be `msg.data` and the `value` or `gas` passed to the builtin must be some complex expression that results in writing to the memory. For `create_copy_of`, the `value` or `salt` passed to the builtin must be some complex expression that results in writing to the memory. For `create_from_blueprint`, either no constructor parameters should be passed to the builtin or `raw_args` should be set to True, and the `value` or `salt` passed to the builtin must be some complex expression that results in writing to the memory. As of time of publication, no patched version exists. The issue is still being investigated, and there might be other cases where the corruption might happen. When the builtin is being called from an `internal` function `F`, the issue is not present provided that the function calling `F` wrote to memory before calling `F`. As a workaround, the complex expressions that are being passed as kwargs to the builtin should be cached in memory prior to the call to the builtin. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-42443 |
CVE-2023-38351 | MiniTool Partition Wizard 12.8 contains an insecure installation mechanism that allows attackers to achieve remote code execution through a man in the middle attack. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-38351 |
CVE-2023-38352 | MiniTool Partition Wizard 12.8 contains an insecure update mechanism that allows attackers to achieve remote code execution through a man in the middle attack. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-38352 |
CVE-2023-38354 | MiniTool Shadow Maker version 4.1 contains an insecure installation process that allows attackers to achieve remote code execution through a man in the middle attack. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-38354 |
CVE-2023-38355 | MiniTool Movie Maker 6.1.0 contains an insecure installation process that allows attackers to achieve remote code execution through a man in the middle attack. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-38355 |
CVE-2023-38356 | MiniTool Power Data Recovery 11.6 contains an insecure installation process that allows attackers to achieve remote code execution through a man in the middle attack. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-38356 |
CVE-2023-25529 | NVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a leak of another user’s session token by observing timing discrepancies between server responses. A successful exploit of this vulnerability may lead to information disclosure, escalation of privileges, and data tampering. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-25529 |
CVE-2023-43497 | In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using the Stapler web framework creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controller file system to read and write the files before they are used. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-43497 |
CVE-2023-43498 | In Jenkins 2.423 and earlier, LTS 2.414.1 and earlier, processing file uploads using MultipartFormDataParser creates temporary files in the default system temporary directory with the default permissions for newly created files, potentially allowing attackers with access to the Jenkins controller file system to read and write the files before they are used. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-43498 |
CVE-2023-41484 | An issue in cimg.eu Cimg Library v2.9.3 allows an attacker to obtain sensitive information via a crafted JPEG file. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-41484 |
CVE-2023-42456 | Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to re-authenticate themselves. Supporting this functionality is a set of session files (timestamps) for each user, stored in `/var/run/sudo-rs/ts`. These files are named according to the username from which the sudo attempt is made (the origin user). An issue was discovered in versions prior to 0.2.1 where usernames containing the `.` and `/` characters could result in the corruption of specific files on the filesystem. As usernames are generally not limited by the characters they can contain, a username appearing to be a relative path can be constructed. For example we could add a user to the system containing the username `../../../../bin/cp`. When logged in as a user with that name, that user could run `sudo -K` to clear their session record file. The session code then constructs the path to the session file by concatenating the username to the session file storage directory, resulting in a resolved path of `/bin/cp`. The code then clears that file, resulting in the `cp` binary effectively being removed from the system. An attacker needs to be able to login as a user with a constructed username. Given that such a username is unlikely to exist on an existing system, they will also need to be able to create the users with the constructed usernames. The issue is patched in version 0.2.1 of sudo-rs. Sudo-rs now uses the uid for the user instead of their username for determining the filename. Note that an upgrade to this version will result in existing session files being ignored and users will be forced to re-authenticate. It also fully eliminates any possibility of path traversal, given that uids are always integer values. The `sudo -K` and `sudo -k` commands can run, even if a user has no sudo access. As a workaround, make sure that one's system does not contain any users with a specially crafted username. While this is the case and while untrusted users do not have the ability to create arbitrary users on the system, one should not be able to exploit this issue. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-42456 |
CVE-2016-1238 | (1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2016-1238 |
CVE-2020-12762 | json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-12762 |
CVE-2021-36046 | XMP Toolkit version 2020.1 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-36046 |
CVE-2021-36047 | XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Improper Input Validation vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-36047 |
CVE-2021-36048 | XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Improper Input Validation vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-36048 |
CVE-2021-36050 | XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-36050 |
CVE-2021-36052 | XMP Toolkit version 2020.1 (and earlier) is affected by a memory corruption vulnerability, potentially resulting in arbitrary code execution in the context of the current user. User interaction is required to exploit this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-36052 |
CVE-2021-36055 | XMP Toolkit SDK versions 2020.1 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-36055 |
CVE-2021-36064 | XMP Toolkit version 2020.1 (and earlier) is affected by a Buffer Underflow vulnerability which could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-36064 |
CVE-2021-39847 | XMP Toolkit SDK version 2020.1 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-39847 |
CVE-2021-36051 | XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a specially-crafted .cpp file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-36051 |
CVE-2021-42529 | XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-42529 |
CVE-2021-42530 | XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-42530 |
CVE-2021-42531 | XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-42531 |
CVE-2021-42532 | XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-42532 |
CVE-2022-45188 | Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root access on some platforms such as FreeBSD (used for TrueNAS). | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-45188 |
CVE-2021-33641 | When processing files, malloc stores the data of the current line. When processing comments, malloc incorrectly accesses the released memory (use after free). | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-33641 |
CVE-2022-33894 | Improper input validation in the BIOS firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-33894 |
CVE-2022-29470 | Improper access control in the Intel® DTT Software before version 8.7.10400.15482 may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-29470 |
CVE-2022-38076 | Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-38076 |
CVE-2020-21890 | Buffer Overflow vulnerability in clj_media_size function in devices/gdevclj.c in Artifex Ghostscript 9.50 allows remote attackers to cause a denial of service or other unspecified impact(s) via opening of crafted PDF document. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-21890 |
CVE-2020-22219 | Buffer Overflow vulnerability in function bitwriter_grow_ in flac before 1.4.0 allows remote attackers to run arbitrary code via crafted input to the encoder. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-22219 |
CVE-2023-41064 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 16.6.1 and iPadOS 16.6.1, macOS Monterey 12.6.9, macOS Ventura 13.5.2, iOS 15.7.9 and iPadOS 15.7.9, macOS Big Sur 11.7.10. Processing a maliciously crafted image may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41064 |
CVE-2023-4807 | Issue summary: The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications on the Windows 64 platform when running on newer X86_64 processors supporting the AVX512-IFMA instructions. Impact summary: If in an application that uses the OpenSSL library an attacker can influence whether the POLY1305 MAC algorithm is used, the application state might be corrupted with various application dependent consequences. The POLY1305 MAC (message authentication code) implementation in OpenSSL does not save the contents of non-volatile XMM registers on Windows 64 platform when calculating the MAC of data larger than 64 bytes. Before returning to the caller all the XMM registers are set to zero rather than restoring their previous content. The vulnerable code is used only on newer x86_64 processors supporting the AVX512-IFMA instructions. The consequences of this kind of internal application state corruption can be various - from no consequences, if the calling application does not depend on the contents of non-volatile XMM registers at all, to the worst consequences, where the attacker could get complete control of the application process. However given the contents of the registers are just zeroized so the attacker cannot put arbitrary values inside, the most likely consequence, if any, would be an incorrect result of some application dependent calculations or a crash leading to a denial of service. The POLY1305 MAC algorithm is most frequently used as part of the CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) algorithm. The most common usage of this AEAD cipher is with TLS protocol versions 1.2 and 1.3 and a malicious client can influence whether this AEAD cipher is used by the server. This implies that server applications using OpenSSL can be potentially impacted. However we are currently not aware of any concrete application that would be affected by this issue therefore we consider this a Low severity security issue. As a workaround the AVX512-IFMA instructions support can be disabled at runtime by setting the environment variable OPENSSL_ia32cap: OPENSSL_ia32cap=:~0x200000 The FIPS provider is not affected by this issue. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4807 |
CVE-2023-41990 | The issue was addressed with improved handling of caches. This issue is fixed in tvOS 16.3, iOS 16.3 and iPadOS 16.3, macOS Monterey 12.6.8, macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Ventura 13.2, watchOS 9.3. Processing a font file may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41990 |
CVE-2023-4516 | A CWE-306: Missing Authentication for Critical Function vulnerability exists in the IGSS Update Service that could allow a local attacker to change update source, potentially leading to remote code execution when the attacker force an update containing malicious content. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4516 |
CVE-2023-38557 | A vulnerability has been identified in Spectrum Power 7 (All versions < V23Q3). The affected product assigns improper access rights to the update script. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-38557 |
CVE-2023-32643 | A flaw was found in GLib. The GVariant deserialization code is vulnerable to a heap buffer overflow introduced by the fix for CVE-2023-32665. This bug does not affect any released version of GLib, but does affect GLib distributors who followed the guidance of GLib developers to backport the initial fix for CVE-2023-32665. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-32643 |
CVE-2023-4985 | A vulnerability classified as critical has been found in Supcon InPlant SCADA up to 20230901. Affected is an unknown function of the file Project.xml. The manipulation leads to improper authentication. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239796. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4985 |
CVE-2023-4991 | A vulnerability was found in NextBX QWAlerter 4.50. It has been rated as critical. Affected by this issue is some unknown functionality of the file QWAlerter.exe. The manipulation leads to unquoted search path. It is possible to launch the attack on the local host. The identifier of this vulnerability is VDB-239804. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4991 |
CVE-2023-5012 | A vulnerability, which was classified as problematic, was found in Topaz OFD 2.11.0.201. This affects an unknown part of the file C:\\Program Files\\Topaz OFD\\Warsaw\\core.exe of the component Protection Module Warsaw. The manipulation leads to unquoted search path. Attacking locally is a requirement. The identifier VDB-239853 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5012 |
CVE-2023-34195 | An issue was discovered in SystemFirmwareManagementRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. The implementation of the GetImage method retrieves the value of a runtime variable named GetImageProgress, and later uses this value as a function pointer. This variable is wiped out by the same module near the end of the function. By setting this UEFI variable from the OS to point into custom code, an attacker could achieve arbitrary code execution in the DXE phase, before several chipset locks are set. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-34195 |
CVE-2023-32184 | A Insecure Storage of Sensitive Information vulnerability in openSUSE opensuse-welcome allows local attackers to execute code as the user that runs opensuse-welcome if a custom layout is chosen This issue affects opensuse-welcome: from 0.1 before 0.1.9+git.35.4b9444a. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-32184 |
CVE-2023-32182 | A Improper Link Resolution Before File Access ('Link Following') vulnerability in SUSE SUSE Linux Enterprise Desktop 15 SP5 postfix, SUSE SUSE Linux Enterprise High Performance Computing 15 SP5 postfix, SUSE openSUSE Leap 15.5 postfix.This issue affects SUSE Linux Enterprise Desktop 15 SP5: before 3.7.3-150500.3.5.1; SUSE Linux Enterprise High Performance Computing 15 SP5: before 3.7.3-150500.3.5.1; openSUSE Leap 15.5 : before 3.7.3-150500.3.5.1. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-32182 |
CVE-2023-25527 | NVIDIA DGX H100 BMC contains a vulnerability in the host KVM daemon, where an authenticated local attacker may cause corruption of kernel memory. A successful exploit of this vulnerability may lead to arbitrary kernel code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25527 |
CVE-2023-31008 | NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause improper input validation. A successful exploit of this vulnerability may lead to code execution, denial of services, escalation of privileges, and information disclosure. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-31008 |
CVE-2023-31015 | NVIDIA DGX H100 BMC contains a vulnerability in the REST service where a host user may cause as improper authentication issue. A successful exploit of this vulnerability may lead to escalation of privileges, information disclosure, code execution, and denial of service. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-31015 |
CVE-2023-4088 | Incorrect Default Permissions vulnerability due to incomplete fix to address CVE-2020-14496 in Mitsubishi Electric Corporation FA engineering software products allows a malicious local attacker to execute a malicious code, which could result in information disclosure, tampering with and deletion, or a denial-of-service (DoS) condition. However, if the mitigated version described in the advisory for CVE-2020-14496 is used and installed in the default installation folder, this vulnerability does not affect the products. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4088 |
CVE-2023-43619 | An issue was discovered in Croc through 9.6.5. A sender may send dangerous new files to a receiver, such as executable content or a .ssh/authorized_keys file. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43619 |
CVE-2023-43620 | An issue was discovered in Croc through 9.6.5. A sender may place ANSI or CSI escape sequences in a filename to attack the terminal device of a receiver. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43620 |
CVE-2023-41374 | Double free issue exists in Kostac PLC Programming Software Version 1.6.11.0 and earlier. Arbitrary code may be executed by having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier because the issue exists in parsing of KPP project files. The vendor states that Kostac PLC Programming Software Version 1.6.10.0 or later implements the function which prevents a project file alteration. Therefore, to mitigate the impact of these vulnerabilities, a project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier needs to be saved again using Kostac PLC Programming Software Version 1.6.10.0 or later. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41374 |
CVE-2023-41375 | Use after free vulnerability exists in Kostac PLC Programming Software Version 1.6.11.0. Arbitrary code may be executed by having a user open a specially crafted project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier because the issue exists in parsing of KPP project files. The vendor states that Kostac PLC Programming Software Version 1.6.10.0 or later implements the function which prevents a project file alteration. Therefore, to mitigate the impact of these vulnerabilities, a project file which was saved using Kostac PLC Programming Software Version 1.6.9.0 and earlier needs to be saved again using Kostac PLC Programming Software Version 1.6.10.0 or later. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41375 |
CVE-2023-41902 | An XPC misconfiguration vulnerability in CoreCode MacUpdater before 2.3.8, and 3.x before 3.1.2, allows attackers to escalate privileges by crafting malicious .pkg files. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41902 |
CVE-2023-37410 | IBM Personal Communications 14.05, 14.06, and 15.0.0 could allow a local user to escalate their privileges to the SYSTEM user due to overly permissive access controls. IBM X-Force ID: 260138. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-37410 |
CVE-2023-43637 | Due to the implementation of "deriveVaultKey", prior to version 7.10, the generated vault key Roll an update that enforces the full 32bytes key usage. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43637 |
CVE-2023-41992 | The issue was addressed with improved checks. This issue is fixed in iOS 16.7 and iPadOS 16.7, OS 17.0.1 and iPadOS 17.0.1, watchOS 9.6.3, macOS Ventura 13.6, macOS Monterey 12.7, watchOS 10.0.1. A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41992 |
CVE-2023-4504 | Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4504 |
CVE-2023-5068 | Delta Electronics DIAScreen may write past the end of an allocated buffer while parsing a specially crafted input file. This could allow an attacker to execute code in the context of the current process. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5068 |
CVE-2023-43766 | Certain WithSecure products allow Local privilege escalation via the lhz archive unpack handler. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43766 |
CVE-2023-34319 | The fix for XSA-423 added logic to Linux'es netback driver to deal with a frontend splitting a packet in a way such that not all of the headers would come in one piece. Unfortunately the logic introduced there didn't account for the extreme case of the entire packet being split into as many pieces as permitted by the protocol, yet still being smaller than the area that's specially dealt with to keep all (possible) headers together. Such an unusual packet would therefore trigger a buffer overrun in the driver. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-34319 |
CVE-2023-0627 | Docker Desktop 4.11.x allows --no-windows-containers flag bypass via IPC response spoofing which may lead to Local Privilege Escalation (LPE).This issue affects Docker Desktop: 4.11.X. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0627 |
CVE-2023-0633 | In Docker Desktop on Windows before 4.12.0 an argument injection to installer may result in local privilege escalation (LPE).This issue affects Docker Desktop: before 4.12.0. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0633 |
CVE-2022-4318 | A vulnerability was found in cri-o. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-4318 |
CVE-2023-42753 | An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-42753 |
CVE-2019-9017 | DWRCC in SolarWinds DameWare Mini Remote Control 10.0 x64 has a Buffer Overflow associated with the size field for the machine name. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-9017 |
CVE-2019-1010283 | Univention Corporate Server univention-directory-notifier 12.0.1-3 and earlier is affected by: CWE-213: Intentional Information Exposure. The impact is: Loss of Confidentiality. The component is: function data_on_connection() in src/callback.c. The attack vector is: network connectivity. The fixed version is: 12.0.1-4 and later. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-1010283 |
CVE-2002-20001 | The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or D(HE)ater attack. The client needs very little CPU resources and network bandwidth. The attack may be more disruptive in cases where a client can require a server to select its largest supported key size. The basic attack scenario is that the client must claim that it can only communicate with DHE, and the server must be configured to allow DHE. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2002-20001 |
CVE-2021-44965 | Directory traversal vulnerability in /admin/includes/* directory for PHPGURUKUL Employee Record Management System 1.2 The attacker can retrieve and download sensitive information from the vulnerable server. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-44965 |
CVE-2021-45462 | In Open5GS 2.4.0, a crafted packet from UE can crash SGW-U/UPF. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-45462 |
CVE-2021-43045 | A vulnerability in the .NET SDK of Apache Avro allows an attacker to allocate excessive resources, potentially causing a denial-of-service attack. This issue affects .NET applications using Apache Avro version 1.10.2 and prior versions. Users should update to version 1.11.0 which addresses this issue. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-43045 |
CVE-2022-0391 | A flaw was found in Python, specifically within the urllib.parse module. This module helps break Uniform Resource Locator (URL) strings into components. The issue involves how the urlparse method does not sanitize input and allows characters like '\\r' and '\ ' in the URL path. This flaw allows an attacker to input a crafted URL, leading to injection attacks. This flaw affects Python versions prior to 3.10.0b1, 3.9.5, 3.8.11, 3.7.11 and 3.6.14. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-0391 |
CVE-2022-32190 | JoinPath and URL.JoinPath do not remove ../ path elements appended to a relative path. For example, JoinPath("https://go.dev", "../go") returns the URL "https://go.dev/../go", despite the JoinPath documentation stating that ../ path elements are removed from the result. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-32190 |
CVE-2022-42965 | An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the snowflake-connector-python PyPI package, when an attacker is able to supply arbitrary input to the undocumented get_file_transfer_type method | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-42965 |
CVE-2023-24329 | An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24329 |
CVE-2022-30114 | A heap-based buffer overflow in a network service in Fastweb FASTGate MediaAccess FGA2130FWB, firmware version 18.3.n.0482_FW_230_FGA2130, and DGA4131FWB, firmware version up to 18.3.n.0462_FW_261_DGA4131, allows a remote attacker to reboot the device through a crafted HTTP request, causing DoS. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-30114 |
CVE-2022-48560 | A use-after-free exists in Python through 3.9 via heappushpop in heapq. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-48560 |
CVE-2023-1409 | If the MongoDB Server running on Windows or macOS is configured to use TLS with a specific set of configuration options that are already known to work securely in other platforms (e.g. Linux), it is possible that client certificate validation may not be in effect, potentially allowing client to establish a TLS connection with the server that supplies any certificate. This issue affect all MongoDB Server v6.3 versions, MongoDB Server v5.0 versions v5.0.0 to v5.0.14 and all MongoDB Server v4.4 versions. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-1409 |
CVE-2023-20900 | A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html . | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-20900 |
CVE-2023-40589 | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions there is a Global-Buffer-Overflow in the ncrush_decompress function. Feeding crafted input into this function can trigger the overflow which has only been shown to cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40589 |
CVE-2023-39350 | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. This issue affects Clients only. Integer underflow leading to DOS (e.g. abort due to `WINPR_ASSERT` with default compilation flags). When an insufficient blockLen is provided, and proper length validation is not performed, an Integer Underflow occurs, leading to a Denial of Service (DOS) vulnerability. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-39350 |
CVE-2023-39351 | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions of FreeRDP are subject to a Null Pointer Dereference leading a crash in the RemoteFX (rfx) handling. Inside the `rfx_process_message_tileset` function, the program allocates tiles using `rfx_allocate_tiles` for the number of numTiles. If the initialization process of tiles is not completed for various reasons, tiles will have a NULL pointer. Which may be accessed in further processing and would cause a program crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-39351 |
CVE-2023-39354 | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `nsc_rle_decompress_data` function. The Out-Of-Bounds Read occurs because it processes `context->Planes` without checking if it contains data of sufficient length. Should an attacker be able to leverage this vulnerability they may be able to cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-39354 |
CVE-2023-28831 | The ANSI C OPC UA SDK contains an integer overflow vulnerability that could cause the application to run into an infinite loop during certificate validation.\r \r This could allow an unauthenticated remote attacker to create a denial of service condition by sending a specially crafted certificate. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28831 |
CVE-2023-41081 | The mod_jk component of Apache Tomcat Connectors in some circumstances, such as when a configuration included "JkOptions +ForwardDirectories" but the configuration did not provide explicit mounts for all possible proxied requests, mod_jk would use an implicit mapping and map the request to the first defined worker. Such an implicit mapping could result in the unintended exposure of the status worker and/or bypass security constraints configured in httpd. As of JK 1.2.49, the implicit mapping functionality has been removed and all mappings must now be via explicit configuration. Only mod_jk is affected by this issue. The ISAPI redirector is not affected. This issue affects Apache Tomcat Connectors (mod_jk only): from 1.2.0 through 1.2.48. Users are recommended to upgrade to version 1.2.49, which fixes the issue. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-41081 |
CVE-2023-1108 | A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-1108 |
CVE-2023-29499 | A flaw was found in GLib. GVariant deserialization fails to validate that the input conforms to the expected format, leading to denial of service. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-29499 |
CVE-2023-38039 | When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed later via the libcurl headers API. However, curl did not have a limit in how many or how large headers it would accept in a response, allowing a malicious server to stream an endless series of headers and eventually cause curl to run out of heap memory. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-38039 |
CVE-2022-47848 | An issue was discovered in Bezeq Vtech NB403-IL version BZ_2.02.07.09.13.01 and Vtech IAD604-IL versions BZ_2.02.07.09.13.01, BZ_2.02.07.09.13T, and BZ_2.02.07.09.09T, allows remote attackers to gain sensitive information via rootDesc.xml page of the UPnP service. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-47848 |
CVE-2023-40018 | FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.10, FreeSWITCH allows remote users to trigger out of bounds write by offering an ICE candidate with unknown component ID. When an SDP is offered with any ICE candidates with an unknown component ID, FreeSWITCH will make an out of bounds write to its arrays. By abusing this vulnerability, an attacker is able to corrupt FreeSWITCH memory leading to an undefined behavior of the system or a crash of it. Version 1.10.10 contains a patch for this issue. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40018 |
CVE-2022-3261 | A flaw was found in OpenStack. Multiple components show plain-text passwords in /var/log/messages during the OpenStack overcloud update run, leading to a disclosure of sensitive information problem. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-3261 |
CVE-2023-0813 | A flaw was found in the Network Observability plugin for OpenShift console. Unless the Loki authToken configuration is set to FORWARD mode, authentication is no longer enforced, allowing any user who can connect to the OpenShift Console in an OpenShift cluster to retrieve flows without authentication. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0813 |
CVE-2023-41886 | OpenRefine is a powerful free, open source tool for working with messy data. Prior to version 3.7.5, an arbitrary file read vulnerability allows any unauthenticated user to read a file on a server. Version 3.7.5 fixes this issue. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-41886 |
CVE-2023-5027 | A vulnerability classified as critical was found in SourceCodester Simple Membership System 1.0. Affected by this vulnerability is an unknown functionality of the file club_validator.php. The manipulation of the argument club leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239869 was assigned to this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5027 |
CVE-2023-35851 | SUNNET WMPro portal's FAQ function has insufficient validation for user input. An unauthenticated remote attacker can inject arbitrary SQL commands to obtain sensitive information via a database. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-35851 |
CVE-2023-42520 | Certain WithSecure products allow a remote crash of a scanning engine via unpacking of crafted data files. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-42520 |
CVE-2023-42526 | Certain WithSecure products allow a remote crash of a scanning engine via decompression of crafted data files. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-42526 |
CVE-2023-42521 | Certain WithSecure products allow a remote crash of a scanning engine via processing of a compressed file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-42521 |
CVE-2023-42522 | Certain WithSecure products allow a remote crash of a scanning engine via processing of an import struct in a PE file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-42522 |
CVE-2023-42523 | Certain WithSecure products allow a remote crash of a scanning engine via unpacking of a PE file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-42523 |
CVE-2023-42524 | Certain WithSecure products allow an infinite loop in a scanning engine via unspecified file types. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-42524 |
CVE-2023-42525 | Certain WithSecure products allow an infinite loop in a scanning engine via unspecified file types. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-42525 |
CVE-2023-32187 | An Allocation of Resources Without Limits or Throttling vulnerability in SUSE k3s allows attackers with access to K3s servers' apiserver/supervisor port (TCP 6443) cause denial of service. This issue affects k3s: from v1.24.0 before v1.24.17+k3s1, from v1.25.0 before v1.25.13+k3s1, from v1.26.0 before v1.26.8+k3s1, from sev1.27.0 before v1.27.5+k3s1, from v1.28.0 before v1.28.1+k3s1. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-32187 |
CVE-2023-42387 | An issue in TDSQL Chitu management platform v.10.3.19.5.0 allows a remote attacker to obtain sensitive information via get_db_info function in install.php. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-42387 |
CVE-2023-41595 | An issue in xui-xray v1.8.3 allows attackers to obtain sensitive information via default password. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-41595 |
CVE-2023-32186 | A Allocation of Resources Without Limits or Throttling vulnerability in SUSE RKE2 allows attackers with access to K3s servers apiserver/supervisor port (TCP 6443) cause denial of service. This issue affects RKE2: from 1.24.0 before 1.24.17+rke2r1, from v1.25.0 before v1.25.13+rke2r1, from v1.26.0 before v1.26.8+rke2r1, from v1.27.0 before v1.27.5+rke2r1, from v1.28.0 before v1.28.1+rke2r1. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-32186 |
CVE-2023-32649 | A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, allows an unauthenticated attacker to crash the IDS module by sending specially crafted malformed network packets. During the (limited) time window before the IDS module is automatically restarted, network traffic may not be analyzed. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-32649 |
CVE-2023-41890 | Sustainsys.Saml2 library adds SAML2P support to ASP.NET web sites, allowing the web site to act as a SAML2 Service Provider. Prior to versions 1.0.3 and 2.9.2, when a response is processed, the issuer of the Identity Provider is not sufficiently validated. This could allow a malicious identity provider to craft a Saml2 response that is processed as if issued by another identity provider. It is also possible for a malicious end user to cause stored state intended for one identity provider to be used when processing the response from another provider. An application is impacted if they rely on any of these features in their authentication/authorization logic: the issuer of the generated identity and claims; or items in the stored request state (AuthenticationProperties). This issue is patched in versions 2.9.2 and 1.0.3. The `AcsCommandResultCreated` notification can be used to add the validation required if an upgrade to patched packages is not possible. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-41890 |
CVE-2023-42444 | phonenumber is a library for parsing, formatting and validating international phone numbers. Prior to versions `0.3.3+8.13.9` and `0.2.5+8.11.3`, the phonenumber parsing code may panic due to a panic-guarded out-of-bounds access on the phonenumber string. In a typical deployment of `rust-phonenumber`, this may get triggered by feeding a maliciously crafted phonenumber over the network, specifically the string `.;phone-context=`. Versions `0.3.3+8.13.9` and `0.2.5+8.11.3` contain a patch for this issue. There are no known workarounds. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-42444 |
CVE-2023-42447 | blurhash-rs is a pure Rust implementation of Blurhash, software for encoding images into ASCII strings that can be turned into a gradient of colors representing the original image. In version 0.1.1, the blurhash parsing code may panic due to multiple panic-guarded out-of-bounds accesses on untrusted input. In a typical deployment, this may get triggered by feeding a maliciously crafted blurhashes over the network. These may include UTF-8 compliant strings containing multi-byte UTF-8 characters. A patch is available in version 0.2.0, which requires user intervention because of slight API churn. No known workarounds are available. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-42447 |
CVE-2023-42450 | Mastodon is a free, open-source social network server based on ActivityPub. Starting in version 4.2.0-beta1 and prior to version 4.2.0-rc2, by crafting specific input, attackers can inject arbitrary data into HTTP requests issued by Mastodon. This can be used to perform confused deputy attacks if the server configuration includes `ALLOWED_PRIVATE_ADDRESSES` to allow access to local exploitable services. Version 4.2.0-rc2 has a patch for the issue. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-42450 |
CVE-2023-42451 | Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 3.5.14, 4.0.10, 4.1.8, and 4.2.0-rc2, under certain circumstances, attackers can exploit a flaw in domain name normalization to spoof domains they do not own. Versions 3.5.14, 4.0.10, 4.1.8, and 4.2.0-rc2 contain a patch for this issue. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-42451 |
CVE-2023-25525 | NVIDIA Cumulus Linux contains a vulnerability in forwarding where a VxLAN-encapsulated IPv6 packet received on an SVI interface with DMAC/DIPv6 set to the link-local address of the SVI interface may be incorrectly forwarded. A successful exploit may lead to information disclosure. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-25525 |
CVE-2023-25532 | NVIDIA DGX H100 BMC contains a vulnerability in IPMI, where an attacker may cause insufficient protection of credentials. A successful exploit of this vulnerability may lead to information disclosure. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-25532 |
CVE-2023-5042 | Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40713. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5042 |
CVE-2023-3341 | The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key; only network access to the control channel's configured TCP port is necessary. This issue affects BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1 through 9.18.18-S1. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-3341 |
CVE-2023-4236 | A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure. This happens when internal data structures are incorrectly reused under significant DNS-over-TLS query load. This issue affects BIND 9 versions 9.18.0 through 9.18.18 and 9.18.11-S1 through 9.18.18-S1. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-4236 |
CVE-2022-3596 | An information leak was found in OpenStack's undercloud. This flaw allows unauthenticated, remote attackers to inspect sensitive data after discovering the IP address of the undercloud, possibly leading to compromising private information, including administrator access credentials. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-3596 |
CVE-2023-42147 | An issue in CloudExplorer Lite 1.3.1 allows an attacker to obtain sensitive information via the login key component. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-42147 |
CVE-2023-39677 | MyPrestaModules Prestashop Module v6.2.9 and UpdateProducts Prestashop Module v3.6.9 were discovered to contain a PHPInfo information disclosure vulnerability via send.php. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-39677 |
CVE-2023-37279 | Faktory is a language-agnostic persistent background job server. Prior to version 1.8.0, the Faktory web dashboard can suffer from denial of service by a crafted malicious url query param `days`. The vulnerability is related to how the backend reads the `days` URL query parameter in the Faktory web dashboard. The value is used directly without any checks to create a string slice. If a very large value is provided, the backend server ends up using a significant amount of memory and causing it to crash. Version 1.8.0 fixes this issue. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-37279 |
CVE-2023-43669 | The Tungstenite crate before 0.20.1 for Rust allows remote attackers to cause a denial of service (minutes of CPU consumption) via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted (e.g., thousands of times) and the average amount of data for each parse attempt (e.g., millions of bytes). | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43669 |
CVE-2023-4152 | Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a path traversal vulnerability of the web interface by a crafted URL without authentication. This enables an remote attacker to read all files on the filesystem of the FDS101 device. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-4152 |
CVE-2023-43274 | Phpjabbers PHP Shopping Cart 4.2 is vulnerable to SQL Injection via the id parameter. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43274 |
CVE-2023-42457 | plone.rest allows users to use HTTP verbs such as GET, POST, PUT, DELETE, etc. in Plone. Starting in the 2.x branch and prior to versions 2.0.1 and 3.0.1, when the `++api++` traverser is accidentally used multiple times in a url, handling it takes increasingly longer, making the server less responsive. Patches are available in `plone.rest` 2.0.1 and 3.0.1. Series 1.x is not affected. As a workaround, one may redirect `/++api++/++api++` to `/++api++` in one's frontend web server (nginx, Apache). | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-42457 |
CVE-2023-42805 | quinn-proto is a state machine for the QUIC transport protocol. Prior to versions 0.9.5 and 0.10.5, receiving unknown QUIC frames in a QUIC packet could result in a panic. The problem has been fixed in 0.9.5 and 0.10.5 maintenance releases. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-42805 |
CVE-2023-42280 | mee-admin 1.5 is vulnerable to Directory Traversal. The download method in the CommonFileController.java file does not verify the incoming data, resulting in arbitrary file reading. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-42280 |
CVE-2023-42482 | Samsung Mobile Processor Exynos 2200 allows a GPU Use After Free. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-42482 |
CVE-2023-38343 | An XXE (XML external entity injection) vulnerability exists in the CSEP component of Ivanti Endpoint Manager before 2022 SU4. External entity references are enabled in the XML parser configuration. Exploitation of this vulnerability can lead to file disclosure or Server Side Request Forgery. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-38343 |
CVE-2023-31716 | FUXA <= 1.1.12 has a Local File Inclusion vulnerability via file=fuxa.log | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-31716 |
CVE-2023-31717 | A SQL Injection attack in FUXA <= 1.1.12 allows exfiltration of confidential information from the database. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-31717 |
CVE-2023-31718 | FUXA <= 1.1.12 is vulnerable to Local via Inclusion via /api/download. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-31718 |
CVE-2023-43760 | Certain WithSecure products allow Denial of Service via a fuzzed PE32 file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43760 |
CVE-2023-43761 | Certain WithSecure products allow Denial of Service (infinite loop). This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43761 |
CVE-2023-43765 | Certain WithSecure products allow Denial of Service in the aeelf component. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43765 |
CVE-2023-43767 | Certain WithSecure products allow Denial of Service via the aepack archive unpack handler. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, Linux Security 64 12.0 , Linux Protection 12.0, and WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43767 |
CVE-2023-43783 | Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/cadence-wineasio.reg Temporary File. The filename is used even if it has been created by a local adversary before Cadence started. The adversary can leverage this to create or overwrite files via a symlink attack. In some kernel configurations, code injection into the Wine registry is possible. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43783 |
CVE-2023-42821 | The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. Prior to pseudoversion `0.0.0-20230922105210-14b16010c2ee`, which corresponds with commit `14b16010c2ee7ff33a940a541d993bd043a88940`, parsing malformed markdown input with parser that uses parser.Mmark extension could result in out-of-bounds read vulnerability. To exploit the vulnerability, parser needs to have `parser.Mmark` extension set. The panic occurs inside the `citation.go` file on the line 69 when the parser tries to access the element past its length. This can result in a denial of service. Commit `14b16010c2ee7ff33a940a541d993bd043a88940`/pseudoversion `0.0.0-20230922105210-14b16010c2ee` contains a patch for this issue. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-42821 |
CVE-2023-39408 | DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the system to restart. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-39408 |
CVE-2023-39409 | DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the system to restart. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-39409 |
CVE-2023-41298 | Vulnerability of permission control in the window module. Successful exploitation of this vulnerability may affect confidentiality. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-41298 |
CVE-2023-41299 | DoS vulnerability in the PMS module. Successful exploitation of this vulnerability may cause the system to restart. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-41299 |
CVE-2023-41293 | Data security classification vulnerability in the DDMP module. Successful exploitation of this vulnerability may affect confidentiality. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-41293 |
CVE-2023-41300 | Vulnerability of parameters not being strictly verified in the PMS module. Successful exploitation of this vulnerability may cause the system to restart. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-41300 |
CVE-2023-41301 | Vulnerability of unauthorized API access in the PMS module. Successful exploitation of this vulnerability may cause features to perform abnormally. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-41301 |
CVE-2023-41302 | Redirection permission verification vulnerability in the home screen module. Successful exploitation of this vulnerability may cause features to perform abnormally. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-41302 |
CVE-2023-41303 | Command injection vulnerability in the distributed file system module. Successful exploitation of this vulnerability may cause variables in the sock structure to be modified. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-41303 |
CVE-2023-5156 | A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5156 |
CVE-2023-43642 | snappy-java is a Java port of the snappy, a fast C++ compresser/decompresser developed by Google. The SnappyInputStream was found to be vulnerable to Denial of Service (DoS) attacks when decompressing data with a too large chunk size. Due to missing upper bound check on chunk length, an unrecoverable fatal error can occur. All versions of snappy-java including the latest released version 1.1.10.3 are vulnerable to this issue. A fix has been introduced in commit `9f8c3cf74` which will be included in the 1.1.10.4 release. Users are advised to upgrade. Users unable to upgrade should only accept compressed data from trusted sources. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43642 |
CVE-2023-38907 | An issue in TPLink Smart bulb Tapo series L530 v.1.0.0 and Tapo Application v.2.8.14 allows a remote attacker to obtain sensitive information via session key in the message function. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-38907 |
CVE-2023-29245 | A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, may allow an unauthenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application by sending specially crafted malicious network packets. Malicious users with extensive knowledge on the underlying system may be able to extract arbitrary information from the DBMS in an uncontrolled way, or to alter its structure and data. | 7.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-29245 |
CVE-2023-3892 | Improper Restriction of XML External Entity Reference vulnerability in MIM Assistant and Client DICOM RTst Loading modules allows XML Entity Linking / XML External Entities Blowup. In order to take advantage of this vulnerability, an attacker must | 7.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-3892 |
CVE-2023-41929 | A DLL hijacking vulnerability in Samsung Memory Card & UFD Authentication Utility PC Software before 1.0.1 could allow a local attacker to escalate privileges. (An attacker must already have user privileges on Windows to exploit this vulnerability.) | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-41929 |
CVE-2023-3025 | The Dropbox Folder Share plugin for WordPress is vulnerable to Server-Side Request Forgery in versions up to, and including, 1.9.7 via the 'link' parameter. This can allow unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-3025 |
CVE-2023-35850 | SUNNET WMPro portal's file management function has a vulnerability of insufficient filtering for user input. A remote attacker with administrator privilege or a privileged account can exploit this vulnerability to inject and execute arbitrary system commands to perform arbitrary system operations or disrupt service. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-35850 |
CVE-2023-41443 | SQL injection vulnerability in Novel-Plus v.4.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the sort parameter in /sys/menu/list. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-41443 |
CVE-2023-31808 | Technicolor TG670 10.5.N.9 devices contain multiple accounts with hard-coded passwords. One account has administrative privileges, allowing for unrestricted access over the WAN interface if Remote Administration is enabled. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-31808 |
CVE-2023-41179 | A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and Worry-Free Business Security Services could allow an attacker to manipulate the module to execute arbitrary commands on an affected installation.\r \r Note that an attacker must first obtain administrative console access on the target system in order to exploit this vulnerability. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-41179 |
CVE-2023-40934 | A SQL injection vulnerability in Nagios XI 5.11.1 and below allows authenticated attackers with privileges to manage host escalations in the Core Configuration Manager to execute arbitrary SQL commands via the host escalation notification settings. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-40934 |
CVE-2023-38886 | An issue in Dolibarr ERP CRM v.17.0.1 and before allows a remote privileged attacker to execute arbitrary code via a crafted command/script. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-38886 |
CVE-2023-40043 | In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a SQL injection vulnerability has been identified in the MOVEit Transfer web interface that could allow a MOVEit system administrator account to gain unauthorized access to the MOVEit Transfer database. A MOVEit system administrator could submit a crafted payload to the MOVEit Transfer web interface which could result in modification and disclosure of MOVEit database content. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-40043 |
CVE-2023-3664 | The FileOrganizer WordPress plugin through 1.0.2 does not restrict functionality on multisite instances, allowing site admins to gain full control over the server. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-3664 |
CVE-2023-4238 | The Prevent files / folders access WordPress plugin before 2.5.2 does not validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-4238 |
CVE-2023-4300 | The Import XML and RSS Feeds WordPress plugin before 2.1.4 does not filter file extensions for uploaded files, allowing an attacker to upload a malicious PHP file, leading to Remote Code Execution. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-4300 |
CVE-2023-3567 | A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-3567 |
CVE-2023-25584 | An out-of-bounds read flaw was found in the parse_module function in bfd/vms-alpha.c in Binutils. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-25584 |
CVE-2023-36562 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-36562 |
CVE-2023-4156 | A heap out-of-bounds read flaw was found in builtin.c in the gawk package. This issue may lead to a crash and could be used to read sensitive information. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-4156 |
CVE-2017-1000376 | libffi requests an executable stack allowing attackers to more easily trigger arbitrary code execution by overwriting the stack. Please note that libffi is used by a number of other libraries. It was previously stated that this affects libffi version 3.2.1 but this appears to be incorrect. libffi prior to version 3.1 on 32 bit x86 systems was vulnerable, and upstream is believed to have fixed this issue in version 3.1. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2017-1000376 |
CVE-2023-3891 | Race condition in Lapce v0.2.8 allows an attacker to elevate privileges on the system | 7 | https://nvd.nist.gov/vuln/detail/CVE-2023-3891 |
CVE-2023-4680 | HashiCorp Vault and Vault Enterprise transit secrets engine allowed authorized users to specify arbitrary nonces, even with convergent encryption disabled. The encrypt endpoint, in combination with an offline attack, could be used to decrypt arbitrary ciphertext and potentially derive the authentication subkey when using transit secrets engine without convergent encryption. Introduced in 1.6.0 and fixed in 1.14.3, 1.13.7, and 1.12.11. | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4680 |
CVE-2022-3916 | A flaw was found in the offline_access scope in Keycloak. This issue would affect users of shared computers more (especially if cookies are not cleared), due to a lack of root session validation, and the reuse of session ids across root and user authentication sessions. This enables an attacker to resolve a user session attached to a previously authenticated user; when utilizing the refresh token, they will be issued a token for the original user. | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-3916 |
CVE-2023-40930 | Skyworth 3.0 OS is vulnerable to Directory Traversal. | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40930 |
CVE-2022-27635 | Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-27635 |
CVE-2022-40964 | Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-40964 |
CVE-2022-46329 | Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi software may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-46329 |
CVE-2023-28736 | Buffer overflow in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-28736 |
CVE-2023-32461 | Dell PowerEdge BIOS and Dell Precision BIOS contain a buffer overflow vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability, leading to corrupt memory and potentially escalate privileges. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-32461 |
CVE-2023-41325 | OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.20 and prior to version 3.22, `shdr_verify_signature` can make a double free. `shdr_verify_signature` used to verify a TA binary before it is loaded. To verify a signature of it, allocate a memory for RSA key. RSA key allocate function (`sw_crypto_acipher_alloc_rsa_public_key`) will try to allocate a memory (which is optee’s heap memory). RSA key is consist of exponent and modulus (represent as variable `e`, `n`) and it allocation is not atomic way, so it may succeed in `e` but fail in `n`. In this case sw_crypto_acipher_alloc_rsa_public_key` will free on `e` and return as it is failed but variable ‘e’ is remained as already freed memory address . `shdr_verify_signature` will free again that memory (which is `e`) even it is freed when it failed allocate RSA key. A patch is available in version 3.22. No known workarounds are available. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-41325 |
CVE-2018-12207 | Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-12207 |
CVE-2022-22483 | IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to an information disclosure in some scenarios due to unauthorized access caused by improper privilege management when CREATE OR REPLACE command is used. IBM X-Force ID: 225979. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-22483 |
CVE-2022-35637 | IBM Db2 for Linux, UNIX and Windows 9.7, 10.1, 10.5, 11.1, and 11.5 is vulnerable to a denial of service after entering a malformed SQL statement into the Db2expln tool. IBM X-Force ID: 230823. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-35637 |
CVE-2023-2408 | A vulnerability, which was classified as critical, has been found in SourceCodester AC Repair and Services System 1.0. Affected by this issue is some unknown functionality of the file services/view.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-227702 is the identifier assigned to this vulnerability. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2408 |
CVE-2023-2409 | A vulnerability, which was classified as critical, was found in SourceCodester AC Repair and Services System 1.0. This affects an unknown part of the file /admin/services/view_service.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227703. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2409 |
CVE-2023-2410 | A vulnerability has been found in SourceCodester AC Repair and Services System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/bookings/view_booking.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227704. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2410 |
CVE-2023-2411 | A vulnerability was found in SourceCodester AC Repair and Services System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/inquiries/view_inquiry.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227705 was assigned to this vulnerability. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2411 |
CVE-2023-2412 | A vulnerability was found in SourceCodester AC Repair and Services System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/user/manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-227706 is the identifier assigned to this vulnerability. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2412 |
CVE-2023-2413 | A vulnerability was found in SourceCodester AC Repair and Services System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/bookings/manage_booking.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227707. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2413 |
CVE-2022-36351 | Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an unauthenticated user to potentially enable denial of service via adjacent access. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-36351 |
CVE-2023-4456 | A flaw was found in openshift-logging LokiStack. The key used for caching is just the token, which is too broad. This issue allows a user with a token valid for one action to execute other actions as long as the authorization allowing the original action is still cached. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-4456 |
CVE-2020-18651 | Buffer Overflow vulnerability in function ID3_Support::ID3v2Frame::getFrameValue in exempi 2.5.0 and earlier allows remote attackers to cause a denial of service via opening of crafted audio file with ID3V2 frame. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-18651 |
CVE-2020-18652 | Buffer Overflow vulnerability in WEBP_Support.cpp in exempi 2.5.0 and earlier allows remote attackers to cause a denial of service via opening of crafted webp file. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-18652 |
CVE-2023-4764 | Incorrect security UI in BFCache in Google Chrome prior to 116.0.5845.179 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: High) | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-4764 |
CVE-2023-4874 | Null pointer dereference when viewing a specially crafted email in Mutt >1.5.2 <2.2.12 | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-4874 |
CVE-2021-28485 | In Ericsson Mobile Switching Center Server (MSC-S) before IS 3.1 CP22, the SIS web application allows relative path traversal via a specific parameter in the https request after authentication, which allows access to files on the system that are not intended to be accessible via the web application. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-28485 |
CVE-2023-4959 | A flaw was found in Quay. Cross-site request forgery (CSRF) attacks force a user to perform unwanted actions in an application. During the pentest, it was detected that the config-editor page is vulnerable to CSRF. The config-editor page is used to configure the Quay instance. By coercing the victim’s browser into sending an attacker-controlled request from another domain, it is possible to reconfigure the Quay instance (including adding users with admin privileges). | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-4959 |
CVE-2023-38706 | Discourse is an open-source discussion platform. Prior to version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches, a malicious user can create an unlimited number of drafts with very long draft keys which may end up exhausting the resources on the server. The issue is patched in version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches. There are no known workarounds. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-38706 |
CVE-2023-40019 | FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.10, FreeSWITCH allows authorized users to cause a denial of service attack by sending re-INVITE with SDP containing duplicate codec names. When a call in FreeSWITCH completes codec negotiation, the `codec_string` channel variable is set with the result of the negotiation. On a subsequent re-negotiation, if an SDP is offered that contains codecs with the same names but with different formats, there may be too many codec matches detected by FreeSWITCH leading to overflows of its internal arrays. By abusing this vulnerability, an attacker is able to corrupt stack of FreeSWITCH leading to an undefined behavior of the system or simply crash it. Version 1.10.10 contains a patch for this issue. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40019 |
CVE-2023-40588 | Discourse is an open-source discussion platform. Prior to version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches, a malicious user could add a 2FA or security key with a carefully crafted name to their account and cause a denial of service for other users. The issue is patched in version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches. There are no known workarounds. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40588 |
CVE-2023-41042 | Discourse is an open-source discussion platform. Prior to version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches, importing a remote theme loads their assets into memory without enforcing limits for file size or number of files. The issue is patched in version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches. There are no known workarounds. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-41042 |
CVE-2023-41043 | Discourse is an open-source discussion platform. Prior to version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches, a malicious admin could create extremely large icons sprites, which would then be cached in each server process. This may cause server processes to be killed and lead to downtime. The issue is patched in version 3.1.1 of the `stable` branch and version 3.2.0.beta1 of the `beta` and `tests-passed` branches. This is only a concern for multisite installations. No action is required when the admins are trusted. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-41043 |
CVE-2023-42439 | GeoNode is an open source platform that facilitates the creation, sharing, and collaborative use of geospatial data. A SSRF vulnerability exists starting in version 3.2.0, bypassing existing controls on the software. This can allow a user to request internal services for a full read SSRF, returning any data from the internal network. The application is using a whitelist, but the whitelist can be bypassed. The bypass will trick the application that the first host is a whitelisted address, but the browser will use `@` or `%40` as a credential to the host geoserver on port 8080, this will return the data to that host on the response. Version 4.1.3.post1 is the first available version that contains a patch. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-42439 |
CVE-2023-4527 | A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-4527 |
CVE-2023-39043 | An information leak in YKC Tokushima_awayokocho Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-39043 |
CVE-2023-39058 | An information leak in THE_B_members card v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-39058 |
CVE-2023-39046 | An information leak in TonTon-Tei_waiting Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-39046 |
CVE-2023-42446 | Pow is a authentication and user management solution for Phoenix and Plug-based apps. Starting in version 1.0.14 and prior to version 1.0.34, use of `Pow.Store.Backend.MnesiaCache` is susceptible to session hijacking as expired keys are not being invalidated correctly on startup. A session may expire when all `Pow.Store.Backend.MnesiaCache` instances have been shut down for a period that is longer than a session's remaining TTL. Version 1.0.34 contains a patch for this issue. As a workaround, expired keys, including all expired sessions, can be manually invalidated. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-42446 |
CVE-2023-2567 | A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain parameters used in the Query functionality, allows an authenticated attacker to execute arbitrary SQL queries on the DBMS used by the web application. Authenticated users can extract arbitrary information from the DBMS in an uncontrolled way. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2567 |
CVE-2023-40931 | A SQL injection vulnerability in Nagios XI from version 5.11.0 up to and including 5.11.1 allows authenticated attackers to execute arbitrary SQL commands via the ID parameter in the POST request to /nagiosxi/admin/banner_message-ajaxhelper.php | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40931 |
CVE-2023-25526 | NVIDIA Cumulus Linux contains a vulnerability in neighmgrd and nlmanager where an attacker on an adjacent network may cause an uncaught exception by injecting a crafted packet. A successful exploit may lead to denial of service. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-25526 |
CVE-2022-45447 | M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to a directory traversal vulnerability. The “f” parameter is not properly checked in the resource /m4pdf/pdf.php, returning any file given its relative path. An attacker that exploits this vulnerability could download /etc/passwd from the server if the file exists. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-45447 |
CVE-2023-2508 | The `PaperCutNG Mobility Print` version 1.0.3512 application allows an unauthenticated attacker to perform a CSRF attack on an instance administrator to configure the clients host (in the "configure printer discovery" section). This is possible because the application has no protections against CSRF attacks, like Anti-CSRF tokens, header origin validation, samesite cookies, etc. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2508 |
CVE-2023-43501 | A missing permission check in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43501 |
CVE-2023-39044 | An information leak in ajino-Shiretoko Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-39044 |
CVE-2023-39041 | An information leak in KUKURUDELI Line v13.6.1 allows attackers to obtain the channel access token and send crafted messages. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-39041 |
CVE-2023-39045 | An information leak in kokoroe_members card Line 13.6.1 allows attackers to obtain the channel access token and send crafted messages. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-39045 |
CVE-2023-39052 | An information leak in Earthgarden_waiting 13.6.1 allows attackers to obtain the channel access token and send crafted messages. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-39052 |
CVE-2023-42334 | An Indirect Object Reference (IDOR) in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to escalate privileges via the user parameter. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-42334 |
CVE-2023-5104 | Improper Input Validation in GitHub repository nocodb/nocodb prior to 0.96.0. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5104 |
CVE-2023-42806 | Hydra is the layer-two scalability solution for Cardano. Prior to version 0.13.0, not signing and verifying `$\\mathsf{cid}$` allows an attacker (which must be a participant of this head) to use a snapshot from an old head instance with the same participants to close the head or contest the state with it. This can lead to an incorrect distribution of value (= value extraction attack; hard, but possible) or prevent the head to finalize because the value available is not consistent with the closed utxo state (= denial of service; easy). A patch is planned for version 0.13.0. As a workaround, rotate keys between heads so not to re-use keys and not result in the same multi-signature participants. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-42806 |
CVE-2023-38344 | An issue was discovered in Ivanti Endpoint Manager before 2022 SU4. A file disclosure vulnerability exists in the GetFileContents SOAP action exposed via /landesk/managementsuite/core/core.secure/OsdScript.asmx. The application does not sufficiently restrict user-supplied paths, allowing for an authenticated attacker to read arbitrary files from a remote system, including the private key used to authenticate to agents for remote access. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-38344 |
CVE-2023-23766 | An incorrect comparison vulnerability was identified in GitHub Enterprise Server that allowed commit smuggling by displaying an incorrect diff in a re-opened Pull Request. To do so, an attacker would need write access to the repository. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.6.17, 3.7.15, 3.8.8, 3.9.3, and 3.10.1. This vulnerability was reported via the GitHub Bug Bounty program. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-23766 |
CVE-2023-43640 | TaxonWorks is a web-based workbench designed for taxonomists and biodiversity scientists. Prior to version 0.34.0, a SQL injection vulnerability was found in TaxonWorks that allows authenticated attackers to extract arbitrary data from the TaxonWorks database (including the users table). This issue may lead to information disclosure. Version 0.34.0 contains a fix for the issue. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43640 |
CVE-2023-43256 | A path traversal in Gladys Assistant v4.26.1 and below allows authenticated attackers to extract sensitive files in the host machine by exploiting a non-sanitized user input. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43256 |
CVE-2023-5166 | Docker Desktop before 4.23.0 allows Access Token theft via a crafted extension icon URL. This issue affects Docker Desktop: before 4.23.0. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5166 |
CVE-2023-43132 | szvone vmqphp <=1.13 is vulnerable to SQL Injection. Unauthorized remote users can use sql injection attacks to obtain the hash of the administrator password. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43132 |
CVE-2023-4258 | In Bluetooth mesh implementation If provisionee has a public key that is sent OOB then during provisioning it can be sent back and will be accepted by provisionee. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-4258 |
CVE-2023-4994 | The Allow PHP in Posts and Pages plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 3.0.4 via the 'php' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to execute code on the server. | 6.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-4994 |
CVE-2015-8856 | Cross-site scripting (XSS) vulnerability in the serve-index package before 1.6.3 for Node.js allows remote attackers to inject arbitrary web script or HTML via a crafted file or directory name. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2015-8856 |
CVE-2020-6205 | SAP NetWeaver AS ABAP Business Server Pages (Smart Forms), SAP_BASIS versions- 7.00, 7.01, 7.02, 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, 7.51, 7.52, 7.53, 7.54; does not sufficiently encode user controlled inputs, allowing an unauthenticated attacker to non-permanently deface or modify displayed content and/or steal authentication information of the user and/or impersonate the user and access all information with the same rights as the target user, leading to Reflected Cross Site Scripting Vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-6205 |
CVE-2021-40732 | XMP Toolkit version 2020.1 (and earlier) is affected by a null pointer dereference vulnerability that could result in leaking data from certain memory locations and causing a local denial of service in the context of the current user. User interaction is required to exploit this vulnerability in that the victim will need to open a specially crafted MXF file. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-40732 |
CVE-2023-2667 | A vulnerability has been found in SourceCodester Lost and Found Information System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file admin/. The manipulation of the argument page leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-228883. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-2667 |
CVE-2023-2671 | A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file classes/Master.php?f=save_inquiry of the component Contact Form. The manipulation of the argument fullname/contact/message leads to cross site scripting. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-228887. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-2671 |
CVE-2023-3659 | A vulnerability has been found in SourceCodester AC Repair and Services System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file admin/?page=user/manage_user. The manipulation of the argument firstname/middlename leads to cross site scripting. The attack can be launched remotely. The identifier VDB-234013 was assigned to this vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-3659 |
CVE-2023-36159 | Cross Site Scripting (XSS) vulnerability in sourcecodester Lost and Found Information System 1.0 allows remote attackers to run arbitrary code via the First Name, Middle Name and Last Name fields on the Create User page. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-36159 |
CVE-2023-41080 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. The vulnerability is limited to the ROOT (default) web application. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-41080 |
CVE-2023-40869 | Cross Site Scripting vulnerability in mooSocial mooSocial Software 3.1.6 and 3.1.7 allows a remote attacker to execute arbitrary code via a crafted script to the edit_menu, copuon, and group_categorias functions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-40869 |
CVE-2023-4978 | Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.0. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-4978 |
CVE-2023-4973 | A vulnerability was found in Academy LMS 6.2 on Windows. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /academy/tutor/filter of the component GET Parameter Handler. The manipulation of the argument searched_word/searched_tution_class_type[]/searched_price_type[]/searched_duration[] leads to cross site scripting. The attack can be launched remotely. The identifier VDB-239749 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-4973 |
CVE-2023-4663 | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Saphira Saphira Connect allows Reflected XSS.This issue affects Saphira Connect: before 9. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-4663 |
CVE-2023-36727 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-36727 |
CVE-2023-5015 | A vulnerability was found in UCMS 1.4.7. It has been classified as problematic. Affected is an unknown function of the file ajax.php?do=strarraylist. The manipulation of the argument strdefault leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239856. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-5015 |
CVE-2023-38040 | A reflected XSS vulnerability exists in Revive Adserver 5.4.1 and earlier versions.. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-38040 |
CVE-2023-5021 | A vulnerability, which was classified as problematic, was found in SourceCodester AC Repair and Services System 1.0. Affected is an unknown function of the file admin/?page=system_info/contact_information. The manipulation of the argument telephone/mobile/address leads to cross site scripting. It is possible to launch the attack remotely. VDB-239862 is the identifier assigned to this vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-5021 |
CVE-2023-5026 | A vulnerability classified as problematic has been found in Tongda OA 11.10. Affected is an unknown function of the file /general/ipanel/menu_code.php?MENU_TYPE=FAV. The manipulation of the argument OA_SUB_WINDOW leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-239868. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-5026 |
CVE-2023-42399 | Cross Site Scripting vulnerability in xdsoft.net Jodit Editor v.4.0.0-beta.86 allows a remote attacker to obtain sensitive information via the rich text editor component. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-42399 |
CVE-2023-41834 | Improper Neutralization of CRLF Sequences in HTTP Headers in Apache Flink Stateful Functions 3.1.0, 3.1.1 and 3.2.0 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted HTTP requests. Attackers could potentially inject malicious content into the HTTP response that is sent to the user's browser. Users should upgrade to Apache Flink Stateful Functions version 3.3.0. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-41834 |
CVE-2023-4093 | Reflected and persistent XSS vulnerability in Arconte Áurea, in its 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to inject malicious JavaScript code, compromise the victim's browser and take control of it, redirect the user to malicious domains or access information being viewed by the legitimate user. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-4093 |
CVE-2023-5084 | Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.8.8. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-5084 |
CVE-2022-45448 | M4 PDF plugin for Prestashop sites, in its 3.2.3 version and before, is vulnerable to an arbitrary HTML Document crafting vulnerability. The resource /m4pdf/pdf.php uses templates to dynamically create documents. In the case that the template does not exist, the application will return a fixed document with a message in mpdf format. An attacker could exploit this vulnerability by inputting a valid HTML/CSS document as the value of the parameter. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-45448 |
CVE-2023-42656 | In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a reflected cross-site scripting (XSS) vulnerability has been identified in MOVEit Transfer's web interface. An attacker could craft a malicious payload targeting MOVEit Transfer users during the package composition procedure. If a MOVEit user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victims browser. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-42656 |
CVE-2023-40618 | A reflected cross-site scripting (XSS) vulnerability in OpenKnowledgeMaps Head Start versions 4, 5, 6, 7 as well as Visual Project Explorer 1.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'service' parameter in 'headstart_snapshot.php'. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-40618 |
CVE-2023-38875 | A reflected cross-site scripting (XSS) vulnerability in msaad1999's PHP-Login-System 2.0.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'validator' parameter in '/reset-password'. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-38875 |
CVE-2023-38876 | A reflected cross-site scripting (XSS) vulnerability in msaad1999's PHP-Login-System 2.0.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'selector' parameter in '/reset-password'. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-38876 |
CVE-2018-5478 | Contao 3.x before 3.5.32 allows XSS via the unsubscribe module in the frontend newsletter extension. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2018-5478 |
CVE-2023-43763 | Certain WithSecure products allow XSS via an unvalidated parameter in the endpoint. This affects WithSecure Policy Manager 15 on Windows and Linux. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-43763 |
CVE-2023-43770 | Roundcube before 1.4.14, 1.5.x before 1.5.4, and 1.6.x before 1.6.3 allows XSS via text/plain e-mail messages with crafted links because of program/lib/Roundcube/rcube_string_replacer.php behavior. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-43770 |
CVE-2023-41874 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Tyche Softwares Order Delivery Date for WooCommerce plugin <= 3.20.0 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-41874 |
CVE-2023-41872 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Xtemos WoodMart plugin <= 7.2.4 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-41872 |
CVE-2023-43339 | Cross-Site Scripting (XSS) vulnerability in cmsmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload injected into the Database Name, DataBase User or Database Port components. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-43339 |
CVE-2023-4148 | The Ditty WordPress plugin before 3.1.25 does not sanitise and escape some parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-4148 |
CVE-2023-4476 | The Locatoraid Store Locator WordPress plugin before 3.9.24 does not sanitise and escape the lpr-search parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-4476 |
CVE-2023-4549 | The DoLogin Security WordPress plugin before 3.7 does not properly sanitize IP addresses coming from the X-Forwarded-For header, which can be used by attackers to conduct Stored XSS attacks via WordPress' login form. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-4549 |
CVE-2023-41863 | Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Pepro Dev. Group PeproDev CF7 Database plugin <= 1.7.0 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-41863 |
CVE-2023-41867 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in AcyMailing Newsletter Team AcyMailing plugin <= 8.6.2 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-41867 |
CVE-2023-41868 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ram Ratan Maurya, Codestag StagTools plugin <= 2.3.7 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-41868 |
CVE-2023-41871 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Poll Maker Team Poll Maker plugin <= 4.7.0 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-41871 |
CVE-2023-43319 | Cross Site Scripting (XSS) vulnerability in the Sign-In page of IceWarp WebClient 10.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-43319 |
CVE-2023-42426 | Cross-site scripting (XSS) vulnerability in Froala Froala Editor v.4.1.1 allows remote attackers to execute arbitrary code via the 'Insert link' parameter in the 'Insert Image' component. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-42426 |
CVE-2023-43326 | mooSocial v3.1.8 was discovered to contain a cross-site scripting (XSS) vulnerability via the change email function. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-43326 |
CVE-2023-43325 | A reflected cross-site scripting (XSS) vulnerability in the data[redirect_url] parameter of mooSocial v3.1.8 allows attackers to steal user's session cookies and impersonate their account via a crafted URL. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-43325 |
CVE-2021-23336 | The package python/cpython from 0 and before 3.6.13, from 3.7.0 and before 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2 are vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and urllib.parse.parse_qs by using a vector called parameter cloaking. When the attacker can separate query parameters using a semicolon (;), they can cause a difference in the interpretation of the request between the proxy (running with default configuration) and the server. This can result in malicious requests being cached as completely safe ones, as the proxy would usually not see the semicolon as a separator, and therefore would not include it in a cache key of an unkeyed parameter. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2021-23336 |
CVE-2023-4813 | A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-4813 |
CVE-2023-4806 | A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-4806 |
CVE-2023-38353 | MiniTool Power Data Recovery version 11.6 and before contains an insecure in-app payment system that allows attackers to steal highly sensitive information through a man in the middle attack. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-38353 |
CVE-2023-39252 | Dell SCG Policy Manager 5.16.00.14 contains a broken cryptographic algorithm vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by performing MitM attacks and let attackers obtain sensitive information. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-39252 |
CVE-2023-5054 | The Super Store Finder plugin for WordPress is vulnerable to unauthenticated arbitrary email creation and relay in versions up to, and including, 6.9.2. This is due to insufficient restrictions on the sendMail.php file that allows direct access. This makes it possible for unauthenticated attackers to send emails utilizing the vulnerable site's server, with arbitrary content. Please note that this vulnerability has already been publicly disclosed with an exploit which is why we are publishing the details without a patch available, we are attempting to initiate contact with the developer. | 5.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5054 |
CVE-2022-3563 | A vulnerability classified as problematic has been found in Linux Kernel. Affected is the function read_50_controller_cap_complete of the file tools/mgmt-tester.c of the component BlueZ. The manipulation of the argument cap_len leads to null pointer dereference. It is recommended to apply a patch to fix this issue. VDB-211086 is the identifier assigned to this vulnerability. | 5.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-3563 |
CVE-2023-4875 | Null pointer dereference when composing from a specially crafted draft message in Mutt >1.5.2 <2.2.12 | 5.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-4875 |
CVE-2023-36472 | Strapi is an open-source headless content management system. Prior to version 4.11.7, an unauthorized actor can get access to user reset password tokens if they have the configure view permissions. The `/content-manager/relations` route does not remove private fields or ensure that they can't be selected. This issue is fixed in version 4.11.7. | 5.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-36472 |
CVE-2020-0550 | Improper data forwarding in some data cache for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. The list of affected products is provided in intel-sa-00330: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00330.html | 5.6 | https://nvd.nist.gov/vuln/detail/CVE-2020-0550 |
CVE-2020-0551 | Load value injection in some Intel(R) Processors utilizing speculative execution may allow an authenticated user to potentially enable information disclosure via a side channel with local access. The list of affected products is provided in intel-sa-00334: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00334.html | 5.6 | https://nvd.nist.gov/vuln/detail/CVE-2020-0551 |
CVE-2021-36056 | XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in arbitrary code execution in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-36056 |
CVE-2021-36058 | XMP Toolkit SDK version 2020.1 (and earlier) is affected by an Integer Overflow vulnerability potentially resulting in application-level denial of service in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-36058 |
CVE-2021-40716 | XMP Toolkit SDK versions 2021.07 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-40716 |
CVE-2021-42528 | XMP Toolkit 2021.07 (and earlier) is affected by a Null pointer dereference vulnerability when parsing a specially crafted file. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-42528 |
CVE-2022-3637 | A vulnerability has been found in Linux Kernel and classified as problematic. This vulnerability affects the function jlink_init of the file monitor/jlink.c of the component BlueZ. The manipulation leads to denial of service. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-211936. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-3637 |
CVE-2021-33642 | When a file is processed, an infinite loop occurs in next_inline() of the more_curly() function. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-33642 |
CVE-2023-20593 | An issue in “Zen 2” CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-20593 |
CVE-2023-38560 | An integer overflow flaw was found in pcl/pl/plfont.c:418 in pl_glyph_name in ghostscript. This issue may allow a local attacker to cause a denial of service via transforming a crafted PCL file to PDF format. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-38560 |
CVE-2023-20588 | A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-20588 |
CVE-2020-21047 | The libcpu component which is used by libasm of elfutils version 0.177 (git 47780c9e), suffers from denial-of-service vulnerability caused by application crashes due to out-of-bounds write (CWE-787), off-by-one error (CWE-193) and reachable assertion (CWE-617); to exploit the vulnerability, the attackers need to craft certain ELF files which bypass the missing bound checks. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-21047 |
CVE-2020-21710 | A divide by zero issue discovered in eps_print_page in gdevepsn.c in Artifex Software GhostScript 9.50 allows remote attackers to cause a denial of service via opening of crafted PDF file. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-21710 |
CVE-2023-38558 | A vulnerability has been identified in SIMATIC PCS neo (Administration Console) V4.0 (All versions), SIMATIC PCS neo (Administration Console) V4.0 Update 1 (All versions). The affected application leaks Windows admin credentials. An attacker with local access to the Administration Console could get the credentials, and impersonate the admin user, thereby gaining admin access to other Windows systems. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-38558 |
CVE-2023-32611 | A flaw was found in GLib. GVariant deserialization is vulnerable to a slowdown issue where a crafted GVariant can cause excessive processing, leading to denial of service. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-32611 |
CVE-2023-32665 | A flaw was found in GLib. GVariant deserialization is vulnerable to an exponential blowup issue where a crafted GVariant can cause excessive processing, leading to denial of service. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-32665 |
CVE-2023-25585 | A flaw was found in Binutils. The use of an uninitialized field in the struct module *module may lead to application crash and local denial of service. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-25585 |
CVE-2023-25586 | A flaw was found in Binutils. A logic fail in the bfd_init_section_decompress_status function may lead to the use of an uninitialized variable that can cause a crash and local denial of service. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-25586 |
CVE-2023-25588 | A flaw was found in Binutils. The field `the_bfd` of `asymbol`struct is uninitialized in the `bfd_mach_o_get_synthetic_symtab` function, which may lead to an application crash and local denial of service. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-25588 |
CVE-2023-36160 | An issue was discovered in Qubo Smart Plug10A version HSP02_01_01_14_SYSTEM-10 A, allows local attackers to gain sensitive information and other unspecified impact via UART console. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-36160 |
CVE-2023-43114 | An issue was discovered in Qt before 5.15.16, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3 on Windows. When using the GDI font engine, if a corrupted font is loaded via QFontDatabase::addApplicationFont{FromData], then it can cause the application to crash because of missing length checks. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43114 |
CVE-2020-24089 | An issue was discovered in ImfHpRegFilter.sys in IOBit Malware Fighter version 8.0.2, allows local attackers to cause a denial of service (DoS). | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-24089 |
CVE-2023-43616 | An issue was discovered in Croc through 9.6.5. A sender can cause a receiver to overwrite files during ZIP extraction. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43616 |
CVE-2023-22644 | An Innsertion of Sensitive Information into Log File vulnerability in SUSE SUSE Manager Server Module 4.2 spacewalk-java, SUSE SUSE Manager Server Module 4.3 spacewalk-java causes sensitive information to be logged. This issue affects SUSE Manager Server Module 4.2: before 4.2.50-150300.3.66.5; SUSE Manager Server Module 4.3: before 4.3.58-150400.3.46.4. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-22644 |
CVE-2023-20597 | Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-20597 |
CVE-2023-22024 | In the Unbreakable Enterprise Kernel (UEK), the RDS module in UEK has two setsockopt(2) options, RDS_CONN_RESET and RDS6_CONN_RESET, that are not re-entrant. A malicious local user with CAP_NET_ADMIN can use this to crash the kernel. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-22024 |
CVE-2023-4753 | OpenHarmony v3.2.1 and prior version has a liteos-a kernel may crash caused by mqueue undetected entries vulnerability. Local attackers can crash liteos-a kernel by the error input | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-4753 |
CVE-2023-41991 | A certificate validation issue was addressed. This issue is fixed in iOS 16.7 and iPadOS 16.7, OS 17.0.1 and iPadOS 17.0.1, watchOS 9.6.3, macOS Ventura 13.6, watchOS 10.0.1. A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-41991 |
CVE-2023-43090 | A vulnerability was found in GNOME Shell. GNOME Shell's lock screen allows an unauthenticated local user to view windows of the locked desktop session by using keyboard shortcuts to unlock the restricted functionality of the screenshot tool. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43090 |
CVE-2023-43771 | In nqptp-message-handlers.c in nqptp before 1.2.3, crafted packets received on the control port could crash the program. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43771 |
CVE-2023-43782 | Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/.cadence-aloop-daemon.x Temporary File. The file is used even if it has been created by a local adversary before Cadence started. The adversary can then delete the file, disrupting Cadence. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43782 |
CVE-2023-42811 | aes-gcm is a pure Rust implementation of the AES-GCM. Starting in version 0.10.0 and prior to version 0.10.3, in the AES GCM implementation of decrypt_in_place_detached, the decrypted ciphertext (i.e. the correct plaintext) is exposed even if tag verification fails. If a program using the `aes-gcm` crate's `decrypt_in_place*` APIs accesses the buffer after decryption failure, it will contain a decryption of an unauthenticated input. Depending on the specific nature of the program this may enable Chosen Ciphertext Attacks (CCAs) which can cause a catastrophic breakage of the cipher including full plaintext recovery. Version 0.10.3 contains a fix for this issue. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-42811 |
CVE-2023-1633 | A credentials leak flaw was found in OpenStack Barbican. This flaw allows a local authenticated attacker to read the configuration file, gaining access to sensitive credentials. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-1633 |
CVE-2023-5158 | A flaw was found in vringh_kiov_advance in drivers/vhost/vringh.c in the host side of a virtio ring in the Linux Kernel. This issue may result in a denial of service from guest to host via zero length descriptor. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5158 |
CVE-2021-37781 | Employee Record Management System v 1.2 is vulnerable to Cross Site Scripting (XSS) via editempprofile.php. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-37781 |
CVE-2023-3017 | A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been classified as problematic. This affects an unknown part of the file admin/?page=user/manage_user of the component Manage User Page. The manipulation of the argument First Name/Middle Name/Last Name leads to basic cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-230361 was assigned to this vulnerability. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-3017 |
CVE-2023-35011 | IBM Cognos Analytics 11.1.7, 11.2.0, and 11.2.1 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 257705. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-35011 |
CVE-2023-40984 | A reflected cross-site scripting (XSS) vulnerability in the File Manager function of Webmin v2.100 allows attackers to execute malicious scripts via injecting a crafted payload into the Replace in Results file. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-40984 |
CVE-2023-40985 | An issue was discovered in Webmin 2.100. The File Manager functionality allows an attacker to exploit a Cross-Site Scripting (XSS) vulnerability. By providing a malicious payload, an attacker can inject arbitrary code, which is then executed within the context of the victim's browser when any file is searched/replaced. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-40985 |
CVE-2023-40986 | A stored cross-site scripting (XSS) vulnerability in the Usermin Configuration function of Webmin v2.100 allows attackers to execute arbitrary web sripts or HTML via a crafted payload injected into the Custom field. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-40986 |
CVE-2023-4977 | Code Injection in GitHub repository librenms/librenms prior to 23.9.0. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-4977 |
CVE-2023-4979 | Cross-site Scripting (XSS) - Reflected in GitHub repository librenms/librenms prior to 23.9.0. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-4979 |
CVE-2023-4980 | Cross-site Scripting (XSS) - Generic in GitHub repository librenms/librenms prior to 23.9.0. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-4980 |
CVE-2023-4981 | Cross-site Scripting (XSS) - DOM in GitHub repository librenms/librenms prior to 23.9.0. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-4981 |
CVE-2023-4982 | Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 23.9.0. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-4982 |
CVE-2023-40982 | A stored cross-site scripting (XSS) vulnerability in Webmin v2.100 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cloned module name parameter. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-40982 |
CVE-2023-41436 | Cross Site Scripting vulnerability in CSZCMS v.1.3.0 allows a local attacker to execute arbitrary code via a crafted script to the Additional Meta Tag parameter in the Pages Content Menu component. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-41436 |
CVE-2023-39777 | A cross-site scripting (XSS) vulnerability in the Admin Control Panel of vBulletin 5.7.5 and 6.0.0 allows attackers to execute arbitrary web scripts or HTML via the /login.php?do=login url parameter. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-39777 |
CVE-2023-5001 | The Horizontal scrolling announcement for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'horizontal-scrolling' shortcode in versions up to, and including, 9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5001 |
CVE-2023-41157 | Multiple stored cross-site scripting (XSS) vulnerabilities in Usermin 2.000 allow remote attackers to inject arbitrary web script or HTML via the folder name parameter while creating the folder to manage the folder tab, filter tab, and forward mail tab. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-41157 |
CVE-2023-5013 | A vulnerability has been found in Pluck CMS 4.7.18 and classified as problematic. This vulnerability affects unknown code of the file install.php of the component Installation Handler. The manipulation of the argument contents with the input --redacted-- leads to cross site scripting. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. VDB-239854 is the identifier assigned to this vulnerability | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5013 |
CVE-2023-5025 | A vulnerability was found in KOHA up to 23.05.03. It has been declared as problematic. This vulnerability affects unknown code of the file /cgi-bin/koha/catalogue/search.pl of the component MARC. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-239866 is the identifier assigned to this vulnerability. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5025 |
CVE-2023-42371 | Cross Site Scripting vulnerability in Summernote Rich Text Editor v.0.8.18 and before allows a remote attacker to execute arbitrary code via a crafted script to the insert link function in the editor component. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-42371 |
CVE-2023-23957 | An authenticated user can see and modify the value for ‘next’ query parameter in Symantec Identity Portal 14.4 | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-23957 |
CVE-2023-42452 | Mastodon is a free, open-source social network server based on ActivityPub. In versions on the 4.x branch prior to versions 4.0.10, 4.2.8, and 4.2.0-rc2, under certain conditions, attackers can abuse the translation feature to bypass the server-side HTML sanitization, allowing unescaped HTML to execute in the browser. The impact is limited thanks to Mastodon's strict Content Security Policy, blocking inline scripts, etc. However a CSP bypass or loophole could be exploited to execute malicious XSS. Furthermore, it requires user interaction, as this can only occur upon clicking the “Translate” button on a malicious post. Versions 4.0.10, 4.2.8, and 4.2.0-rc2 contain a patch for this issue. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-42452 |
CVE-2023-43566 | In JetBrains TeamCity before 2023.05.4 stored XSS was possible during nodes configuration | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43566 |
CVE-2023-40932 | A Cross-site scripting (XSS) vulnerability in Nagios XI version 5.11.1 and below allows authenticated attackers with access to the custom logo component to inject arbitrary javascript or HTML via the alt-text field. This affects all pages containing the navbar including the login page which means the attacker is able to to steal plaintext credentials. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-40932 |
CVE-2023-39575 | A reflected cross-site scripting (XSS) vulnerability in the url_str URL parameter of ISL ARP Guard v4.0.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-39575 |
CVE-2023-5062 | The WordPress Charts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wp_charts' shortcode in versions up to, and including, 0.7.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5062 |
CVE-2023-5063 | The Widget Responsive for Youtube plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'youtube' shortcode in versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5063 |
CVE-2023-43495 | Jenkins 2.423 and earlier, LTS 2.414.1 and earlier does not escape the value of the 'caption' constructor parameter of 'ExpandableDetailsNote', resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control this parameter. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43495 |
CVE-2023-43499 | Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier does not escape Failure Cause names in build logs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to create or update Failure Causes. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43499 |
CVE-2023-43376 | A cross-site scripting (XSS) vulnerability in /hoteldruid/clienti.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the nometipotariffa1 parameter. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43376 |
CVE-2023-43377 | A cross-site scripting (XSS) vulnerability in /hoteldruid/visualizza_contratto.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the destinatario_email1 parameter. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43377 |
CVE-2023-36234 | Cross Site Scripting (XSS) vulnerability in Netbox 3.5.1, allows attackers to execute arbitrary code via Name field in device-roles/add function. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-36234 |
CVE-2023-41048 | plone.namedfile allows users to handle `File` and `Image` fields targeting, but not depending on, Plone Dexterity content. Prior to versions 5.6.1, 6.0.3, 6.1.3, and 6.2.1, there is a stored cross site scripting vulnerability for SVG images. A security hotfix from 2021 already partially fixed this by making sure SVG images are always downloaded instead of shown inline. But the same problem still exists for scales of SVG images. Note that an image tag with an SVG image as source is not vulnerable, even when the SVG image contains malicious code. To exploit the vulnerability, an attacker would first need to upload an image, and then trick a user into following a specially crafted link. Patches are available in versions 5.6.1 (for Plone 5.2), 6.0.3 (for Plone 6.0.0-6.0.4), 6.1.3 (for Plone 6.0.5-6.0.6), and 6.2.1 (for Plone 6.0.7). There are no known workarounds. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-41048 |
CVE-2023-42458 | Zope is an open-source web application server. Prior to versions 4.8.10 and 5.8.5, there is a stored cross site scripting vulnerability for SVG images. Note that an image tag with an SVG image as source is never vulnerable, even when the SVG image contains malicious code. To exploit the vulnerability, an attacker would first need to upload an image, and then trick a user into following a specially crafted link. Patches are available in Zope 4.8.10 and 5.8.5. As a workaround, make sure the "Add Documents, Images, and Files" permission is only assigned to trusted roles. By default, only the Manager has this permission. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-42458 |
CVE-2023-4716 | The Media Library Assistant plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mla_gallery' shortcode in versions up to, and including, 3.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-4716 |
CVE-2023-4774 | The WP-Matomo Integration (WP-Piwik) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wp-piwik' shortcode in versions up to, and including, 1.0.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-4774 |
CVE-2023-5125 | The Contact Form by FormGet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'formget' shortcode in versions up to, and including, 5.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5125 |
CVE-2023-43456 | Cross Site Scripting vulnerability in Service Provider Management System v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the firstname, middlename and lastname parameters in the /php-spms/admin/?page=user endpoint. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43456 |
CVE-2023-42817 | Pimcore admin-ui-classic-bundle provides a Backend UI for Pimcore. The translation value with text including “%s” (from “%suggest%) is parsed by sprintf() even though it’s supposed to be output literally to the user. The translations may be accessible by a user with comparatively lower overall access (as the translation permission cannot be scoped to certain “modules”) and a skilled attacker might be able to exploit the parsing of the translation string in the dialog box. This issue has been patched in commit `abd77392` which is included in release 1.1.2. Users are advised to update to version 1.1.2 or apply the patch manually. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-42817 |
CVE-2023-43458 | Cross Site Scripting (XSS) vulnerability in Resort Reservation System v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the room, name, and description parameters in the manage_room function. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43458 |
CVE-2023-26916 | libyang from v2.0.164 to v2.1.30 was discovered to contain a NULL pointer dereference via the function lys_parse_mem at lys_parse_mem.c. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-26916 |
CVE-2023-31445 | Cassia Access controller before 2.1.1.2203171453, was discovered to have a unprivileged -information disclosure vulnerability that allows read-only users have the ability to enumerate all other users and discover e-mail addresses, phone numbers, and privileges of all other users. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-31445 |
CVE-2023-3817 | Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use the functions DH_check(), DH_check_ex() or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long delays. Where the key or parameters that are being checked have been obtained from an untrusted source this may lead to a Denial of Service. The function DH_check() performs various checks on DH parameters. After fixing CVE-2023-3446 it was discovered that a large q parameter value can also trigger an overly long computation during some of these checks. A correct q value, if present, cannot be larger than the modulus p parameter, thus it is unnecessary to perform these checks if q is larger than p. An application that calls DH_check() and supplies a key or parameters obtained from an untrusted source could be vulnerable to a Denial of Service attack. The function DH_check() is itself called by a number of other OpenSSL functions. An application calling any of those other functions may similarly be affected. The other functions affected by this are DH_check_ex() and EVP_PKEY_param_check(). Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications when using the "-check" option. The OpenSSL SSL/TLS implementation is not affected by this issue. The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-3817 |
CVE-2023-32003 | `fs.mkdtemp()` and `fs.mkdtempSync()` can be used to bypass the permission model check using a path traversal attack. This flaw arises from a missing check in the fs.mkdtemp() API and the impact is a malicious actor could create an arbitrary directory. This vulnerability affects all users using the experimental permission model in Node.js 20. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-32003 |
CVE-2023-40217 | An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.) | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-40217 |
CVE-2023-32005 | A vulnerability has been identified in Node.js version 20, affecting users of the experimental permission model when the --allow-fs-read flag is used with a non-* argument. This flaw arises from an inadequate permission model that fails to restrict file stats through the `fs.statfs` API. As a result, malicious actors can retrieve stats from files that they do not have explicit read access to. This vulnerability affects all users using the experimental permission model in Node.js 20. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-32005 |
CVE-2022-3466 | The version of cri-o as released for Red Hat OpenShift Container Platform 4.9.48, 4.10.31, and 4.11.6 via RHBA-2022:6316, RHBA-2022:6257, and RHBA-2022:6658, respectively, included an incorrect version of cri-o missing the fix for CVE-2022-27652, which was previously fixed in OCP 4.9.41 and 4.10.12 via RHBA-2022:5433 and RHSA-2022:1600. This issue could allow an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. For more details, see https://access.redhat.com/security/cve/CVE-2022-27652. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-3466 |
CVE-2023-40167 | Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the `+` character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. Versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1 contain a patch for this issue. There is no workaround as there is no known exploit scenario. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-40167 |
CVE-2023-41880 | Wasmtime is a standalone runtime for WebAssembly. Wasmtime versions from 10.0.0 to versions 10.02, 11.0.2, and 12.0.1 contain a miscompilation of the WebAssembly `i64x2.shr_s` instruction on x86_64 platforms when the shift amount is a constant value that is larger than 32. Only x86_64 is affected so all other targets are not affected by this. The miscompilation results in the instruction producing an incorrect result, namely the low 32-bits of the second lane of the vector are derived from the low 32-bits of the second lane of the input vector instead of the high 32-bits. The primary impact of this issue is that any WebAssembly program using the `i64x2.shr_s` with a constant shift amount larger than 32 may produce an incorrect result. This issue is not an escape from the WebAssembly sandbox. Execution of WebAssembly guest programs will still behave correctly with respect to memory sandboxing and isolation from the host. Wasmtime considers non-spec-compliant behavior as a security issue nonetheless. This issue was discovered through fuzzing of Wasmtime's code generator Cranelift. Wasmtime versions 10.0.2, 11.0.2, and 12.0.2 are all patched to no longer have this miscompilation. This issue only affects x86_64 hosts and the only workaround is to either scan for this pattern in wasm modules which is nontrivial or to disable the SIMD proposal for WebAssembly. Users prior to 10.0.0 are unaffected by this vulnerability. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-41880 |
CVE-2023-41889 | SHIRASAGI is a Content Management System. Prior to version 1.18.0, SHIRASAGI is vulnerable to a Post-Unicode normalization issue. This happens when a logical validation or a security check is performed before a Unicode normalization. The Unicode character equivalent of a character would resurface after the normalization. The fix is initially performing the Unicode normalization and then strip for all whitespaces and then checking for a blank string. This issue has been fixed in version 1.18.0. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-41889 |
CVE-2023-42442 | JumpServer is an open source bastion host and a professional operation and maintenance security audit system. Starting in version 3.0.0 and prior to versions 3.5.5 and 3.6.4, session replays can download without authentication. Session replays stored in S3, OSS, or other cloud storage are not affected. The api `/api/v1/terminal/sessions/` permission control is broken and can be accessed anonymously. SessionViewSet permission classes set to `[RBACPermission | IsSessionAssignee]`, relation is or, so any permission matched will be allowed. Versions 3.5.5 and 3.6.4 have a fix. After upgrading, visit the api `$HOST/api/v1/terminal/sessions/?limit=1`. The expected http response code is 401 (`not_authenticated`). | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-42442 |
CVE-2023-42441 | Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). Starting in version 0.2.9 and prior to version 0.3.10, locks of the type `@nonreentrant("")` or `@nonreentrant('')` do not produce reentrancy checks at runtime. This issue is fixed in version 0.3.10. As a workaround, ensure the lock name is a non-empty string. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-42441 |
CVE-2023-4095 | User enumeration vulnerability in Arconte Áurea 1.5.0.0 version. The exploitation of this vulnerability could allow an attacker to obtain a list of registered users in the application, obtaining the necessary information to perform more complex attacks on the platform. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-4095 |
CVE-2023-43617 | An issue was discovered in Croc through 9.6.5. When a custom shared secret is used, the sender and receiver may divulge parts of this secret to an untrusted Relay, as part of composing a room name. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-43617 |
CVE-2023-43618 | An issue was discovered in Croc through 9.6.5. The protocol requires a sender to provide its local IP addresses in cleartext via an ips? message. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-43618 |
CVE-2023-38718 | IBM Robotic Process Automation 21.0.0 through 21.0.7.8 could disclose sensitive information from access to RPA scripts, workflows and related data. IBM X-Force ID: 261606. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-38718 |
CVE-2023-4292 | Frauscher Sensortechnik GmbH FDS101 for FAdC/FAdCi v1.4.24 and all previous versions are vulnerable to a SQL injection vulnerability via manipulated parameters of the web interface without authentication. The database contains limited, non-critical log information. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-4292 |
CVE-2023-40183 | DataEase is an open source data visualization and analysis tool. Prior to version 1.18.11, DataEase has a vulnerability that allows an attacker to to obtain user cookies. The program only uses the `ImageIO.read()` method to determine whether the file is an image file or not. There is no whitelisting restriction on file suffixes. This allows the attacker to synthesize the attack code into an image for uploading and change the file extension to html. The attacker may steal user cookies by accessing links. The vulnerability has been fixed in v1.18.11. There are no known workarounds. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-40183 |
CVE-2023-5142 | A vulnerability classified as problematic was found in H3C GR-1100-P, GR-1108-P, GR-1200W, GR-1800AX, GR-2200, GR-3200, GR-5200, GR-8300, ER2100n, ER2200G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2 and ER6300G2 up to 20230908. This vulnerability affects unknown code of the file /userLogin.asp of the component Config File Handler. The manipulation leads to path traversal. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. VDB-240238 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-5142 |
CVE-2015-6964 | MultiBit HD before 0.1.2 allows attackers to conduct bit-flipping attacks that insert unspendable Bitcoin addresses into the list that MultiBit uses to send fees to the developers. (Attackers cannot realistically steal these fees for themselves.) This occurs because there is no message authentication code (MAC). | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2015-6964 |
CVE-2023-41295 | Vulnerability of improper permission management in the displayengine module. Successful exploitation of this vulnerability may cause the screen to turn dim. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-41295 |
CVE-2023-4281 | This Activity Log WordPress plugin before 2.8.8 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to hide the source of malicious traffic. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-4281 |
CVE-2023-4631 | The DoLogin Security WordPress plugin before 3.7 uses headers such as the X-Forwarded-For to retrieve the IP address of the request, which could lead to IP spoofing. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-4631 |
CVE-2023-1625 | An information leak was discovered in OpenStack heat. This issue could allow a remote, authenticated attacker to use the 'stack show' command to reveal parameters which are supposed to remain hidden. This has a low impact to the confidentiality, integrity, and availability of the system. | 5 | https://nvd.nist.gov/vuln/detail/CVE-2023-1625 |
CVE-2023-1636 | A vulnerability was found in OpenStack Barbican containers. This vulnerability is only applicable to deployments that utilize an all-in-one configuration. Barbican containers share the same CGROUP, USER, and NET namespace with the host system and other OpenStack services. If any service is compromised, it could gain access to the data transmitted to and from Barbican. | 5 | https://nvd.nist.gov/vuln/detail/CVE-2023-1636 |
CVE-2022-40433 | An issue was discovered in function ciMethodBlocks::make_block_at in Oracle JDK (HotSpot VM) 11, 17 and OpenJDK (HotSpot VM) 8, 11, 17, allows attackers to cause a denial of service. | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2022-40433 |
CVE-2023-20194 | A vulnerability in the ERS API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. To exploit this vulnerability, an attacker must have valid Administrator-level privileges on the affected device. This vulnerability is due to improper privilege management in the ERS API. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to elevate their privileges beyond the sphere of their intended access level, which would allow them to obtain sensitive information from the underlying operating system. Note: The ERS is not enabled by default. To verify the status of the ERS API in the Admin GUI, choose Administration > Settings > API Settings > API Service Settings. | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-20194 |
CVE-2023-26141 | Versions of the package sidekiq before 7.1.3 are vulnerable to Denial of Service (DoS) due to insufficient checks in the dashboard-charts.js file. An attacker can exploit this vulnerability by manipulating the localStorage value which will cause excessive polling requests. | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-26141 |
CVE-2023-4951 | A cross site scripting issue was discovered with the pagination function on the "Client-based Authentication Policy Configuration" screen of the GreenRADIUS web admin interface. This issue is found in GreenRADIUS v5.1.1.1 and prior. A fix was included in v5.1.2.2. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4951 |
CVE-2023-5024 | A vulnerability was found in Planno 23.04.04. It has been classified as problematic. This affects an unknown part of the component Comment Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239865 was assigned to this vulnerability. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5024 |
CVE-2023-2995 | The Leyka WordPress plugin through 3.30.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2995 |
CVE-2023-4376 | The Serial Codes Generator and Validator with WooCommerce Support WordPress plugin before 2.4.15 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4376 |
CVE-2023-31014 | NVIDIA GeForce Now for Android contains a vulnerability in the game launcher component, where a malicious application on the same device can process the implicit intent meant for the streamer component. A successful exploit of this vulnerability may lead to limited information disclosure, denial of service, and code execution. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-31014 |
CVE-2022-1438 | A flaw was found in Keycloak. Under specific circumstances, HTML entities are not sanitized during user impersonation, resulting in a Cross-site scripting (XSS) vulnerability. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-1438 |
CVE-2023-43309 | There is a stored cross-site scripting (XSS) vulnerability in Webmin 2.002 and below via the Cluster Cron Job tab Input field, which allows attackers to run malicious scripts by injecting a specially crafted payload. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43309 |
CVE-2023-41614 | A stored cross-site scripting (XSS) vulnerability in the Add Animal Details function of Zoo Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description of Animal parameter. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41614 |
CVE-2023-41616 | A reflected cross-site scripting (XSS) vulnerability in the Search Student function of Student Management System v1.2.3 and before allows attackers to execute arbitrary Javascript in the context of a victim user's browser via a crafted payload. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41616 |
CVE-2023-41948 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Christoph Rado Cookie Notice & Consent plugin <= 1.6.0 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41948 |
CVE-2023-41949 | Auth. (admin+) Cross-Site Scripting (XSS) vulnerability in Avirtum iFolders plugin <= 1.5.0 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41949 |
CVE-2023-3226 | The Popup Builder WordPress plugin through 4.1.15 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-3226 |
CVE-2023-4502 | The Translate WordPress with GTranslate WordPress plugin before 3.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). This vulnerability affects multiple parameters. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4502 |
CVE-2023-41051 | In a typical Virtual Machine Monitor (VMM) there are several components, such as boot loader, virtual device drivers, virtio backend drivers and vhost drivers, that need to access the VM physical memory. The vm-memory rust crate provides a set of traits to decouple VM memory consumers from VM memory providers. An issue was discovered in the default implementations of the `VolatileMemory::{get_atomic_ref, aligned_as_ref, aligned_as_mut, get_ref, get_array_ref}` trait functions, which allows out-of-bounds memory access if the `VolatileMemory::get_slice` function returns a `VolatileSlice` whose length is less than the function’s `count` argument. No implementations of `get_slice` provided in `vm_memory` are affected. Users of custom `VolatileMemory` implementations may be impacted if the custom implementation does not adhere to `get_slice`'s documentation. The issue started in version 0.1.0 but was fixed in version 0.12.2 by inserting a check that verifies that the `VolatileSlice` returned by `get_slice` is of the correct length. Users are advised to upgrade. There are no known workarounds for this issue. | 4.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-41051 |
CVE-2023-43621 | An issue was discovered in Croc through 9.6.5. The shared secret, located on a command line, can be read by local users who list all processes and their arguments. | 4.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-43621 |
CVE-2023-5028 | A vulnerability, which was classified as problematic, has been found in China Unicom TEWA-800G 4.16L.04_CT2015_Yueme. Affected by this issue is some unknown functionality. The manipulation leads to information exposure through debug log file. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. VDB-239870 is the identifier assigned to this vulnerability. | 4.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-5028 |
CVE-2023-4892 | Teedy v1.11 has a vulnerability in its text editor that allows events to be executed in HTML tags that an attacker could manipulate. Thanks to this, it is possible to execute malicious JavaScript in the webapp. | 4.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-4892 |
CVE-2023-28938 | Uncontrolled resource consumption in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a priviledged user to potentially enable denial of service via local access. | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-28938 |
CVE-2023-20594 | Improper initialization of variables in the DXE driver may allow a privileged user to leak sensitive information via local access. | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-20594 |
CVE-2023-40368 | IBM Storage Protect 8.1.0.0 through 8.1.19.0 could allow a privileged user to obtain sensitive information from the administrative command line client. IBM X-Force ID: 263456. | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-40368 |
CVE-2023-4900 | Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate a permission prompt via a crafted HTML page. (Chromium security severity: Medium) | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-4900 |
CVE-2023-4901 | Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium) | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-4901 |
CVE-2023-4902 | Inappropriate implementation in Input in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-4902 |
CVE-2023-4903 | Inappropriate implementation in Custom Mobile Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-4903 |
CVE-2023-4904 | Insufficient policy enforcement in Downloads in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Enterprise policy restrictions via a crafted download. (Chromium security severity: Medium) | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-4904 |
CVE-2023-4905 | Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-4905 |
CVE-2023-4906 | Insufficient policy enforcement in Autofill in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low) | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-4906 |
CVE-2023-4907 | Inappropriate implementation in Intents in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low) | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-4907 |
CVE-2023-4908 | Inappropriate implementation in Picture in Picture in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low) | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-4908 |
CVE-2023-4909 | Inappropriate implementation in Interstitials in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low) | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-4909 |
CVE-2022-20917 | A vulnerability in the Extensible Messaging and Presence Protocol (XMPP) message processing feature of Cisco Jabber could allow an authenticated, remote attacker to manipulate the content of XMPP messages that are used by the affected application.\r This vulnerability is due to the improper handling of nested XMPP messages within requests that are sent to the Cisco Jabber client software. An attacker could exploit this vulnerability by connecting to an XMPP messaging server and sending crafted XMPP messages to an affected Jabber client. A successful exploit could allow the attacker to manipulate the content of XMPP messages, possibly allowing the attacker to cause the Jabber client application to perform unsafe actions. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-20917 |
CVE-2023-36479 | Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. This issue was patched in version 9.4.52, 10.0.16, 11.0.16 and 12.0.0-beta2. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-36479 |
CVE-2023-41900 | Jetty is a Java based web server and servlet engine. Versions 9.4.21 through 9.4.51, 10.0.15, and 11.0.15 are vulnerable to weak authentication. If a Jetty `OpenIdAuthenticator` uses the optional nested `LoginService`, and that `LoginService` decides to revoke an already authenticated user, then the current request will still treat the user as authenticated. The authentication is then cleared from the session and subsequent requests will not be treated as authenticated. So a request on a previously authenticated session could be allowed to bypass authentication after it had been rejected by the `LoginService`. This impacts usages of the jetty-openid which have configured a nested `LoginService` and where that `LoginService` will is capable of rejecting previously authenticated users. Versions 9.4.52, 10.0.16, and 11.0.16 have a patch for this issue. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-41900 |
CVE-2023-34047 | A batch loader function in Spring for GraphQL versions 1.1.0 - 1.1.5 and 1.2.0 - 1.2.2 may be exposed to GraphQL context with values, including security context values, from a different session. An application is vulnerable if it provides a DataLoaderOptions instance when registering batch loader functions through DefaultBatchLoaderRegistry. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-34047 |
CVE-2023-43494 | Jenkins 2.50 through 2.423 (both inclusive), LTS 2.60.1 through 2.414.1 (both inclusive) does not exclude sensitive build variables (e.g., password parameter values) from the search in the build history widget, allowing attackers with Item/Read permission to obtain values of sensitive variables used in builds by iteratively testing different characters until the correct sequence is discovered. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-43494 |
CVE-2023-43502 | A cross-site request forgery (CSRF) vulnerability in Jenkins Build Failure Analyzer Plugin 2.4.1 and earlier allows attackers to delete Failure Causes. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-43502 |
CVE-2023-42812 | Galaxy is an open-source platform for FAIR data analysis. Prior to version 22.05, Galaxy is vulnerable to server-side request forgery, which allows a malicious to issue arbitrary HTTP/HTTPS requests from the application server to internal hosts and read their responses. Version 22.05 contains a patch for this issue. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-42812 |
CVE-2023-5134 | The Easy Registration Forms for WordPress is vulnerable to Information Disclosure via the 'erforms_user_meta' shortcode in versions up to, and including, 2.1.1 due to insufficient controls on the information retrievable via the shortcode. This makes it possible for authenticated attackers, with subscriber-level capabilities or above, to retrieve arbitrary sensitive user meta. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-5134 |
CVE-2022-3962 | A content spoofing vulnerability was found in Kiali. It was discovered that Kiali does not implement error handling when the page or endpoint being accessed cannot be found. This issue allows an attacker to perform arbitrary text injection when an error response is retrieved from the URL being accessed. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-3962 |
CVE-2021-36057 | XMP Toolkit SDK version 2020.1 (and earlier) is affected by a write-what-where condition vulnerability caused during the application's memory allocation process. This may cause the memory management functions to become mismatched resulting in local application denial of service in the context of the current user. | 4 | https://nvd.nist.gov/vuln/detail/CVE-2021-36057 |
CVE-2023-20867 | A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine. | 3.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-20867 |
CVE-2021-36045 | XMP Toolkit SDK versions 2020.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-36045 |
CVE-2021-36053 | XMP Toolkit SDK versions 2020.1 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of arbitrary memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-36053 |
CVE-2021-36054 | XMP Toolkit SDK version 2020.1 (and earlier) is affected by a buffer overflow vulnerability potentially resulting in local application denial of service in the context of the current user. Exploitation requires user interaction in that a victim must open a crafted file. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-36054 |
CVE-2023-40442 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Big Sur 11.7.9, iOS 15.7.8 and iPadOS 15.7.8, macOS Monterey 12.6.8. An app may be able to read sensitive location information. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-40442 |
CVE-2023-37263 | Strapi is the an open-source headless content management system. Prior to version 4.12.1, field level permissions are not respected in the relationship title. If an actor has relationship title and the relationship shows a field they don't have permission to see, the field will still be visible. Version 4.12.1 has a fix for this issue. | 2.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-37263 |
CVE-2023-4986 | A vulnerability classified as problematic was found in Supcon InPlant SCADA up to 20230901. Affected by this vulnerability is an unknown functionality of the file Project.xml. The manipulation leads to password hash with insufficient computational effort. Local access is required to approach this attack. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-239797 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-4986 |
CVE-2007-1923 | (1) LedgerSMB and (2) DWS Systems SQL-Ledger implement access control lists by changing the set of URLs linked from menus, which allows remote attackers to access restricted functionality via direct requests. The LedgerSMB affected versions are before 1.3.0. | – | https://nvd.nist.gov/vuln/detail/CVE-2007-1923 |
CVE-2011-0766 | The random number generator in the Crypto application before 2.0.2.2, and SSH before 2.0.5, as used in the Erlang/OTP ssh library before R14B03, uses predictable seeds based on the current time, which makes it easier for remote attackers to guess DSA host and SSH session keys. | – | https://nvd.nist.gov/vuln/detail/CVE-2011-0766 |
CVE-2013-3061 | The ISHMED-PATRED_TRANSACT_RFCCALL function in the IS-H Industry-Specific Component Hospital subsystem in SAP Healthcare Industry Solution, and the SAP ERP central component (aka ECC 6), allows remote authenticated users to bypass intended transaction restrictions via unspecified vectors. | – | https://nvd.nist.gov/vuln/detail/CVE-2013-3061 |
CVE-2013-6370 | Buffer overflow in the printbuf APIs in json-c before 0.12 allows remote attackers to cause a denial of service via unspecified vectors. | – | https://nvd.nist.gov/vuln/detail/CVE-2013-6370 |
CVE-2013-6371 | The hash functionality in json-c before 0.12 allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted JSON data, involving collisions. | – | https://nvd.nist.gov/vuln/detail/CVE-2013-6371 |
CVE-2015-8371 | Composer before 2016-02-10 allows cache poisoning from other projects built on the same host. This results in attacker-controlled code entering a server-side build process. The issue occurs because of the way that dist packages are cached. The cache key is derived from the package name, the dist type, and certain other data from the package repository (which may simply be a commit hash, and thus can be found by an attacker). Versions through 1.0.0-alpha11 are affected, and 1.0.0 is unaffected. | – | https://nvd.nist.gov/vuln/detail/CVE-2015-8371 |
CVE-2023-40581 | yt-dlp is a youtube-dl fork with additional features and fixes. yt-dlp allows the user to provide shell command lines to be executed at various stages in its download steps through the `--exec` flag. This flag allows output template expansion in its argument, so that metadata values may be used in the shell commands. The metadata fields can be combined with the `%q` conversion, which is intended to quote/escape these values so they can be safely passed to the shell. However, the escaping used for `cmd` (the shell used by Python's `subprocess` on Windows) does not properly escape special characters, which can allow for remote code execution if `--exec` is used directly with maliciously crafted remote data. This vulnerability only impacts `yt-dlp` on Windows, and the vulnerability is present regardless of whether `yt-dlp` is run from `cmd` or from `PowerShell`. Support for output template expansion in `--exec`, along with this vulnerable behavior, was added to `yt-dlp` in version 2021.04.11. yt-dlp version 2023.09.24 fixes this issue by properly escaping each special character. `\ ` will be replaced by `\\r` as no way of escaping it has been found. It is recommended to upgrade yt-dlp to version 2023.09.24 as soon as possible. Also, always be careful when using --exec, because while this specific vulnerability has been patched, using unvalidated input in shell commands is inherently dangerous. For Windows users who are not able to upgrade: 1. Avoid using any output template expansion in --exec other than {} (filepath). 2. If expansion in --exec is needed, verify the fields you are using do not contain ", | or &. 3. Instead of using --exec, write the info json and load the fields from it instead. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40581 |
CVE-2022-4137 | A reflected cross-site scripting (XSS) vulnerability was found in the 'oob' OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page. This flaw requires a user or administrator to interact with a link in order to be vulnerable. This may compromise user details, allowing it to be changed or collected by an attacker. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-4137 |
CVE-2022-4244 | A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-4244 |
CVE-2022-4245 | A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-4245 |
CVE-2023-5129 | With a specially crafted WebP lossless file, libwebp may write data out of bounds to the heap. The ReadHuffmanCodes() function allocates the HuffmanCode buffer with a size that comes from an array of precomputed sizes: kTableSize. The color_cache_bits value defines which size to use. The kTableSize array only takes into account sizes for 8-bit first-level table lookups but not second-level table lookups. libwebp allows codes that are up to 15-bit (MAX_ALLOWED_CODE_LENGTH). When BuildHuffmanTable() attempts to fill the second-level tables it may write data out-of-bounds. The OOB write to the undersized array happens in ReplicateValue. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5129 |