Security Bulletin 4 Oct 2023

Published on 04 Oct 2023

SingCERT's Security Bulletin summarises the list of vulnerabilities collated from the National Institute of Standards and Technology (NIST)'s National Vulnerability Database (NVD) in the past week.

The vulnerabilities are tabled based on severity, in accordance to their CVSSv3 base scores:


Criticalvulnerabilities with a base score of 9.0 to 10.0
Highvulnerabilities with a base score of 7.0 to 8.9
Mediumvulnerabilities with a base score of 4.0 to 6.9
Lowvulnerabilities with a base score of 0.1 to 3.9
Nonevulnerabilities with a base score of 0.0

For those vulnerabilities without assigned CVSS scores, please visit NVD for the updated CVSS vulnerability entries.

CRITICAL VULNERABILITIES
CVE NumberDescriptionBase ScoreReference
CVE-2022-22536SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system.\n\n10https://nvd.nist.gov/vuln/detail/CVE-2022-22536
CVE-2022-0543It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.10https://nvd.nist.gov/vuln/detail/CVE-2022-0543
CVE-2023-3432Server-Side Request Forgery (SSRF) in GitHub repository plantuml/plantuml prior to 1.2023.9.10https://nvd.nist.gov/vuln/detail/CVE-2023-3432
CVE-2023-38586An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sonoma 14. A sandboxed process may be able to circumvent sandbox restrictions.10https://nvd.nist.gov/vuln/detail/CVE-2023-38586
CVE-2023-40455A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14. A sandboxed process may be able to circumvent sandbox restrictions.10https://nvd.nist.gov/vuln/detail/CVE-2023-40455
CVE-2023-4260Potential off-by-one buffer overflow vulnerability in the Zephyr fuse file system.\n\n\n10https://nvd.nist.gov/vuln/detail/CVE-2023-4260
CVE-2023-4262Possible buffer overflow  in Zephyr mgmt subsystem when asserts are disabled\n\n10https://nvd.nist.gov/vuln/detail/CVE-2023-4262
CVE-2023-43632\nAs noted in the “VTPM.md” file in the eve documentation, “VTPM is a server listening on port\n8877 in EVE, exposing limited functionality of the TPM to the clients. \nVTPM allows clients to\nexecute tpm2-tools binaries from a list of hardcoded options”\nThe communication with this server is done using protobuf, and the data is comprised of 2\nparts:\n\n1. Header\n\n2. Data\n\nWhen a connection is made, the server is waiting for 4 bytes of data, which will be the header,\nand these 4 bytes would be parsed as uint32 size of the actual data to come.\n\nThen, in the function “handleRequest” this size is then used in order to allocate a payload on\nthe stack for the incoming data.\n\nAs this payload is allocated on the stack, this will allow overflowing the stack size allocated for\nthe relevant process with freely controlled data.\n\n* An attacker can crash the system. \n* An attacker can gain control over the system, specifically on the “vtpm_server” process\nwhich has very high privileges.\n\n\n9.9https://nvd.nist.gov/vuln/detail/CVE-2023-43632
CVE-2023-5223A vulnerability, which was classified as critical, has been found in HimitZH HOJ up to 4.6-9a65e3f. This issue affects some unknown processing of the component Topic Handler. The manipulation leads to sandbox issue. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240365 was assigned to this vulnerability.9.9https://nvd.nist.gov/vuln/detail/CVE-2023-5223
CVE-2023-43651JumpServer is an open source bastion host. An authenticated user can exploit a vulnerability in MongoDB sessions to execute arbitrary commands, leading to remote code execution. This vulnerability may further be leveraged to gain root privileges on the system. Through the WEB CLI interface provided by the koko component, a user logs into the authorized mongoDB database and exploits the MongoDB session to execute arbitrary commands. This vulnerability has been addressed in versions 2.28.20 and 3.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.9.9https://nvd.nist.gov/vuln/detail/CVE-2023-43651
CVE-2023-5201The OpenHook plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 4.3.0 via the 'php' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to execute code on the server. This requires the [php] shortcode setting to be enabled on the vulnerable site.9.9https://nvd.nist.gov/vuln/detail/CVE-2023-5201
CVE-2018-1160Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution.9.8https://nvd.nist.gov/vuln/detail/CVE-2018-1160
CVE-2018-21004The rsvpmaker plugin before 5.6.4 for WordPress has SQL injection.9.8https://nvd.nist.gov/vuln/detail/CVE-2018-21004
CVE-2019-15646The rsvpmaker plugin before 6.2 for WordPress has SQL injection.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-15646
CVE-2020-9406IBL Online Weather before 4.3.5a allows unauthenticated eval injection via the queryBCP method of the Auxiliary Service.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-9406
CVE-2020-25215yWorks yEd Desktop before 3.20.1 allows XXE attacks via an XML or GraphML document.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-25215
CVE-2020-25216yWorks yEd Desktop before 3.20.1 allows code execution via an XSL Transformation when using an XML file in conjunction with a custom stylesheet.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-25216
CVE-2021-1300Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-1300
CVE-2021-1301Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-1301
CVE-2021-41326In MISP before 2.4.148, app/Lib/Export/OpendataExport.php mishandles parameter data that is used in a shell_exec call.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-41326
CVE-2021-42169The Simple Payroll System with Dynamic Tax Bracket in PHP using SQLite Free Source Code (by: oretnom23 ) is vulnerable from remote SQL-Injection-Bypass-Authentication for the admin account. The parameter (username) from the login form is not protected correctly and there is no security and escaping from malicious payloads.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-42169
CVE-2021-40393An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-40393
CVE-2021-40394An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-40394
CVE-2022-23303The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-23303
CVE-2022-23304The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-23304
CVE-2022-29599In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-29599
CVE-2022-36227In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the code-execution impact: "In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution."9.8https://nvd.nist.gov/vuln/detail/CVE-2022-36227
CVE-2022-48337GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u *" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-48337
CVE-2023-20032On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed:\r\n\r \r A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code.\r\n\r \r This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow write. An attacker could exploit this vulnerability by submitting a crafted HFS+ partition file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the ClamAV scanning process, or else crash the process, resulting in a denial of service (DoS) condition.\r\n\r For a description of this vulnerability, see the ClamAV blog ["https://blog.clamav.net/"].9.8https://nvd.nist.gov/vuln/detail/CVE-2023-20032
CVE-2023-1529Out of bounds memory access in WebHID in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a malicious HID device. (Chromium security severity: High)9.8https://nvd.nist.gov/vuln/detail/CVE-2023-1529
CVE-2022-0194This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ad_addcomment function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15876.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-0194
CVE-2022-23121This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parse_entries function. The issue results from the lack of proper error handling when parsing AppleDouble entries. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15819.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-23121
CVE-2022-23122This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setfilparams function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15837.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-23122
CVE-2022-23123This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getdirparams method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15830.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-23123
CVE-2022-23124This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the get_finderinfo method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15870.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-23124
CVE-2022-23125This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the copyapplfile function. When parsing the len element, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15869.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-23125
CVE-2022-46387ConEmu through 220807 and Cmder before 1.3.21 report the title of the terminal, including control characters, which allows an attacker to change the title and then execute it as commands.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-46387
CVE-2022-43634This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dsi_writeinit function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-17646.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-43634
CVE-2023-2344A vulnerability has been found in SourceCodester Service Provider Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=save_service of the component HTTP POST Request Handler. The manipulation of the argument name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227587.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-2344
CVE-2023-2345A vulnerability was found in SourceCodester Service Provider Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /classes/Master.php?f=delete_inquiry. The manipulation leads to improper authorization. The attack may be launched remotely. The identifier of this vulnerability is VDB-227588.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-2345
CVE-2023-2346A vulnerability was found in SourceCodester Service Provider Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/inquiries/view_inquiry.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227589 was assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-2346
CVE-2023-2347A vulnerability was found in SourceCodester Service Provider Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/services/manage_service.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-227590 is the identifier assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-2347
CVE-2023-2348A vulnerability was found in SourceCodester Service Provider Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/user/manage_user.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227591.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-2348
CVE-2023-3028Insufficient authentication in the MQTT backend (broker) allows an attacker to access and even manipulate the telemetry data of the entire fleet of vehicles using the HopeChart HQT-401 telematics unit. Other models are possibly affected too.\n\n\n\n\n\n\n\n\nMultiple vulnerabilities were identified:\n\n\n\n- The MQTT backend does not require authentication, allowing unauthorized connections from an attacker.\n\n\n\n- The vehicles publish their telemetry data (e.g. GPS Location, speed, odometer, fuel, etc) as messages in public topics. The backend also sends commands to the vehicles as MQTT posts in public topics. As a result, an attacker can access the confidential data of the entire fleet that is managed by the backend.\n\n\n\n- The MQTT messages sent by the vehicles or the backend are not encrypted or authenticated. An attacker can create and post messages to impersonate a vehicle or the backend. The attacker could then, for example, send incorrect information to the backend about the vehicle's location.\n\n\n\n- The backend can inject data into a vehicle´s CAN bus by sending a specific MQTT message on a public topic. Because these messages are not authenticated or encrypted, an attacker could impersonate the backend, create a fake message and inject CAN data in any vehicle managed by the backend.\n\n\nThe confirmed version is 201808021036, however further versions have been also identified as potentially impacted.\n\n\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-3028
CVE-2023-34581Sourcecodester Service Provider Management System v1.0 is vulnerable to SQL Injection via the ID parameter in /php-spms/?page=services/view&id=29.8https://nvd.nist.gov/vuln/detail/CVE-2023-34581
CVE-2023-3644A vulnerability was found in SourceCodester Service Provider Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /classes/Master.php?f=save_inquiry. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. VDB-233890 is the identifier assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-3644
CVE-2023-39010BoofCV 0.42 was discovered to contain a code injection vulnerability via the component boofcv.io.calibration.CalibrationIO.load. This vulnerability is exploited by loading a crafted camera calibration file.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-39010
CVE-2021-32292An issue was discovered in json-c from 20200420 (post 0.14 unreleased code) through 0.15-20200726. A stack-buffer-overflow exists in the auxiliary sample program json_parse which is located in the function parseit.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-32292
CVE-2022-48565An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-48565
CVE-2023-40764User enumeration is found in PHP Jabbers Car Rental Script v3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-40764
CVE-2023-41910An issue was discovered in lldpd before 1.0.17. By crafting a CDP PDU packet with specific CDP_TLV_ADDRESSES TLVs, a malicious actor can remotely force the lldpd daemon to perform an out-of-bounds read on heap memory. This occurs in cdp_decode in daemon/protocols/cdp.c.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-41910
CVE-2023-4845A vulnerability was found in SourceCodester Simple Membership System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file account_edit_query.php. The manipulation of the argument admin_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-239254 is the identifier assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-4845
CVE-2023-39150ConEmu before commit 230724 does not sanitize title responses correctly for control characters, potentially leading to arbitrary code execution. This is related to an incomplete fix for CVE-2022-46387.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-39150
CVE-2023-5009An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2.7, all versions starting from 16.3 before 16.3.4. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies. This was a bypass of [CVE-2023-3932](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3932) showing additional impact.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-5009
CVE-2023-42793In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible9.8https://nvd.nist.gov/vuln/detail/CVE-2023-42793
CVE-2019-19450paraparser in ReportLab before 3.5.31 allows remote code execution because start_unichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with '<unichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626.9.8https://nvd.nist.gov/vuln/detail/CVE-2019-19450
CVE-2023-41993The issue was addressed with improved checks. This issue is fixed in Safari 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-41993
CVE-2021-38243xunruicms <=4.5.1 is vulnerable to Remote Code Execution.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-38243
CVE-2023-35071Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MRV Tech Logging Administration Panel allows SQL Injection.This issue affects Logging Administration Panel: before 20230915 .\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-35071
CVE-2023-39375\nSiberianCMS - CWE-274: Improper Handling of Insufficient Privileges\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-39375
CVE-2023-3767An OS command injection vulnerability has been found on EasyPHP Webserver affecting version 14.1. This vulnerability could allow an attacker to get full access to the system by sending a specially crafted exploit to the /index.php?zone=settings parameter.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-3767
CVE-2023-40400This issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. A remote user may cause an unexpected app termination or arbitrary code execution.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-40400
CVE-2023-41320GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. UI layout preferences management can be hijacked to lead to SQL injection. This injection can be use to takeover an administrator account. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-41320
CVE-2023-41878MeterSphere is a one-stop open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing and performance testing. The Selenium VNC config used in Metersphere is using a weak password by default, attackers can login to vnc and obtain high permissions. This issue has been addressed in version 2.10.7 LTS. Users are advised to upgrade. There are no known workarounds for this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-41878
CVE-2023-42461GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. The ITIL actors input field from the Ticket form can be used to perform a SQL injection. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-42461
CVE-2023-43154In Macrob7 Macs Framework Content Management System (CMS) 1.1.4f, loose comparison in "isValidLogin()" function during login attempt results in PHP type confusion vulnerability that leads to authentication bypass and takeover of the administrator account.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-43154
CVE-2023-43187A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute arbitrary code via crafted XML-RPC requests.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-43187
CVE-2023-43216SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_ip.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-43216
CVE-2023-43222SeaCMS v12.8 has an arbitrary code writing vulnerability in the /jxz7g2/admin_ping.php file.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-43222
CVE-2023-43234DedeBIZ v6.2.11 was discovered to contain multiple remote code execution (RCE) vulnerabilities at /admin/file_manage_control.php via the $activepath and $filename parameters.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-43234
CVE-2023-43291Deserialization of Untrusted Data in emlog pro v.2.1.15 and earlier allows a remote attacker to execute arbitrary code via the cache.php component.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-43291
CVE-2023-44013Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the list parameter in the fromSetIpMacBind function.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-44013
CVE-2023-44014Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain multiple stack overflows in the formSetMacFilterCfg function via the macFilterType and deviceList parameters.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-44014
CVE-2023-44015Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the schedEndTime parameter in the setSchedWifi function.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-44015
CVE-2023-44016Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the deviceId parameter in the addWifiMacFilter function.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-44016
CVE-2023-44017Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the timeZone parameter in the fromSetSysTime function.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-44017
CVE-2023-44018Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the domain parameter in the add_white_node function.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-44018
CVE-2023-44019Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the mac parameter in the GetParentControlInfo function.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-44019
CVE-2023-44020Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the security parameter in the formWifiBasicSet function.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-44020
CVE-2023-44021Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the formSetClientState function.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-44021
CVE-2023-44022Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-44022
CVE-2023-44023Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-44023
CVE-2023-44169SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_notify.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-44169
CVE-2023-44170SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_ping.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-44170
CVE-2023-44171SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_smtp.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-44171
CVE-2023-44172SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_weixin.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-44172
CVE-2023-4737Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hedef Tracking Admin Panel allows SQL Injection.This issue affects Admin Panel: before 1.2.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-4737
CVE-2023-5168A compromised content process could have provided malicious data to `FilterNodeD2D1` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-5168
CVE-2023-5172A hashtable in the Ion Engine could have been mutated while there was a live interior reference, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox < 118.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-5172
CVE-2023-5174If Windows failed to duplicate a handle during process creation, the sandbox code may have inadvertently freed a pointer twice, resulting in a use-after-free and a potentially exploitable crash.\n*This bug only affects Firefox on Windows when run in non-standard configurations (such as using `runas`). Other operating systems are unaffected.* This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-5174
CVE-2023-5175During process shutdown, it was possible that an `ImageBitmap` was created that would later be used after being freed from a different codepath, leading to a potentially exploitable crash. This vulnerability affects Firefox < 118.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-5175
CVE-2023-5176Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-5176
CVE-2023-42818JumpServer is an open source bastion host. When users enable MFA and use a public key for authentication, the Koko SSH server does not verify the corresponding SSH private key. An attacker could exploit a vulnerability by utilizing a disclosed public key to attempt brute-force authentication against the SSH service This issue has been patched in versions 3.6.5 and 3.5.6. Users are advised to upgrade. There are no known workarounds for this issue.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-42818
CVE-2023-43192SQL injection can exist in a newly created part of the JFinalcms background, and the parameters submitted by users are not filtered. As a result, special characters in parameters destroy the original logic of SQL statements. Attackers can use this vulnerability to execute any SQL statement.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-43192
CVE-2023-44080An issue in PGYER codefever v.2023.8.14-2ce4006 allows a remote attacker to execute arbitrary code via a crafted request to the branchList component.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-44080
CVE-2023-41449An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the reque parameter.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-41449
CVE-2023-38870A SQL injection vulnerability exists in gugoan Economizzer commit 3730880 (April 2023) and v.0.9-beta1. The cash book has a feature to list accomplishments by category, and the 'category_id' parameter is vulnerable to SQL Injection.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-38870
CVE-2023-44273Consensys gnark-crypto through 0.11.2 allows Signature Malleability. This occurs because deserialisation of EdDSA and ECDSA signatures does not ensure that the data is in a certain interval.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-44273
CVE-2023-43869D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWAN_Wizard56 function.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-43869
CVE-2023-30415Sourcecodester Packers and Movers Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /inquiries/view_inquiry.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-30415
CVE-2023-43013Asset Management System v1.0 is vulnerable to an\n\nunauthenticated SQL Injection vulnerability on the\n\n'email' parameter of index.php page, allowing an\n\nexternal attacker to dump all the contents of the\n\ndatabase contents and bypass the login control.\n\n\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-43013
CVE-2023-5004Hospital management system version 378c157 allows to bypass authentication.\n\nThis is possible because the application is vulnerable to SQLI.\n\n\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-5004
CVE-2023-5053Hospital management system version 378c157 allows to bypass authentication.\n\nThis is possible because the application is vulnerable to SQLI.\n\n\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-5053
CVE-2023-43739The 'bookisbn' parameter of the cart.php resource\n\ndoes not validate the characters received and they\n\nare sent unfiltered to the database.\n\n\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-43739
CVE-2023-44163The 'search' parameter of the process_search.php resource\n\ndoes not validate the characters received and they\n\nare sent unfiltered to the database.\n\n\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-44163
CVE-2023-44164The 'Email' parameter of the process_login.php resource\n\ndoes not validate the characters received and they\n\nare sent unfiltered to the database.\n\n\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-44164
CVE-2023-44165The 'Password' parameter of the process_login.php resource\n\ndoes not validate the characters received and they\n\nare sent unfiltered to the database.\n\n\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-44165
CVE-2023-44166The 'age' parameter of the process_registration.php resource\n\ndoes not validate the characters received and they\n\nare sent unfiltered to the database.\n\n\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-44166
CVE-2023-44167The 'name' parameter of the process_registration.php resource\n\ndoes not validate the characters received and they\n\nare sent unfiltered to the database.\n\n\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-44167
CVE-2023-44168The 'phone' parameter of the process_registration.php resource\n\ndoes not validate the characters received and they\n\nare sent unfiltered to the database.\n\n\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-44168
CVE-2023-43654TorchServe is a tool for serving and scaling PyTorch models in production. TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests and write files to the disk. This issue could be taken advantage of to compromise the integrity of the system and sensitive data. This issue is present in versions 0.1.0 to 0.8.1. A user is able to load the model of their choice from any URL that they would like to use. The user of TorchServe is responsible for configuring both the allowed_urls and specifying the model URL to be used. A pull request to warn the user when the default value for allowed_urls is used has been merged in PR #2534. TorchServe release 0.8.2 includes this change. Users are advised to upgrade. There are no known workarounds for this issue.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-43654
CVE-2023-5260A vulnerability, which was classified as critical, has been found in SourceCodester Simple Membership System 1.0. This issue affects some unknown processing of the file group_validator.php. The manipulation of the argument club_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240869 was assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-5260
CVE-2023-5261A vulnerability, which was classified as critical, was found in Tongda OA 2017. Affected is an unknown function of the file general/hr/manage/staff_title_evaluation/delete.php. The manipulation of the argument EVALUATION_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-240870 is the identifier assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-5261
CVE-2023-5288\nA remote unauthorized attacker may connect to the SIM1012, interact with the device and\nchange configuration settings. The adversary may also reset the SIM and in the worst case upload a\nnew firmware version to the device.\n\n9.8https://nvd.nist.gov/vuln/detail/CVE-2023-5288
CVE-2023-5265A vulnerability, which was classified as critical, has been found in Tongda OA 2017. Affected by this issue is some unknown functionality of the file general/hr/manage/staff_transfer/delete.php. The manipulation of the argument TRANSFER_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-240878 is the identifier assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-5265
CVE-2023-5267A vulnerability has been found in Tongda OA 2017 and classified as critical. This vulnerability affects unknown code of the file general/hr/recruit/hr_pool/delete.php. The manipulation of the argument EXPERT_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-240880.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-5267
CVE-2023-5276A vulnerability classified as critical was found in SourceCodester Engineers Online Portal 1.0. This vulnerability affects unknown code of the file downloadable_student.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The identifier of this vulnerability is VDB-240904.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-5276
CVE-2023-5277A vulnerability, which was classified as critical, has been found in SourceCodester Engineers Online Portal 1.0. This issue affects some unknown processing of the file student_avatar.php. The manipulation of the argument change leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240905 was assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-5277
CVE-2023-5278A vulnerability, which was classified as critical, was found in SourceCodester Engineers Online Portal 1.0. Affected is an unknown function of the file login.php. The manipulation of the argument username/password leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-240906 is the identifier assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-5278
CVE-2023-5279A vulnerability has been found in SourceCodester Engineers Online Portal 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file my_classmates.php. The manipulation of the argument teacher_class_student_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240907.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-5279
CVE-2023-5280A vulnerability was found in SourceCodester Engineers Online Portal 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file my_students.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240908.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-5280
CVE-2023-5281A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been classified as critical. This affects an unknown part of the file remove_inbox_message.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240909 was assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-5281
CVE-2023-5282A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been declared as critical. This vulnerability affects unknown code of the file seed_message_student.php. The manipulation of the argument teacher_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-240910 is the identifier assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-5282
CVE-2023-5227Unrestricted Upload of File with Dangerous Type in GitHub repository thorsten/phpmyfaq prior to 3.1.8.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-5227
CVE-2023-5300A vulnerability classified as critical has been found in TTSPlanning up to 20230925. This affects an unknown part. The manipulation of the argument uid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240939.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-5300
CVE-2023-20819In CDMA PPP protocol, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privilege needed. User interaction is not needed for exploitation. Patch ID: MOLY01068234; Issue ID: ALPS08010003.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-20819
CVE-2023-2136Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)9.6https://nvd.nist.gov/vuln/detail/CVE-2023-2136
CVE-2023-39007/ui/cron/item/open in the Cron component of OPNsense before 23.7 allows XSS via openAction in app/controllers/OPNsense/Cron/ItemController.php.9.6https://nvd.nist.gov/vuln/detail/CVE-2023-39007
CVE-2023-42657\n\n\nIn WS_FTP Server versions prior to 8.7.4 and 8.8.2, a directory traversal vulnerability was discovered.  An attacker could leverage this vulnerability to perform file operations (delete, rename, rmdir, mkdir) on files and folders outside of their authorized WS_FTP folder path.  Attackers could also escape the context of the WS_FTP Server file structure and perform the same level of operations (delete, rename, rmdir, mkdir) on file and folder locations on the underlying operating system.\n9.6https://nvd.nist.gov/vuln/detail/CVE-2023-42657
CVE-2023-4264Potential buffer overflow vulnerabilities n the Zephyr Bluetooth subsystem.\n\n\n9.6https://nvd.nist.gov/vuln/detail/CVE-2023-4264
CVE-2020-24147Server-side request forgery (SSR) vulnerability in the WP Smart Import (wp-smart-import) plugin 1.0.0 for WordPress via the file field.9.1https://nvd.nist.gov/vuln/detail/CVE-2020-24147
CVE-2023-33934Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: through 9.2.1.\n\n9.1https://nvd.nist.gov/vuln/detail/CVE-2023-33934
CVE-2023-4702Authentication Bypass Using an Alternate Path or Channel vulnerability in Yepas Digital Yepas allows Authentication Bypass.This issue affects Digital Yepas: before 1.0.1.\n\n9.1https://nvd.nist.gov/vuln/detail/CVE-2023-4702
CVE-2023-40436The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14. An attacker may be able to cause unexpected system termination or read kernel memory.9.1https://nvd.nist.gov/vuln/detail/CVE-2023-40436
CVE-2023-42462GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. The document upload process can be diverted to delete some files. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability.9.1https://nvd.nist.gov/vuln/detail/CVE-2023-42462
CVE-2023-44152Sensitive information disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979.9.1https://nvd.nist.gov/vuln/detail/CVE-2023-44152
CVE-2023-44154Sensitive information disclosure and manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.9.1https://nvd.nist.gov/vuln/detail/CVE-2023-44154
CVE-2023-44206Sensitive information disclosure and manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.9.1https://nvd.nist.gov/vuln/detail/CVE-2023-44206
CVE-2023-43652JumpServer is an open source bastion host. As an unauthenticated user, it is possible to authenticate to the core API with a username and an SSH public key without needing a password or the corresponding SSH private key. An SSH public key should be considered public knowledge and should not used as an authentication secret alone. JumpServer provides an API for the KoKo component to validate user private key logins. This API does not verify the source of requests and will generate a personal authentication token. Given that public keys can be easily leaked, an attacker can exploit the leaked public key and username to authenticate, subsequently gaining access to the current user's information and authorized actions. This issue has been addressed in versions 2.28.20 and 3.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.9.1https://nvd.nist.gov/vuln/detail/CVE-2023-43652
CVE-2022-47186There is an unrestricted upload of file vulnerability in Generex CS141 below 2.06 version. An attacker could upload and/or delete any type of file, without any format restriction and without any authentication, in the "upload" directory.9.1https://nvd.nist.gov/vuln/detail/CVE-2022-47186
CVE-2023-43909Hospital Management System thru commit 4770d was discovered to contain a SQL injection vulnerability via the app_contact parameter in appsearch.php.9.1https://nvd.nist.gov/vuln/detail/CVE-2023-43909
CVE-2023-39347Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An attacker with the ability to update pod labels can cause Cilium to apply incorrect network policies. This issue arises due to the fact that on pod update, Cilium incorrectly uses user-provided pod labels to select the policies which apply to the workload in question. This can affect Cilium network policies that use the namespace, service account or cluster constructs to restrict traffic, Cilium clusterwide network policies that use Cilium namespace labels to select the Pod and Kubernetes network policies. Non-existent construct names can be provided, which bypass all network policies applicable to the construct. For example, providing a pod with a non-existent namespace as the value of the `io.kubernetes.pod.namespace` label results in none of the namespaced CiliumNetworkPolicies applying to the pod in question. This attack requires the attacker to have Kubernetes API Server access, as described in the Cilium Threat Model. This issue has been resolved in: Cilium versions 1.14.2, 1.13.7, and 1.12.14. Users are advised to upgrade. As a workaround an admission webhook can be used to prevent pod label updates to the `k8s:io.kubernetes.pod.namespace` and `io.cilium.k8s.policy.*` keys.9https://nvd.nist.gov/vuln/detail/CVE-2023-39347

OTHER VULNERABILITIES
CVE NumberDescriptionBase ScoreReference
CVE-2018-17700This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Array.prototype.concat. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7131.8.8https://nvd.nist.gov/vuln/detail/CVE-2018-17700
CVE-2019-17534vips_foreign_load_gif_scan_image in foreign/gifload.c in libvips before 8.8.2 tries to access a color map before a DGifGetImageDesc call, leading to a use-after-free.8.8https://nvd.nist.gov/vuln/detail/CVE-2019-17534
CVE-2020-12351Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-12351
CVE-2021-1298Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-1298
CVE-2021-1299Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-1299
CVE-2021-1302Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information that they are not authorized to access. For more information about these vulnerabilities, see the Details section of this advisory.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-1302
CVE-2021-32621XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions prior to 12.6.7 and 12.10.3, a user without Script or Programming right is able to execute script requiring privileges by editing gadget titles in the dashboard. The issue has been patched in XWiki 12.6.7, 12.10.3 and 13.0RC1.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-32621
CVE-2021-3246A heap buffer overflow vulnerability in msadpcm_decode_block of libsndfile 1.0.30 allows attackers to execute arbitrary code via a crafted WAV file.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-3246
CVE-2021-42369Imagicle Application Suite (for Cisco UC) before 2021.Summer.2 allows SQL injection. A low-privileged user could inject a SQL statement through the "Export to CSV" feature of the Contact Manager web GUI.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-42369
CVE-2020-28419During installation with certain driver software or application packages an arbitrary code execution could occur.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-28419
CVE-2023-0696Type confusion in V8 in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-0696
CVE-2023-0698Out of bounds read in WebRTC in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-0698
CVE-2023-0699Use after free in GPU in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page and browser shutdown. (Chromium security severity: Medium)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-0699
CVE-2023-0701Heap buffer overflow in WebUI in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interaction . (Chromium security severity: Medium)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-0701
CVE-2023-0702Type confusion in Data Transfer in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-0702
CVE-2023-0703Type confusion in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interactions. (Chromium security severity: Medium)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-0703
CVE-2023-0927Use after free in Web Payments API in Google Chrome on Android prior to 110.0.5481.177 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-0927
CVE-2023-0928Use after free in SwiftShader in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-0928
CVE-2023-0929Use after free in Vulkan in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-0929
CVE-2023-0930Heap buffer overflow in Video in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-0930
CVE-2023-0931Use after free in Video in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-0931
CVE-2023-0932Use after free in WebRTC in Google Chrome on Windows prior to 110.0.5481.177 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-0932
CVE-2023-0933Integer overflow in PDF in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-0933
CVE-2023-0941Use after free in Prompts in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-0941
CVE-2023-1528Use after free in Passwords in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-1528
CVE-2023-1530Use after free in PDF in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-1530
CVE-2023-1531Use after free in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-1531
CVE-2023-1532Out of bounds read in GPU Video in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-1532
CVE-2023-1533Use after free in WebProtect in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-1533
CVE-2023-1534Out of bounds read in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-1534
CVE-2023-1810Heap buffer overflow in Visuals in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-1810
CVE-2023-1811Use after free in Frames in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-1811
CVE-2023-1812Out of bounds memory access in DOM Bindings in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-1812
CVE-2023-1815Use after free in Networking APIs in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-1815
CVE-2023-1818Use after free in Vulkan in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-1818
CVE-2023-1820Heap buffer overflow in Browser History in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-1820
CVE-2023-2033Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-2033
CVE-2023-2133Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-2133
CVE-2023-2134Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-2134
CVE-2023-2137Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-2137
CVE-2023-2461Use after free in OS Inputs in Google Chrome on ChromeOS prior to 113.0.5672.63 allowed a remote attacker who convinced a user to enage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: Medium)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-2461
CVE-2023-2721Use after free in Navigation in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-2721
CVE-2023-2722Use after free in Autofill UI in Google Chrome on Android prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-2722
CVE-2023-2723Use after free in DevTools in Google Chrome prior to 113.0.5672.126 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-2723
CVE-2023-2724Type confusion in V8 in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-2724
CVE-2023-2725Use after free in Guest View in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-2725
CVE-2023-2726Inappropriate implementation in WebApp Installs in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious web app to bypass install dialog via a crafted HTML page. (Chromium security severity: Medium)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-2726
CVE-2023-2769A vulnerability classified as critical has been found in SourceCodester Service Provider Management System 1.0. This affects an unknown part of the file /classes/Master.php?f=delete_service. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-229275.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-2769
CVE-2023-3119A vulnerability, which was classified as critical, has been found in SourceCodester Service Provider Management System 1.0. Affected by this issue is some unknown functionality of the file view.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-230798 is the identifier assigned to this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-3119
CVE-2023-34468The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution.\n\nThe resolution validates the Database URL and rejects H2 JDBC locations.\n\nYou are recommended to upgrade to version 1.22.0 or later which fixes this issue.\n\n\n8.8https://nvd.nist.gov/vuln/detail/CVE-2023-34468
CVE-2023-4863Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-4863
CVE-2023-43630PCR14 is not in the list of PCRs that seal/unseal the “vault” key, but\ndue to the change that was implemented in commit\n“7638364bc0acf8b5c481b5ce5fea11ad44ad7fd4”, fixing this issue alone would not solve the\nproblem of the config partition not being measured correctly.\n\nAlso, the “vault” key is sealed/unsealed with SHA1 PCRs instead of\nSHA256. \nThis issue was somewhat mitigated due to all of the PCR extend functions\nupdating both the values of SHA256 and SHA1 for a given PCR ID.\n\nHowever, due to the change that was implemented in commit\n“7638364bc0acf8b5c481b5ce5fea11ad44ad7fd4”, this is no longer the case for PCR14, as\nthe code in “measurefs.go” explicitly updates only the SHA256 instance of PCR14, which\nmeans that even if PCR14 were to be added to the list of PCRs sealing/unsealing the “vault”\nkey, changes to the config partition would still not be measured.\n\n\n\nAn attacker could modify the config partition without triggering the measured boot, this could\nresult in the attacker gaining full control over the device with full access to the contents of the\nencrypted “vault” \n\n\n\n\n8.8https://nvd.nist.gov/vuln/detail/CVE-2023-43630
CVE-2023-43635\nVault Key Sealed With SHA1 PCRs\n\n\n\n\n\n\nThe measured boot solution implemented in EVE OS leans on a PCR locking mechanism.\n\nDifferent parts of the system update different PCR values in the TPM, resulting in a unique\nvalue for each PCR entry.\n\nThese PCRs are then used in order to seal/unseal a key from the TPM which is used to\nencrypt/decrypt the “vault” directory.\n\nThis “vault” directory is the most sensitive point in the system and as such, its content should\nbe protected.\n\nThis mechanism is noted in Zededa’s documentation as the “measured boot” mechanism,\ndesigned to protect said “vault”.\n\nThe code that’s responsible for generating and fetching the key from the TPM assumes that\nSHA256 PCRs are used in order to seal/unseal the key, and as such their presence is being\nchecked.\n\nThe issue here is that the key is not sealed using SHA256 PCRs, but using SHA1 PCRs.\nThis leads to several issues:\n\n• Machines that have their SHA256 PCRs enabled but SHA1 PCRs disabled, as well\nas not sealing their keys at all, meaning the “vault” is not protected from an attacker.\n\n• SHA1 is considered insecure and reduces the complexity level required to unseal the\nkey in machines which have their SHA1 PCRs enabled.\n\n\n\nAn attacker can very easily retrieve the contents of the “vault”, which will effectively render\nthe “measured boot” mechanism meaningless.\n\n\n\n\n\n8.8https://nvd.nist.gov/vuln/detail/CVE-2023-43635
CVE-2023-43636\n\n\nIn EVE OS, the “measured boot” mechanism prevents a compromised device from accessing\nthe encrypted data located in the vault.\n\nAs per the “measured boot” design, the PCR values calculated at different stages of the boot\nprocess will change if any of their respective parts are changed.\n\nThis includes, among other things, the configuration of the bios, grub, the kernel cmdline,\ninitrd, and more.\n\nHowever, this mechanism does not validate the entire rootfs, so an attacker can edit the\nfilesystem and gain control over the system.\n\nAs the default filesystem used by EVE OS is squashfs, this is somewhat harder than an ext4,\nwhich is easily changeable.\n\nThis will not stop an attacker, as an attacker can repackage the squashfs with their changes\nin it and replace the partition altogether.\n\nThis can also be done directly on the device, as the “003-storage-init” container contains the\n“mksquashfs” and “unsquashfs” binaries (with the corresponding libs).\n\n\n\n\n\n\n\nAn attacker can gain full control over the device without changing the PCR values, thus not\ntriggering the “measured boot” mechanism, and having full access to the vault.\n\n\n\nNote:\n\nThis issue was partially fixed in these commits (after disclosure to Zededa), where the config\npartition measurement was added to PCR13:\n\n• aa3501d6c57206ced222c33aea15a9169d629141\n\n• 5fef4d92e75838cc78010edaed5247dfbdae1889.\n\nThis issue was made viable in version 9.0.0 when the calculation was moved to PCR14 but it was not included in the measured boot.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-43636
CVE-2015-8371Composer before 2016-02-10 allows cache poisoning from other projects built on the same host. This results in attacker-controlled code entering a server-side build process. The issue occurs because of the way that dist packages are cached. The cache key is derived from the package name, the dist type, and certain other data from the package repository (which may simply be a commit hash, and thus can be found by an attacker). Versions through 1.0.0-alpha11 are affected, and 1.0.0 is unaffected.8.8https://nvd.nist.gov/vuln/detail/CVE-2015-8371
CVE-2023-43631\nOn boot, the Pillar eve container checks for the existence and content of\n“/config/authorized_keys”.\n\nIf the file is present, and contains a supported public key, the container will go on to open\nport 22 and enable sshd with the given keys as the authorized keys for root login.\n\nAn attacker could easily add their own keys and gain full control over the system without\ntriggering the “measured boot” mechanism implemented by EVE OS, and without marking\nthe device as “UUD” (“Unknown Update Detected”).\n\nThis is because the “/config” partition is not protected by “measured boot”, it is mutable, and\nit is not encrypted in any way.\n\n\n\n\nAn attacker can gain full control over the device without changing the PCR values, thus not\ntriggering the “measured boot” mechanism, and having full access to the vault.\n\n\n\nNote:\n\nThis issue was partially fixed in these commits (after disclosure to Zededa), where the config\npartition measurement was added to PCR13:\n\n• aa3501d6c57206ced222c33aea15a9169d629141\n\n• 5fef4d92e75838cc78010edaed5247dfbdae1889.\n\nThis issue was made viable in version 9.0.0 when the calculation was moved to PCR14 but it was not included in the measured boot.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-43631
CVE-2023-43633\nOn boot, the Pillar eve container checks for the existence and content of\n“/config/GlobalConfig/global.json”.\n\nIf the file exists, it overrides the existing configuration on the device on boot.\n\nThis allows an attacker to change the system’s configuration, which also includes some\ndebug functions.\n\nThis could be used to unlock the ssh with custom “authorized_keys” via the\n“debug.enable.ssh” key, similar to the “authorized_keys” finding that was noted before.\n\nOther usages include unlocking the usb to enable the keyboard via the “debug.enable.usb”\nkey, allowing VNC access via the “app.allow.vnc” key, and more.\n\nAn attacker could easily enable these debug functionalities without triggering the “measured\nboot” mechanism implemented by EVE OS, and without marking the device as “UUD”\n(“Unknown Update Detected”).\nThis is because the “/config” partition is not protected by “measured boot”, it is mutable and it\nis not encrypted in any way.\n\n\n\n\n\nAn attacker can gain full control over the device without changing the PCR values, thereby not\ntriggering the “measured boot” mechanism, and having full access to the vault.\n\n\n\n\nNote:\n\nThis issue was partially fixed in these commits (after disclosure to Zededa), where the config\npartition measurement was added to PCR13:\n\n• aa3501d6c57206ced222c33aea15a9169d629141\n\n• 5fef4d92e75838cc78010edaed5247dfbdae1889.\n\nThis issue was made viable in version 9.0.0 when the calculation was moved to PCR14 but it was not included in the measured boot.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-43633
CVE-2023-43634\nWhen sealing/unsealing the “vault” key, a list of PCRs is used, which defines which PCRs\nare used.\n\nIn a previous project, CYMOTIVE found that the configuration is not protected by the secure\nboot, and in response Zededa implemented measurements on the config partition that was\nmapped to PCR 13.\n\nIn that process, PCR 13 was added to the list of PCRs that seal/unseal the key.\n\nIn commit “56e589749c6ff58ded862d39535d43253b249acf”, the config partition\nmeasurement moved from PCR 13 to PCR 14, but PCR 14 was not added to the list of\nPCRs that seal/unseal the key.\n\nThis change makes the measurement of PCR 14 effectively redundant as it would not affect\nthe sealing/unsealing of the key.\n\n\n\nAn attacker could modify the config partition without triggering the measured boot, this could\nresult in the attacker gaining full control over the device with full access to the contents of the\nencrypted “vault”\n\n\n\n\n8.8https://nvd.nist.gov/vuln/detail/CVE-2023-43634
CVE-2023-28055\nDell NetWorker, Version 19.7 has an improper authorization vulnerability in the NetWorker client. An unauthenticated attacker within the same network could potentially exploit this by manipulating a command leading to gain of complete access to the server file further resulting in information leaks, denial of service, and arbitrary code execution. Dell recommends customers to upgrade at the earliest opportunity.\n\n8.8https://nvd.nist.gov/vuln/detail/CVE-2023-28055
CVE-2023-2315Path Traversal in OpenCart versions 4.0.0.0 to 4.0.2.2 allows an authenticated user with access/modify privilege on the Log component to empty out arbitrary files on the server8.8https://nvd.nist.gov/vuln/detail/CVE-2023-2315
CVE-2023-35074The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-35074
CVE-2023-35793An issue was discovered in Cassia Access Controller 2.1.1.2303271039. Establishing a web SSH session to gateways is vulnerable to Cross Site Request Forgery (CSRF) attacks.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-35793
CVE-2023-39378SiberianCMS - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') by an unauthenticated user8.8https://nvd.nist.gov/vuln/detail/CVE-2023-39378
CVE-2023-39434A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. Processing web content may lead to arbitrary code execution.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-39434
CVE-2023-40044\nIn WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system.  \n\n8.8https://nvd.nist.gov/vuln/detail/CVE-2023-40044
CVE-2023-40451This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 17. An attacker with JavaScript execution may be able to execute arbitrary code.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-40451
CVE-2023-41074The issue was addressed with improved checks. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-41074
CVE-2023-41322GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. A user with write access to another user can make requests to change the latter's password and then take control of their account. Users are advised to upgrade to version 10.0.10. There are no known work around for this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-41322
CVE-2023-41324GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An API user that have read access on users resource can steal accounts of other users. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-41324
CVE-2023-41326GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. A logged user from any profile can hijack the Kanban feature to alter any user field, and end-up with stealing its account. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-41326
CVE-2023-42819JumpServer is an open source bastion host. Logged-in users can access and modify the contents of any file on the system. A user can use the 'Job-Template' menu and create a playbook named 'test'. Get the playbook id from the detail page, like 'e0adabef-c38f-492d-bd92-832bacc3df5f'. An attacker can exploit the directory traversal flaw using the provided URL to access and retrieve the contents of the file. `https://jumpserver-ip/api/v1/ops/playbook/e0adabef-c38f-492d-bd92-832bacc3df5f/file/?key=../../../../../../../etc/passwd` a similar method to modify the file content is also present. This issue has been addressed in version 3.6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n8.8https://nvd.nist.gov/vuln/detail/CVE-2023-42819
CVE-2023-43610SQL injection vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor (without setting authority) or higher privilege to perform unintended database operations.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-43610
CVE-2023-4934Authorization Bypass Through User-Controlled Key vulnerability in Usta AYBS allows Authentication Abuse, Authentication Bypass.This issue affects AYBS: before 1.0.3.\n\n8.8https://nvd.nist.gov/vuln/detail/CVE-2023-4934
CVE-2023-5183Unsafe deserialization of untrusted JSON allows execution of arbitrary code on affected releases of the Illumio PCE. Authentication to the API is required to exploit this vulnerability. The flaw exists within the network_traffic API endpoint. An attacker can leverage this vulnerability to execute code in the context of the PCE’s operating system user.  \n\n8.8https://nvd.nist.gov/vuln/detail/CVE-2023-5183
CVE-2023-20254A vulnerability in the session management system of the Cisco Catalyst SD-WAN Manager multi-tenant feature could allow an authenticated, remote attacker to access another tenant that is being managed by the same Cisco Catalyst SD-WAN Manager instance. This vulnerability requires the multi-tenant feature to be enabled.\r\n\r This vulnerability is due to insufficient user session management within the Cisco Catalyst SD-WAN Manager system. An attacker could exploit this vulnerability by sending a crafted request to an affected system. A successful exploit could allow the attacker to gain unauthorized access to information about another tenant, make configuration changes, or possibly take a tenant offline causing a denial of service condition.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-20254
CVE-2023-5184 Two potential signed to unsigned conversion errors and buffer overflow vulnerabilities at the following locations in the Zephyr IPM drivers.\n8.8https://nvd.nist.gov/vuln/detail/CVE-2023-5184
CVE-2023-33972Scylladb is a NoSQL data store using the seastar framework, compatible with Apache Cassandra. Authenticated users who are authorized to create tables in a keyspace can escalate their privileges to access a table in the same keyspace, even if they don't have permissions for that table. This issue has not yet been patched. A workaround to address this issue is to disable CREATE privileges on a keyspace, and create new tables on behalf of other users.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-33972
CVE-2023-41452Cross Site Request Forgery vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the txt parameter in the index.php component.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-41452
CVE-2023-41450An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the reque parameter.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-41450
CVE-2023-42222WebCatalog before 49.0 is vulnerable to Incorrect Access Control. WebCatalog calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-42222
CVE-2023-38874A remote code execution (RCE) vulnerability via an insecure file upload exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 (April 2023). A malicious attacker can upload a PHP web shell as an attachment when adding a new cash book entry. Afterwards, the attacker may visit the web shell and execute arbitrary commands.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-38874
CVE-2023-38877A host header injection vulnerability exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 (April 2023). By sending a specially crafted host header in the reset password request, it is possible to send password reset links to users which, once clicked, lead to an attacker-controlled server and thus leak the password reset token. This allows an attacker to reset other users' passwords.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-38877
CVE-2023-5186Use after free in Passwords in Google Chrome prior to 117.0.5938.132 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-5186
CVE-2023-5187Use after free in Extensions in Google Chrome prior to 117.0.5938.132 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-5187
CVE-2023-5217Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-5217
CVE-2023-43226An arbitrary file upload vulnerability in dede/baidunews.php in DedeCMS 5.7.111 and earlier allows attackers to execute arbitrary code via uploading a crafted PHP file.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-43226
CVE-2023-43740Online Book Store Project v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'image' parameter of\nadmin_edit.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting\nthe application.\n8.8https://nvd.nist.gov/vuln/detail/CVE-2023-43740
CVE-2023-5185Gym Management System Project v1.0 is vulnerable to\n\nan Insecure File Upload vulnerability on the 'file'\n\nparameter of profile/i.php page, allowing an\n\nauthenticated attacker to obtain Remote Code Execution\n\non the server hosting the application.\n\n\n\n8.8https://nvd.nist.gov/vuln/detail/CVE-2023-5185
CVE-2023-43014Asset Management System v1.0 is vulnerable to\n\nan Authenticated SQL Injection vulnerability\n\non the 'first_name' and 'last_name' parameters\n\nof user.php page, allowing an authenticated\n\nattacker to dump all the contents of the database\n\ncontents.\n\n\n\n8.8https://nvd.nist.gov/vuln/detail/CVE-2023-43014
CVE-2023-44466An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. There is an integer signedness error, leading to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This occurs because of an untrusted length taken from a TCP packet in ceph_decode_32.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-44466
CVE-2023-5289Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.8.4.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-5289
CVE-2023-5269A vulnerability was found in SourceCodester Best Courier Management System 1.0. It has been classified as critical. Affected is an unknown function of the file parcel_list.php of the component GET Parameter Handler. The manipulation of the argument s leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-240882 is the identifier assigned to this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-5269
CVE-2023-5270A vulnerability was found in SourceCodester Best Courier Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file view_parcel.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240883.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-5270
CVE-2023-5271A vulnerability was found in SourceCodester Best Courier Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file edit_parcel.php. The manipulation of the argument email leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240884.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-5271
CVE-2023-5272A vulnerability classified as critical has been found in SourceCodester Best Courier Management System 1.0. This affects an unknown part of the file edit_parcel.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-240885 was assigned to this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-5272
CVE-2023-5283A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been rated as critical. This issue affects some unknown processing of the file teacher_signup.php. The manipulation of the argument firstname/lastname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240911.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-5283
CVE-2023-5284A vulnerability classified as critical has been found in SourceCodester Engineers Online Portal 1.0. Affected is an unknown function of the file upload_save_student.php. The manipulation of the argument uploaded_file leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240912.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-5284
CVE-2023-5294A vulnerability has been found in ECshop 4.1.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/order.php. The manipulation of the argument goods_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240925 was assigned to this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-5294
CVE-2023-5301A vulnerability classified as critical was found in DedeCMS 5.7.111. This vulnerability affects the function AddMyAddon of the file album_add.php. The manipulation of the argument albumUploadFiles leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240940.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-5301
CVE-2021-1273Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.8.6https://nvd.nist.gov/vuln/detail/CVE-2021-1273
CVE-2021-1274Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.8.6https://nvd.nist.gov/vuln/detail/CVE-2021-1274
CVE-2021-1279Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.8.6https://nvd.nist.gov/vuln/detail/CVE-2021-1279
CVE-2023-40448The issue was addressed with improved handling of protocols. This issue is fixed in tvOS 17, iOS 16.7 and iPadOS 16.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. A remote attacker may be able to break out of Web Content sandbox.8.6https://nvd.nist.gov/vuln/detail/CVE-2023-40448
CVE-2023-20033A vulnerability in Cisco IOS XE Software for Cisco Catalyst 3650 and Catalyst 3850 Series Switches could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition.\r\n\r This vulnerability is due to improper resource management when processing traffic that is received on the management interface. An attacker could exploit this vulnerability by sending a high rate of traffic to the management interface. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.8.6https://nvd.nist.gov/vuln/detail/CVE-2023-20033
CVE-2023-20176A vulnerability in the networking component of Cisco access point (AP) software could allow an unauthenticated, remote attacker to cause a temporary disruption of service.\r\n\r This vulnerability is due to overuse of AP resources. An attacker could exploit this vulnerability by connecting to an AP on an affected device as a wireless client and sending a high rate of traffic over an extended period of time. A successful exploit could allow the attacker to cause the Datagram TLS (DTLS) session to tear down and reset, causing a denial of service (DoS) condition.8.6https://nvd.nist.gov/vuln/detail/CVE-2023-20176
CVE-2023-23374Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability8.3https://nvd.nist.gov/vuln/detail/CVE-2023-23374
CVE-2023-4972Improper Privilege Management vulnerability in Yepas Digital Yepas allows Collect Data as Provided by Users.This issue affects .\n\n8.2https://nvd.nist.gov/vuln/detail/CVE-2023-4972
CVE-2023-42820JumpServer is an open source bastion host. This vulnerability is due to exposing the random number seed to the API, potentially allowing the randomly generated verification codes to be replayed, which could lead to password resets. If MFA is enabled users are not affect. Users not using local authentication are also not affected. Users are advised to upgrade to either version 2.28.19 or to 3.6.5. There are no known workarounds or this issue.8.2https://nvd.nist.gov/vuln/detail/CVE-2023-42820
CVE-2023-43125\nBIG-IP APM clients may send IP traffic outside of the VPN tunnel.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated8.2https://nvd.nist.gov/vuln/detail/CVE-2023-43125
CVE-2023-20223A vulnerability in Cisco DNA Center could allow an unauthenticated, remote attacker to read and modify data in a repository that belongs to an internal service on an affected device.\r\n\r This vulnerability is due to insufficient access control enforcement on API requests. An attacker could exploit this vulnerability by sending a crafted API request to an affected device. A successful exploit could allow the attacker to read and modify data that is handled by an internal service on the affected device.8.2https://nvd.nist.gov/vuln/detail/CVE-2023-20223
CVE-2022-48566An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest.8.1https://nvd.nist.gov/vuln/detail/CVE-2022-48566
CVE-2023-41915OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0.8.1https://nvd.nist.gov/vuln/detail/CVE-2023-41915
CVE-2023-38355MiniTool Movie Maker 7.0 contains an insecure installation process that allows attackers to achieve remote code execution through a man in the middle attack.8.1https://nvd.nist.gov/vuln/detail/CVE-2023-38355
CVE-2023-4853A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security policy altogether, resulting in unauthorized endpoint access and possibly a denial of service.8.1https://nvd.nist.gov/vuln/detail/CVE-2023-4853
CVE-2023-41333Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An attacker with the ability to create or modify CiliumNetworkPolicy objects in a particular namespace is able to affect traffic on an entire Cilium cluster, potentially bypassing policy enforcement in other namespaces. By using a crafted `endpointSelector` that uses the `DoesNotExist` operator on the `reserved:init` label, the attacker can create policies that bypass namespace restrictions and affect the entire Cilium cluster. This includes potentially allowing or denying all traffic. This attack requires API server access, as described in the Kubernetes API Server Attacker section of the Cilium Threat Model. This issue has been resolved in Cilium versions 1.14.2, 1.13.7, and 1.12.14. As a workaround an admission webhook can be used to prevent the use of `endpointSelectors` that use the `DoesNotExist` operator on the `reserved:init` label in CiliumNetworkPolicies.\n8.1https://nvd.nist.gov/vuln/detail/CVE-2023-41333
CVE-2023-43660Warpgate is a smart SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps. The SSH key verification for a user can be bypassed by sending an SSH key offer without a signature. This allows bypassing authentication under following conditions: 1. The attacker knows the username and a valid target name 2. The attacked knows the user's public key and 3. Only SSH public key authentication is required for the user account. This issue has been addressed in version 0.8.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.8.1https://nvd.nist.gov/vuln/detail/CVE-2023-43660
CVE-2023-26145This affects versions of the package pydash before 6.0.0. A number of pydash methods such as pydash.objects.invoke() and pydash.collections.invoke_map() accept dotted paths (Deep Path Strings) to target a nested Python object, relative to the original source object. These paths can be used to target internal class attributes and dict items, to retrieve, modify or invoke nested Python objects.\r\r**Note:**\r\rThe pydash.objects.invoke() method is vulnerable to Command Injection when the following prerequisites are satisfied:\r\r1) The source object (argument 1) is not a built-in object such as list/dict (otherwise, the __init__.__globals__ path is not accessible)\r\r2) The attacker has control over argument 2 (the path string) and argument 3 (the argument to pass to the invoked method)\r\r\rThe pydash.collections.invoke_map() method is also vulnerable, but is harder to exploit as the attacker does not have direct control over the argument to be passed to the invoked function.8.1https://nvd.nist.gov/vuln/detail/CVE-2023-26145
CVE-2017-8631A remote code execution vulnerability exists in Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Web App 2013 Service Pack 1, Microsoft Excel Viewer 2007 Service Pack 3, and Office Online Server when they fail to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8630, CVE-2017-8632, and CVE-2017-8744.7.8https://nvd.nist.gov/vuln/detail/CVE-2017-8631
CVE-2017-11878Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, and Microsoft Excel Viewer 2007 Service Pack 3 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Excel Memory Corruption Vulnerability".7.8https://nvd.nist.gov/vuln/detail/CVE-2017-11878
CVE-2018-1027A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Excel, Microsoft Office. This CVE ID is unique from CVE-2018-0920, CVE-2018-1011, CVE-2018-1029.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-1027
CVE-2018-1029A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-0920, CVE-2018-1011, CVE-2018-1027.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-1029
CVE-2018-8375A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8379.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-8375
CVE-2018-15471An issue was discovered in xenvif_set_hash_mapping in drivers/net/xen-netback/hash.c in the Linux kernel through 4.18.1, as used in Xen through 4.11.x and other products. The Linux netback driver allows frontends to control mapping of requests to request queues. When processing a request to set or change this mapping, some input validation (e.g., for an integer overflow) was missing or flawed, leading to OOB access in hash handling. A malicious or buggy frontend may cause the (usually privileged) backend to make out of bounds memory accesses, potentially resulting in one or more of privilege escalation, Denial of Service (DoS), or information leaks.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-15471
CVE-2018-16877A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-16877
CVE-2019-14814There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code.7.8https://nvd.nist.gov/vuln/detail/CVE-2019-14814
CVE-2019-19377In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c.7.8https://nvd.nist.gov/vuln/detail/CVE-2019-19377
CVE-2019-19447In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c.7.8https://nvd.nist.gov/vuln/detail/CVE-2019-19447
CVE-2019-19448In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in fs/btrfs/free-space-cache.c because the pointer to a left data structure can be the same as the pointer to a right data structure.7.8https://nvd.nist.gov/vuln/detail/CVE-2019-19448
CVE-2019-19726OpenBSD through 6.6 allows local users to escalate to root because a check for LD_LIBRARY_PATH in setuid programs can be defeated by setting a very small RLIMIT_DATA resource limit. When executing chpass or passwd (which are setuid root), _dl_setup_env in ld.so tries to strip LD_LIBRARY_PATH from the environment, but fails when it cannot allocate memory. Thus, the attacker is able to execute their own library code as root.7.8https://nvd.nist.gov/vuln/detail/CVE-2019-19726
CVE-2021-1052NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL in which user-mode clients can access legacy privileged APIs, which may lead to denial of service, escalation of privileges, and information disclosure.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-1052
CVE-2021-1260Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-1260
CVE-2021-1261Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-1261
CVE-2021-1262Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-1262
CVE-2021-1263Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-1263
CVE-2021-1076NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys or nvidia.ko) where improper access control may lead to denial of service, information disclosure, or data corruption.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-1076
CVE-2021-31478This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12633.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31478
CVE-2021-31479This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12634.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31479
CVE-2021-31481This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SLDPRT files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12659.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31481
CVE-2021-31482This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12708.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31482
CVE-2021-31483This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12709.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31483
CVE-2021-31484This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12710.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31484
CVE-2021-31485This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12711.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31485
CVE-2021-31486This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12712.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31486
CVE-2021-31487This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12715.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31487
CVE-2021-31488This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12716.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31488
CVE-2021-31489This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12717.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31489
CVE-2021-31490This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12718.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31490
CVE-2021-31491This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12719.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31491
CVE-2021-31492This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12720.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31492
CVE-2021-31493This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13304.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31493
CVE-2021-31494This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13305.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31494
CVE-2021-31495This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13307.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31495
CVE-2021-31496This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13308.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31496
CVE-2021-31497This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of DWG files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13311.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31497
CVE-2021-31499This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12745.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31499
CVE-2021-31500This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12746.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31500
CVE-2021-31502This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13673.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31502
CVE-2021-31507This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CGM files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12653.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31507
CVE-2021-31508This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13306.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31508
CVE-2021-31509This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13309.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31509
CVE-2021-31510This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13675.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31510
CVE-2021-31511This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13676.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31511
CVE-2021-31512This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13677.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31512
CVE-2021-31513This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13678.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31513
CVE-2021-31514This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CGM files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13679.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31514
CVE-2021-31503This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.3.84 (package 16.6.3.134). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of IGS files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12690.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31503
CVE-2021-31504This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.3.84 (package 16.6.3.134). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12691.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-31504
CVE-2021-38655Microsoft Excel Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2021-38655
CVE-2021-1419A vulnerability in the SSH management feature of multiple Cisco Access Points (APs) platforms could allow a local, authenticated user to modify files on the affected device and possibly gain escalated privileges. The vulnerability is due to improper checking on file operations within the SSH management interface. A network administrator user could exploit this vulnerability by accessing an affected device through SSH management to make a configuration change. A successful exploit could allow the attacker to gain privileges equivalent to the root user.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-1419
CVE-2022-20001fish is a command line shell. fish version 3.1.0 through version 3.3.1 is vulnerable to arbitrary code execution. git repositories can contain per-repository configuration that change the behavior of git, including running arbitrary commands. When using the default configuration of fish, changing to a directory automatically runs `git` commands in order to display information about the current repository in the prompt. If an attacker can convince a user to change their current directory into one controlled by the attacker, such as on a shared file system or extracted archive, fish will run arbitrary commands under the attacker's control. This problem has been fixed in fish 3.4.0. Note that running git in these directories, including using the git tab completion, remains a potential trigger for this issue. As a workaround, remove the `fish_git_prompt` function from the prompt.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-20001
CVE-2022-20716A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain escalated privileges. This vulnerability is due to improper access control on files within the affected system. A local attacker could exploit this vulnerability by modifying certain files on the vulnerable device. If successful, the attacker could gain escalated privileges and take actions on the system with the privileges of the root user.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-20716
CVE-2022-28184NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an unprivileged regular user can access administrator- privileged registers, which may lead to denial of service, information disclosure, and data tampering.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-28184
CVE-2022-26634HMA VPN v5.3.5913.0 contains an unquoted service path which allows attackers to escalate privileges to the system level.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-26634
CVE-2022-20792A vulnerability in the regex module used by the signature database load module of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an authenticated, local attacker to crash ClamAV at database load time, and possibly gain code execution. The vulnerability is due to improper bounds checking that may result in a multi-byte heap buffer overwflow write. An attacker could exploit this vulnerability by placing a crafted CDB ClamAV signature database file in the ClamAV database directory. An exploit could allow the attacker to run code as the clamav user.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-20792
CVE-2022-45188Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root access on some platforms such as FreeBSD (used for TrueNAS).7.8https://nvd.nist.gov/vuln/detail/CVE-2022-45188
CVE-2022-31607NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where a local user with basic capabilities can cause improper input validation, which may lead to denial of service, escalation of privileges, data tampering, and limited information disclosure.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-31607
CVE-2022-31608NVIDIA GPU Display Driver for Linux contains a vulnerability in an optional D-Bus configuration file, where a local user with basic capabilities can impact protected D-Bus endpoints, which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-31608
CVE-2022-34670NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause truncation errors when casting a primitive to a primitive of smaller size causes data to be lost in the conversion, which may lead to denial of service or information disclosure.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-34670
CVE-2022-34676NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds read may lead to denial of service, information disclosure, or data tampering.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-34676
CVE-2022-42254NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an out-of-bounds array access may lead to denial of service, data tampering, or information disclosure.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-42254
CVE-2022-42255NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an out-of-bounds array access may lead to denial of service, information disclosure, or data tampering.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-42255
CVE-2022-42256NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow in index validation may lead to denial of service, information disclosure, or data tampering.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-42256
CVE-2022-42260NVIDIA vGPU Display Driver for Linux guest contains a vulnerability in a D-Bus configuration file, where an unauthorized user in the guest VM can impact protected D-Bus endpoints, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-42260
CVE-2022-42261NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where an input index is not validated, which may lead to buffer overrun, which in turn may cause data tampering, information disclosure, or denial of service.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-42261
CVE-2022-42264NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause the use of an out-of-range pointer offset, which may lead to data tampering, data loss, information disclosure, or denial of service.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-42264
CVE-2022-48339An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-48339
CVE-2023-0189NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-0189
CVE-2023-0198NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where improper restriction of operations within the bounds of a memory buffer can lead to denial of service, information disclosure, and data tampering.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-0198
CVE-2023-1579Heap based buffer overflow in binutils-gdb/bfd/libbfd.c in bfd_getl64.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-1579
CVE-2023-0184NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler which may lead to denial of service, escalation of privileges, information disclosure, and data tampering.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-0184
CVE-2023-32233In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-32233
CVE-2023-36874Windows Error Reporting Service Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-36874
CVE-2022-38076Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an authenticated user to potentially enable escalation of privilege via local access.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-38076
CVE-2023-4752Use After Free in GitHub repository vim/vim prior to 9.0.1858.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-4752
CVE-2023-4781Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-4781
CVE-2023-38139Windows Kernel Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-38139
CVE-2023-36658An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. It has an unquoted service path that can be abused locally.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-36658
CVE-2023-4088Incorrect Default Permissions vulnerability due to incomplete fix to address CVE-2020-14496 in Mitsubishi Electric Corporation FA engineering software products allows a malicious local attacker to execute a malicious code, which could result in information disclosure, tampering with and deletion, or a denial-of-service (DoS) condition. However, if the mitigated version described in the advisory for CVE-2020-14496 is used and installed in the default installation folder, this vulnerability does not affect the products.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-4088
CVE-2023-43637\nDue to the implementation of "deriveVaultKey", prior to version 7.10, the generated vault key\nwould always have the last 16 bytes predetermined to be "arfoobarfoobarfo".\n\nThis issue happens because "deriveVaultKey" calls "retrieveCloudKey" (which will always\nreturn "foobarfoobarfoobarfoobarfoobarfo" as the key), and then merges the 32byte\nrandomly generated key with this key (by takeing 16bytes from each, see "mergeKeys").\n\nThis makes the key a lot weaker.\n\nThis issue does not persist in devices that were initialized on/after version 7.10, but devices\nthat were initialized before that and updated to a newer version still have this issue.\n\n\n\nRoll an update that enforces the full 32bytes key usage.\n\n\n\n\n\n\n7.8https://nvd.nist.gov/vuln/detail/CVE-2023-43637
CVE-2023-41992The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-41992
CVE-2023-4504Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023.\n7.8https://nvd.nist.gov/vuln/detail/CVE-2023-4504
CVE-2023-40581yt-dlp is a youtube-dl fork with additional features and fixes. yt-dlp allows the user to provide shell command lines to be executed at various stages in its download steps through the `--exec` flag. This flag allows output template expansion in its argument, so that metadata values may be used in the shell commands. The metadata fields can be combined with the `%q` conversion, which is intended to quote/escape these values so they can be safely passed to the shell. However, the escaping used for `cmd` (the shell used by Python's `subprocess` on Windows) does not properly escape special characters, which can allow for remote code execution if `--exec` is used directly with maliciously crafted remote data. This vulnerability only impacts `yt-dlp` on Windows, and the vulnerability is present regardless of whether `yt-dlp` is run from `cmd` or from `PowerShell`. Support for output template expansion in `--exec`, along with this vulnerable behavior, was added to `yt-dlp` in version 2021.04.11. yt-dlp version 2023.09.24 fixes this issue by properly escaping each special character. `\\n` will be replaced by `\\r` as no way of escaping it has been found. It is recommended to upgrade yt-dlp to version 2023.09.24 as soon as possible. Also, always be careful when using --exec, because while this specific vulnerability has been patched, using unvalidated input in shell commands is inherently dangerous. For Windows users who are not able to upgrade: 1. Avoid using any output template expansion in --exec other than {} (filepath). 2. If expansion in --exec is needed, verify the fields you are using do not contain ", | or &. 3. Instead of using --exec, write the info json and load the fields from it instead.\n7.8https://nvd.nist.gov/vuln/detail/CVE-2023-40581
CVE-2023-42753An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-42753
CVE-2023-32377A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-32377
CVE-2023-32396This issue was addressed with improved checks. This issue is fixed in Xcode 15, tvOS 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to gain elevated privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-32396
CVE-2023-32541A use-after-free vulnerability exists in the footerr functionality of Hancom Office 2020 HWord 11.0.0.7520. A specially crafted .doc file can lead to a use-after-free. An attacker can trick a user into opening a malformed file to trigger this vulnerability.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-32541
CVE-2023-38615The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-38615
CVE-2023-40409The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-40409
CVE-2023-40412The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-40412
CVE-2023-40419The issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10. An app may be able to gain elevated privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-40419
CVE-2023-40431The issue was addressed with improved memory handling. This issue is fixed in iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-40431
CVE-2023-40432The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-40432
CVE-2023-40443The issue was addressed with improved checks. This issue is fixed in iOS 17 and iPadOS 17. An app may be able to gain root privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-40443
CVE-2023-41063The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-41063
CVE-2023-41068An access issue was addressed with improved access restrictions. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, iOS 16.7 and iPadOS 16.7. A user may be able to elevate privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-41068
CVE-2023-41071A use-after-free issue was addressed with improved memory management. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Ventura 13.6. An app may be able to execute arbitrary code with kernel privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-41071
CVE-2023-41174The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10. An app may be able to execute arbitrary code with kernel privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-41174
CVE-2023-41984The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-41984
CVE-2023-41995A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-41995
CVE-2023-42486Fortect - CWE-428: Unquoted Search Path or Element, may be used by local user to elevate privileges.\n\n7.8https://nvd.nist.gov/vuln/detail/CVE-2023-42486
CVE-2023-43825Relative path traversal vulnerability in Shihonkanri Plus Ver9.0.3 and earlier allows a local attacker to execute an arbitrary code by having a legitimate user import a specially crafted backup file of the product..7.8https://nvd.nist.gov/vuln/detail/CVE-2023-43825
CVE-2023-44122The vulnerability is to theft of arbitrary files with system privilege in the LockScreenSettings ("com.lge.lockscreensettings") app in the "com/lge/lockscreensettings/dynamicwallpaper/MyCategoryGuideActivity.java" file. The main problem is that the app launches implicit intents that can be intercepted by third-party apps installed on the same device. They also can return arbitrary data that will be passed to the "onActivityResult()" method. The LockScreenSettings app copies the received file to the "/data/shared/dw/mycategory/wallpaper_01.png" path and then changes the file access mode to world-readable and world-writable.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-44122
CVE-2023-44123The vulnerability is the use of implicit PendingIntents with the PendingIntent.FLAG_MUTABLE set that leads to theft and/or (over-)write of arbitrary files with system privilege in the Bluetooth ("com.lge.bluetoothsetting") app. The attacker's app, if it had access to app notifications, could intercept them and redirect them to its activity, before making it grant access permissions to content providers with the `android:grantUriPermissions="true"` flag.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-44123
CVE-2023-44125The vulnerability is the use of implicit PendingIntents without the PendingIntent.FLAG_IMMUTABLE set that leads to theft and/or (over-)write of arbitrary files with system privilege in the Personalized service ("com.lge.abba") app. The attacker's app, if it had access to app notifications, could intercept them and redirect them to its activity, before making it grant access permissions to content providers with the `android:grantUriPermissions="true"` flag.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-44125
CVE-2023-44157Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 35979.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-44157
CVE-2023-5197A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.\n\nAddition and removal of rules from chain bindings within the same transaction causes leads to use-after-free.\n\nWe recommend upgrading past commit f15f29fd4779be8a418b66e9d52979bb6d6c2325.\n\n7.8https://nvd.nist.gov/vuln/detail/CVE-2023-5197
CVE-2023-32458\nDell AppSync, versions 4.4.0.0 to 4.6.0.0 including Service Pack releases, contains an improper access control vulnerability in Embedded Service Enabler component. A local malicious user could potentially exploit this vulnerability during installation leading to a privilege escalation.\n\n7.8https://nvd.nist.gov/vuln/detail/CVE-2023-32458
CVE-2023-41444An issue in Binalyze IREC.sys v.3.11.0 and before allows a local attacker to execute arbitrary code and escalate privileges via the fun_1400084d0 function in IREC.sys driver.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-41444
CVE-2023-40307An attacker with standard privileges on macOS when requesting administrator privileges from the application can submit input which causes a buffer overflow resulting in a crash of the application. This could make the application unavailable and allow reading or modification of data.\n\n7.8https://nvd.nist.gov/vuln/detail/CVE-2023-40307
CVE-2023-40375Integrated application server for IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system. IBM X-Force ID: 263580.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-40375
CVE-2023-44464pretix before 2023.7.2 allows Pillow to parse EPS files.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-44464
CVE-2023-32477\nDell Common Event Enabler 8.9.8.2 for Windows and prior, contain an improper access control vulnerability. A local low-privileged malicious user may potentially exploit this vulnerability to gain elevated privileges.\n\n7.8https://nvd.nist.gov/vuln/detail/CVE-2023-32477
CVE-2022-4956A vulnerability classified as critical has been found in Caphyon Advanced Installer 19.7. This affects an unknown part of the component WinSxS DLL Handler. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. Upgrading to version 19.7.1 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-240903.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-4956
CVE-2023-43907OptiPNG v0.7.7 was discovered to contain a global buffer overflow via the 'buffer' variable at gifread.c.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-43907
CVE-2018-1000026Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM..7.7https://nvd.nist.gov/vuln/detail/CVE-2018-1000026
CVE-2018-7998In libvips before 8.6.3, a NULL function pointer dereference vulnerability was found in the vips_region_generate function in region.c, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted image file. This occurs because of a race condition involving a failed delayed load and other worker threads.7.5https://nvd.nist.gov/vuln/detail/CVE-2018-7998
CVE-2019-3885A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via the system logs.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-3885
CVE-2019-17075An issue was discovered in write_tpt_entry in drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel through 5.3.2. The cxgb4 driver is directly calling dma_map_single (a DMA function) from a stack variable. This could allow an attacker to trigger a Denial of Service, exploitable if this driver is used on an architecture for which this stack/DMA interaction has security relevance.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-17075
CVE-2020-8893An issue was discovered in MISP before 2.4.121. The Galaxy view contained an incorrectly sanitized search string in app/View/Galaxies/view.ctp.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-8893
CVE-2021-1278Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-1278
CVE-2021-1241Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-1241
CVE-2021-43618GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-43618
CVE-2021-41039In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 client connecting with a large number of user-property properties could cause excessive CPU usage, leading to a loss of performance and possible denial of service.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-41039
CVE-2021-44725KNIME Server before 4.13.4 allows directory traversal in a request for a client profile.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-44725
CVE-2022-20698A vulnerability in the OOXML parsing module in Clam AntiVirus (ClamAV) Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper checks that may result in an invalid pointer read. An attacker could exploit this vulnerability by sending a crafted OOXML file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-20698
CVE-2020-13677Under some circumstances, the Drupal core JSON:API module does not properly restrict access to certain content, which may result in unintended access bypass. Sites that do not have the JSON:API module enabled are not affected.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-13677
CVE-2022-0711A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from this vulnerability is availability.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-0711
CVE-2022-20770On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-20770
CVE-2022-20771On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-20771
CVE-2022-20785On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-20785
CVE-2022-1453The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-util.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in versions up to and including 9.2.5.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-1453
CVE-2022-1505The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-api-endpoints.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in versions up to and including 9.2.6.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-1505
CVE-2022-1768The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to insufficient escaping and parameterization on user supplied data passed to multiple SQL queries in the ~/rsvpmaker-email.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in versions up to, and including, 9.3.2. Please note that this is separate from CVE-2022-1453 & CVE-2022-1505.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-1768
CVE-2022-39028telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application would crash but the telnet service would remain available through inetd. However, if the telnetd application has many crashes within a short time interval, the telnet service would become unavailable after inetd logs a "telnet/tcp server failing (looping), service terminated" error. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-39028
CVE-2022-46285A flaw was found in libXpm. This issue occurs when parsing a file with a comment not closed; the end-of-file condition will not be detected, leading to an infinite loop and resulting in a Denial of Service in the application linked to the library.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-46285
CVE-2023-0705Integer overflow in Core in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who had one a race condition to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low)7.5https://nvd.nist.gov/vuln/detail/CVE-2023-0705
CVE-2022-20803A vulnerability in the OLE2 file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.The vulnerability is due to incorrect use of the realloc function that may result in a double-free. An attacker could exploit this vulnerability by submitting a crafted OLE2 file to be scanned by ClamAV on the affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-20803
CVE-2023-2135Use after free in DevTools in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who convinced a user to enable specific preconditions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)7.5https://nvd.nist.gov/vuln/detail/CVE-2023-2135
CVE-2023-29350Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2023-29350
CVE-2022-47185Improper input validation vulnerability on the range header in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: through 9.2.1.\n\n7.5https://nvd.nist.gov/vuln/detail/CVE-2022-47185
CVE-2022-48560A use-after-free exists in Python through 3.9 via heappushpop in heapq.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-48560
CVE-2023-1995Insufficient Logging vulnerability in Hitachi HiRDB Server, HiRDB Server With Addtional Function, HiRDB Structured Data Access Facility.This issue affects HiRDB Server: before 09-60-39, before 09-65-23, \n\nbefore 09-66-17, \n\nbefore 10-01-10, before 10-03-12, before 10-04-06, before 10-05-06, before 10-06-02; HiRDB Server With Addtional Function: before 09-60-2M, before 09-65-/W\n\n, before 09-66-/Q\n\n; HiRDB Structured Data Access Facility: before 09-60-39, before 10-03-12, before 10-04-06, before 10-06-02.\n\n7.5https://nvd.nist.gov/vuln/detail/CVE-2023-1995
CVE-2023-20900A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html  in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .7.5https://nvd.nist.gov/vuln/detail/CVE-2023-20900
CVE-2023-28366The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-28366
CVE-2023-4844A vulnerability was found in SourceCodester Simple Membership System 1.0. It has been classified as critical. This affects an unknown part of the file club_edit_query.php. The manipulation of the argument club_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239253 was assigned to this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-4844
CVE-2023-4846A vulnerability was found in SourceCodester Simple Membership System 1.0. It has been rated as critical. This issue affects some unknown processing of the file delete_member.php. The manipulation of the argument mem_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239255.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-4846
CVE-2023-41081Important: Authentication Bypass CVE-2023-41081\n\nThe mod_jk component of Apache Tomcat Connectors in some circumstances, such as when a configuration included "JkOptions +ForwardDirectories" but the configuration did not provide explicit mounts for all possible proxied requests, mod_jk would use an implicit mapping and map the request to the first defined worker. Such an implicit mapping could result in the unintended exposure of the status worker and/or bypass security constraints configured in httpd. As of JK 1.2.49, the implicit mapping functionality has been removed and all mappings must now be via explicit configuration. Only mod_jk is affected by this issue. The ISAPI redirector is not affected.\n\nThis issue affects Apache Tomcat Connectors (mod_jk only): from 1.2.0 through 1.2.48.\n\nUsers are recommended to upgrade to version 1.2.49, which fixes the issue.\n\nHistory\n2023-09-13 Original advisory\n\n2023-09-28 Updated summary\n\n7.5https://nvd.nist.gov/vuln/detail/CVE-2023-41081
CVE-2023-38039When curl retrieves an HTTP response, it stores the incoming headers so that\nthey can be accessed later via the libcurl headers API.\n\nHowever, curl did not have a limit in how many or how large headers it would\naccept in a response, allowing a malicious server to stream an endless series\nof headers and eventually cause curl to run out of heap memory.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-38039
CVE-2023-3341The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key; only network access to the control channel's configured TCP port is necessary.\nThis issue affects BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1 through 9.18.18-S1.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-3341
CVE-2023-4236A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure. This happens when internal data structures are incorrectly reused under significant DNS-over-TLS query load.\nThis issue affects BIND 9 versions 9.18.0 through 9.18.18 and 9.18.11-S1 through 9.18.18-S1.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-4236
CVE-2023-43669The Tungstenite crate before 0.20.1 for Rust allows remote attackers to cause a denial of service (minutes of CPU consumption) via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted (e.g., thousands of times) and the average amount of data for each parse attempt (e.g., millions of bytes).7.5https://nvd.nist.gov/vuln/detail/CVE-2023-43669
CVE-2023-5156A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-5156
CVE-2022-4244A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-4244
CVE-2022-48606Stability-related vulnerability in the binder background management and control module. Successful exploitation of this vulnerability may affect availability.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-48606
CVE-2023-0456A flaw was found in APICast, when 3Scale's OIDC module does not properly evaluate the response to a mismatched token from a separate realm. This could allow a separate realm to be accessible to an attacker, permitting access to unauthorized information.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-0456
CVE-2023-3223A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-3223
CVE-2023-40407The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14. A remote attacker may be able to cause a denial-of-service.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-40407
CVE-2023-41305Vulnerability of 5G messages being sent without being encrypted in a VPN environment in the SMS message module. Successful exploitation of this vulnerability may affect confidentiality.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-41305
CVE-2023-41307Memory overwriting vulnerability in the security module. Successful exploitation of this vulnerability may affect availability.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-41307
CVE-2023-41308Screenshot vulnerability in the input module. Successful exploitation of this vulnerability may affect confidentiality.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-41308
CVE-2023-41309Permission control vulnerability in the MediaPlaybackController module. Successful exploitation of this vulnerability may affect availability.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-41309
CVE-2023-42460Vyper is a Pythonic Smart Contract Language for the EVM. The `_abi_decode()` function does not validate input when it is nested in an expression. Uses of `_abi_decode()` can be constructed which allow for bounds checking to be bypassed resulting in incorrect results. This issue has not yet been fixed, but a fix is expected in release `0.3.10`. Users are advised to reference pull request #3626.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-42460
CVE-2023-42487Soundminer – CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')7.5https://nvd.nist.gov/vuln/detail/CVE-2023-42487
CVE-2023-43381SQL Injection vulnerability in Tianchoy Blog v.1.8.8 allows a remote attacker to obtain sensitive information via the id parameter in the login.php7.5https://nvd.nist.gov/vuln/detail/CVE-2023-43381
CVE-2023-43646get-func-name is a module to retrieve a function's name securely and consistently both in NodeJS and the browser. Versions prior to 2.0.1 are subject to a regular expression denial of service (redos) vulnerability which may lead to a denial of service when parsing malicious input. This vulnerability can be exploited when there is an imbalance in parentheses, which results in excessive backtracking and subsequently increases the CPU load and processing time significantly. This vulnerability can be triggered using the following input: '\\t'.repeat(54773) + '\\t/function/i'. This issue has been addressed in commit `f934b228b` which has been included in releases from 2.0.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-43646
CVE-2023-43856Dreamer CMS v4.1.3 was discovered to contain an arbitrary file read vulnerability via the component /admin/TemplateController.java.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-43856
CVE-2023-44153Sensitive information disclosure due to cleartext storage of sensitive information in memory. The following products are affected: Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-44153
CVE-2023-44155Sensitive information leak through log files. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-44155
CVE-2023-44156Sensitive information disclosure due to spell-jacking. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-44156
CVE-2023-44158Sensitive information disclosure due to insufficient token field masking. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-44158
CVE-2023-44159Sensitive information disclosure due to cleartext storage of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-44159
CVE-2023-5157A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-5157
CVE-2023-5173In a non-standard configuration of Firefox, an integer overflow could have occurred based on network traffic (possibly under influence of a local unprivileged webpage), leading to an out-of-bounds write to privileged process memory. \n*This bug only affects Firefox if a non-standard preference allowing non-HTTPS Alternate Services (`network.http.altsvc.oe`) is enabled.* This vulnerability affects Firefox < 118.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-5173
CVE-2023-4129\nDell Data Protection Central, version 19.9, contains an Inadequate Encryption Strength Vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, allowing an attacker to recover plaintext from a block of ciphertext.\n\n7.5https://nvd.nist.gov/vuln/detail/CVE-2023-4129
CVE-2023-20034Vulnerability in the Elasticsearch database used in the of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to access the Elasticsearch configuration database of an affected device with the privileges of the elasticsearch user.\r\n\r These vulnerability is due to the presence of a static username and password configured on the vManage. An attacker could exploit this vulnerability by sending a crafted HTTP request to a reachable vManage on port 9200. A successful exploit could allow the attacker to view the Elasticsearch database content.\r\n\r There are workarounds that address this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-20034
CVE-2023-20262A vulnerability in the SSH service of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to cause a process crash, resulting in a DoS condition for SSH access only. This vulnerability does not prevent the system from continuing to function, and web UI access is not affected.\r\n\r This vulnerability is due to insufficient resource management when an affected system is in an error condition. An attacker could exploit this vulnerability by sending malicious traffic to the affected system. A successful exploit could allow the attacker to cause the SSH process to crash and restart, resulting in a DoS condition for the SSH service.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-20262
CVE-2023-43314Buffer Overflow vulnerability in ZYXEL ZYXEL v.PMG2005-T20B allows a remote attacker to cause a denial of service via a crafted script to the uid parameter in the cgi-bin/login.asp component.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-43314
CVE-2023-43860D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWanNonLogin function.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-43860
CVE-2023-43861D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWanPPPoE function.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-43861
CVE-2023-43862D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formLanguageChange function.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-43862
CVE-2023-43863D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWanDhcpplus function.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-43863
CVE-2023-43864D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWAN_Wizard55 function.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-43864
CVE-2023-43865D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWanPPTP function.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-43865
CVE-2023-43866D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWAN_Wizard7 function.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-43866
CVE-2023-43867D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWanL2TP function.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-43867
CVE-2023-43868D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via websGetVar function.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-43868
CVE-2023-43044IBM License Metric Tool 9.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 266893.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-43044
CVE-2023-4316Zod in version 3.22.2 allows an attacker to perform a denial of service while validating emails\n\n\n\n7.5https://nvd.nist.gov/vuln/detail/CVE-2023-4316
CVE-2023-5077The Vault and Vault Enterprise ("Vault") Google Cloud secrets engine did not preserve existing Google Cloud IAM Conditions upon creating or updating rolesets. Fixed in Vault 1.13.0.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-5077
CVE-2023-30591Denial-of-service in NodeBB <= v2.8.10 allows unauthenticated attackers to trigger a crash, when invoking `eventName.startsWith()` or `eventName.toString()`, while processing Socket.IO messages via crafted Socket.IO messages containing array or object type for the event name respectively.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-30591
CVE-2023-3917Denial of Service in pipelines affecting all versions of Gitlab EE and CE prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows attacker to cause pipelines to fail.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-3917
CVE-2023-3413An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible to read the source code of a project through a fork created before changing visibility to only project members.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-3413
CVE-2023-39410When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system.\n\nThis issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro version 1.11.3 which addresses this issue.\n\n7.5https://nvd.nist.gov/vuln/detail/CVE-2023-39410
CVE-2023-5285A vulnerability classified as critical was found in Tongda OA 2017. Affected by this vulnerability is an unknown functionality of the file general/hr/recruit/recruitment/delete.php. The manipulation of the argument RECRUITMENT_ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-240913 was assigned to this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-5285
CVE-2023-5318Use of Hard-coded Credentials in GitHub repository microweber/microweber prior to 2.0.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-5318
CVE-2023-5298A vulnerability was found in Tongda OA 2017. It has been rated as critical. Affected by this issue is some unknown functionality of the file general/hr/recruit/requirements/delete.php. The manipulation of the argument REQUIREMENTS_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-240938 is the identifier assigned to this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-5298
CVE-2023-44488VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-44488
CVE-2023-5329A vulnerability classified as problematic was found in Field Logic DataCube4 up to 20231001. This vulnerability affects unknown code of the file /api/ of the component Web API. The manipulation leads to improper authentication. The exploit has been disclosed to the public and may be used. VDB-241030 is the identifier assigned to this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-5329
CVE-2023-32820In wlan firmware, there is a possible firmware assertion due to improper input handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07932637; Issue ID: ALPS07932637.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-32820
CVE-2023-5170In canvas rendering, a compromised content process could have caused a surface to change unexpectedly, leading to a memory leak of a privileged process. This memory leak could be used to effect a sandbox escape if the correct data was leaked. This vulnerability affects Firefox < 118.7.4https://nvd.nist.gov/vuln/detail/CVE-2023-5170
CVE-2023-43650JumpServer is an open source bastion host. The verification code for resetting user's password is vulnerable to brute-force attacks due to the absence of rate limiting. JumpServer provides a feature allowing users to reset forgotten passwords. Affected users are sent a 6-digit verification code, ranging from 000000 to 999999, to facilitate the password reset. Although the code is only available in 1 minute, this window potentially allows for up to 1,000,000 validation attempts. This issue has been addressed in versions 2.28.20 and 3.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.7.4https://nvd.nist.gov/vuln/detail/CVE-2023-43650
CVE-2022-34673NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an out-of-bounds array access may lead to denial of service, information disclosure, or data tampering.7.3https://nvd.nist.gov/vuln/detail/CVE-2022-34673
CVE-2022-42257NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to information disclosure, data tampering or denial of service.7.3https://nvd.nist.gov/vuln/detail/CVE-2022-42257
CVE-2022-42258NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to denial of service, data tampering, or information disclosure.7.3https://nvd.nist.gov/vuln/detail/CVE-2022-42258
CVE-2022-48338An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command gem is called through shell-command-to-string, but the feature-name parameters are not escaped. Thus, malicious Ruby source files may cause commands to be executed.7.3https://nvd.nist.gov/vuln/detail/CVE-2022-48338
CVE-2019-12868app/Model/Server.php in MISP 2.4.109 allows remote command execution by a super administrator because the PHP file_exists function is used with user-controlled entries, and phar:// URLs trigger deserialization.7.2https://nvd.nist.gov/vuln/detail/CVE-2019-12868
CVE-2020-25654An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went through the configuration.7.2https://nvd.nist.gov/vuln/detail/CVE-2020-25654
CVE-2023-27320Sudo before 1.9.13p2 has a double free in the per-command chroot feature.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-27320
CVE-2023-3120A vulnerability, which was classified as critical, was found in SourceCodester Service Provider Management System 1.0. This affects an unknown part of the file view_service.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230799.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-3120
CVE-2023-29095Auth. (admin+) SQL Injection (SQLi) vulnerability in David F. Carr RSVPMaker plugin < 10.5.5 versions.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-29095
CVE-2023-39377SiberianCMS - CWE-434: Unrestricted Upload of File with Dangerous Type - A malicious user with administrative privileges may be able to upload a dangerous filetype via an unspecified method7.2https://nvd.nist.gov/vuln/detail/CVE-2023-39377
CVE-2023-40046\n\n\nIn WS_FTP Server versions prior to 8.7.4 and 8.8.2,\n\n a SQL injection vulnerability exists in the WS_FTP Server manager interface. An attacker may be able to infer information about the structure and contents of the database and execute SQL statements that alter or delete database elements.\n\n7.2https://nvd.nist.gov/vuln/detail/CVE-2023-40046
CVE-2023-40219Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor or higher privilege to upload an arbitrary file to an unauthorized directory.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-40219
CVE-2023-44044Super Store Finder v3.6 and below was discovered to contain a SQL injection vulnerability via the Search parameter at /admin/stores.php.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-44044
CVE-2023-44047Sourcecodester Toll Tax Management System v1 is vulnerable to SQL Injection.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-44047
CVE-2021-1056NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidia.ko) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure.7.1https://nvd.nist.gov/vuln/detail/CVE-2021-1056
CVE-2021-1090NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for control calls where the software reads or writes to a buffer by using an index or pointer that references a memory location after the end of the buffer, which may lead to data tampering or denial of service.7.1https://nvd.nist.gov/vuln/detail/CVE-2021-1090
CVE-2021-3752A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.7.1https://nvd.nist.gov/vuln/detail/CVE-2021-3752
CVE-2021-4156An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially crafted file (via tricking a user to open or otherwise) to an application linked with libsndfile and using the FLAC codec, could trigger an out-of-bounds read that would most likely cause a crash but could potentially leak memory information that could be used in further exploitation of other flaws.7.1https://nvd.nist.gov/vuln/detail/CVE-2021-4156
CVE-2022-28183NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause an out-of-bounds read, which may lead to denial of service and information disclosure.7.1https://nvd.nist.gov/vuln/detail/CVE-2022-28183
CVE-2022-28185NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the ECC layer, where an unprivileged regular user can cause an out-of-bounds write, which may lead to denial of service and data tampering.7.1https://nvd.nist.gov/vuln/detail/CVE-2022-28185
CVE-2022-34677NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause an integer to be truncated, which may lead to denial of service or data tampering.7.1https://nvd.nist.gov/vuln/detail/CVE-2022-34677
CVE-2022-34684NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an off-by-one error may lead to data tampering or information disclosure.7.1https://nvd.nist.gov/vuln/detail/CVE-2022-34684
CVE-2022-42263NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an Integer overflow may lead to denial of service or information disclosure.7.1https://nvd.nist.gov/vuln/detail/CVE-2022-42263
CVE-2022-42265NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to information disclosure or data tampering.7.1https://nvd.nist.gov/vuln/detail/CVE-2022-42265
CVE-2023-0180NVIDIA GPU Display Driver for Linux contains a vulnerability in a kernel mode layer handler, which may lead to denial of service or information disclosure.7.1https://nvd.nist.gov/vuln/detail/CVE-2023-0180
CVE-2023-0181NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in a kernel mode layer handler, where memory permissions are not correctly checked, which may lead to denial of service and data tampering.7.1https://nvd.nist.gov/vuln/detail/CVE-2023-0181
CVE-2023-0183NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer where an out-of-bounds write can lead to denial of service and data tampering.7.1https://nvd.nist.gov/vuln/detail/CVE-2023-0183
CVE-2023-0185NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where sign conversion issuescasting an unsigned primitive to signed may lead to denial of service or information disclosure.7.1https://nvd.nist.gov/vuln/detail/CVE-2023-0185
CVE-2023-0191NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds access may lead to denial of service or data tampering.7.1https://nvd.nist.gov/vuln/detail/CVE-2023-0191
CVE-2023-30630Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible.7.1https://nvd.nist.gov/vuln/detail/CVE-2023-30630
CVE-2023-2460Insufficient validation of untrusted input in Extensions in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to bypass file access checks via a crafted HTML page. (Chromium security severity: Medium)7.1https://nvd.nist.gov/vuln/detail/CVE-2023-2460
CVE-2023-3141A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak.7.1https://nvd.nist.gov/vuln/detail/CVE-2023-3141
CVE-2023-3567A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information.7.1https://nvd.nist.gov/vuln/detail/CVE-2023-3567
CVE-2021-29390libjpeg-turbo version 2.0.90 has a heap-based buffer over-read (2 bytes) in decompress_smooth_data in jdcoefct.c.7.1https://nvd.nist.gov/vuln/detail/CVE-2021-29390
CVE-2023-40452The issue was addressed with improved bounds checks. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to overwrite arbitrary files.7.1https://nvd.nist.gov/vuln/detail/CVE-2023-40452
CVE-2023-40454A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to delete files for which it does not have permission.7.1https://nvd.nist.gov/vuln/detail/CVE-2023-40454
CVE-2023-43124\nBIG-IP APM clients may send IP traffic outside of the VPN tunnel.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated7.1https://nvd.nist.gov/vuln/detail/CVE-2023-43124
CVE-2023-3922An issue has been discovered in GitLab affecting all versions starting from 8.15 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible to hijack some links and buttons on the GitLab UI to a malicious page.7.1https://nvd.nist.gov/vuln/detail/CVE-2023-3922
CVE-2014-9940The regulator_ena_gpio_free function in drivers/regulator/core.c in the Linux kernel before 3.19 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted application.7https://nvd.nist.gov/vuln/detail/CVE-2014-9940
CVE-2022-34674NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where a helper function maps more physical pages than were requested, which may lead to undefined behavior or an information leak.6.8https://nvd.nist.gov/vuln/detail/CVE-2022-34674
CVE-2023-4003\nOne Identity Password Manager version 5.9.7.1 - An unauthenticated attacker with physical access to a workstation may upgrade privileges to SYSTEM through an unspecified method. CWE-250: Execution with Unnecessary Privileges. \n\n6.8https://nvd.nist.gov/vuln/detail/CVE-2023-4003
CVE-2022-27635Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.6.7https://nvd.nist.gov/vuln/detail/CVE-2022-27635
CVE-2022-40964Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.6.7https://nvd.nist.gov/vuln/detail/CVE-2022-40964
CVE-2022-46329Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi software may allow a privileged user to potentially enable escalation of privilege via local access.6.7https://nvd.nist.gov/vuln/detail/CVE-2022-46329
CVE-2023-34043VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'.6.7https://nvd.nist.gov/vuln/detail/CVE-2023-34043
CVE-2023-32821In video, there is a possible out of bounds write due to a permissions bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08013430; Issue ID: ALPS08013433.6.7https://nvd.nist.gov/vuln/detail/CVE-2023-32821
CVE-2023-32822In ftm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07994229; Issue ID: ALPS07994229.6.7https://nvd.nist.gov/vuln/detail/CVE-2023-32822
CVE-2023-32823In rpmb , there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07912966; Issue ID: ALPS07912966.6.7https://nvd.nist.gov/vuln/detail/CVE-2023-32823
CVE-2023-32824In rpmb , there is a possible double free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07912966; Issue ID: ALPS07912961.6.7https://nvd.nist.gov/vuln/detail/CVE-2023-32824
CVE-2023-32826In camera middleware, there is a possible out of bounds write due to a missing input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07993539; Issue ID: ALPS07993544.6.7https://nvd.nist.gov/vuln/detail/CVE-2023-32826
CVE-2023-32827In camera middleware, there is a possible out of bounds write due to a missing input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07993539; Issue ID: ALPS07993539.6.7https://nvd.nist.gov/vuln/detail/CVE-2023-32827
CVE-2023-32828In vpu, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767817; Issue ID: ALPS07767817.6.7https://nvd.nist.gov/vuln/detail/CVE-2023-32828
CVE-2023-32829In apusys, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07713478; Issue ID: ALPS07713478.6.7https://nvd.nist.gov/vuln/detail/CVE-2023-32829
CVE-2023-32830In TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03802522; Issue ID: DTV03802522.6.7https://nvd.nist.gov/vuln/detail/CVE-2023-32830
CVE-2023-37941If an attacker gains write access to the Apache Superset metadata database, they could persist a specifically crafted Python object that may lead to remote code execution on Superset's web backend.\n\nThe Superset metadata db is an 'internal' component that is typically \nonly accessible directly by the system administrator and the superset \nprocess itself. Gaining access to that database should\n be difficult and require significant privileges.\n\nThis vulnerability impacts Apache Superset versions 1.5.0 up to and including 2.1.0. Users are recommended to upgrade to version 2.1.1 or later.\n\n6.6https://nvd.nist.gov/vuln/detail/CVE-2023-37941
CVE-2018-12207Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access.6.5https://nvd.nist.gov/vuln/detail/CVE-2018-12207
CVE-2020-8894An issue was discovered in MISP before 2.4.121. ACLs for discussion threads were mishandled in app/Controller/ThreadsController.php and app/Model/Thread.php.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-8894
CVE-2021-1304Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information that they are not authorized to access. For more information about these vulnerabilities, see the Details section of this advisory.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-1304
CVE-2020-28463All versions of package reportlab are vulnerable to Server-side Request Forgery (SSRF) via img tags. In order to reduce risk, use trustedSchemes & trustedHosts (see in Reportlab's documentation) Steps to reproduce by Karan Bamal: 1. Download and install the latest package of reportlab 2. Go to demos -> odyssey -> dodyssey 3. In the text file odyssey.txt that needs to be converted to pdf inject <img src="http://127.0.0.1:5000" valign="top"/> 4. Create a nc listener nc -lp 5000 5. Run python3 dodyssey.py 6. You will get a hit on your nc showing we have successfully proceded to send a server side request 7. dodyssey.py will show error since there is no img file on the url, but we are able to do SSRF6.5https://nvd.nist.gov/vuln/detail/CVE-2020-28463
CVE-2021-27847Division-By-Zero vulnerability in Libvips 8.10.5 in the function vips_eye_point, eye.c#L83, and function vips_mask_point, mask.c#L85.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-27847
CVE-2022-36087OAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+. In OAuthLib versions 3.1.1 until 3.2.1, an attacker providing malicious redirect uri can cause denial of service. An attacker can also leverage usage of `uri_validate` functions depending where it is used. OAuthLib applications using OAuth2.0 provider support or use directly `uri_validate` are affected by this issue. Version 3.2.1 contains a patch. There are no known workarounds.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-36087
CVE-2022-26047Improper input validation for some Intel(R) PROSet/Wireless WiFi, Intel vPro(R) CSME WiFi and Killer(TM) WiFi products may allow unauthenticated user to potentially enable denial of service via local access.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-26047
CVE-2022-34665NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-34665
CVE-2023-0697Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 110.0.5481.77 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: High)6.5https://nvd.nist.gov/vuln/detail/CVE-2023-0697
CVE-2023-0700Inappropriate implementation in Download in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)6.5https://nvd.nist.gov/vuln/detail/CVE-2023-0700
CVE-2023-0704Insufficient policy enforcement in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to bypass same origin policy and proxy settings via a crafted HTML page. (Chromium security severity: Low)6.5https://nvd.nist.gov/vuln/detail/CVE-2023-0704
CVE-2023-1813Inappropriate implementation in Extensions in Google Chrome prior to 112.0.5615.49 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium)6.5https://nvd.nist.gov/vuln/detail/CVE-2023-1813
CVE-2023-1814Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass download checking via a crafted HTML page. (Chromium security severity: Medium)6.5https://nvd.nist.gov/vuln/detail/CVE-2023-1814
CVE-2023-1816Incorrect security UI in Picture In Picture in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially perform navigation spoofing via a crafted HTML page. (Chromium security severity: Medium)6.5https://nvd.nist.gov/vuln/detail/CVE-2023-1816
CVE-2023-1817Insufficient policy enforcement in Intents in Google Chrome on Android prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)6.5https://nvd.nist.gov/vuln/detail/CVE-2023-1817
CVE-2023-1819Out of bounds read in Accessibility in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)6.5https://nvd.nist.gov/vuln/detail/CVE-2023-1819
CVE-2023-1821Inappropriate implementation in WebShare in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low)6.5https://nvd.nist.gov/vuln/detail/CVE-2023-1821
CVE-2023-1822Incorrect security UI in Navigation in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)6.5https://nvd.nist.gov/vuln/detail/CVE-2023-1822
CVE-2023-1823Inappropriate implementation in FedCM in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)6.5https://nvd.nist.gov/vuln/detail/CVE-2023-1823
CVE-2023-2459Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to bypass permission restrictions via a crafted HTML page. (Chromium security severity: Medium)6.5https://nvd.nist.gov/vuln/detail/CVE-2023-2459
CVE-2023-1972A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of availability.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-1972
CVE-2023-3396A vulnerability was found in Campcodes Retro Cellphone Online Store 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/index.php. The manipulation of the argument username/password leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232351.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-3396
CVE-2022-36351Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an unauthenticated user to potentially enable denial of service via adjacent access.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-36351
CVE-2020-36023An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::cvtGlyph function.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-36023
CVE-2020-19189Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-19189
CVE-2022-48564read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-48564
CVE-2023-41040GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the `.git` directory, in some places the name of the file being read is provided by the user, GitPython doesn't check if this file is located outside the `.git` directory. This allows an attacker to make GitPython read any file from the system. This vulnerability is present in https://github.com/gitpython-developers/GitPython/blob/1c8310d7cae144f74a671cbe17e51f63a830adbf/git/refs/symbolic.py#L174-L175. That code joins the base directory with a user given string without checking if the final path is located outside the base directory. This vulnerability cannot be used to read the contents of files but could in theory be used to trigger a denial of service for the program. This issue has not yet been addressed.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-41040
CVE-2023-4874Null pointer dereference when viewing a specially crafted email in Mutt >1.5.2 <2.2.126.5https://nvd.nist.gov/vuln/detail/CVE-2023-4874
CVE-2023-43256A path traversal in Gladys Assistant v4.26.1 and below allows authenticated attackers to extract sensitive files in the host machine by exploiting a non-sanitized user input.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-43256
CVE-2023-23958Symantec Protection Engine, prior to 9.1.0, may be susceptible to a Hash Leak vulnerability.\n\n6.5https://nvd.nist.gov/vuln/detail/CVE-2023-23958
CVE-2023-39233The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may disclose sensitive information.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-39233
CVE-2023-39376\nSiberianCMS - CWE-284 Improper Access Control Authorized user may disable a security feature over the network\n\n6.5https://nvd.nist.gov/vuln/detail/CVE-2023-39376
CVE-2023-40048\n\n\nIn WS_FTP Server version prior to 8.8.2,\n\n the WS_FTP Server Manager interface was missing cross-site request forgery (CSRF) protection on a POST transaction corresponding to a WS_FTP Server administrative function.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-40048
CVE-2023-40403The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may disclose sensitive information.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-40403
CVE-2023-40420The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to a denial-of-service.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-40420
CVE-2023-40441A resource exhaustion issue was addressed with improved input validation. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to a denial-of-service.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-40441
CVE-2023-41321GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An API user can enumerate sensitive fields values on resources on which he has read access. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-41321
CVE-2023-44160Sensitive information manipulation due to cross-site request forgery. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-44160
CVE-2023-44161Sensitive information manipulation due to cross-site request forgery. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-44161
CVE-2023-4506The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Passback in versions up to, and including, 4.1.10. This is due to insufficient validation when changing the LDAP server. This makes it possible for authenticated attackers, with administrative access and above, to change the LDAP server and retrieve the credentials for the original LDAP server.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-4506
CVE-2023-5169A compromised content process could have provided malicious data in a `PathRecording` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-5169
CVE-2023-5171During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-5171
CVE-2023-5192Excessive Data Query Operations in a Large Data Table in GitHub repository pimcore/demo prior to 10.3.0.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-5192
CVE-2023-42822xrdp is an open source remote desktop protocol server. Access to the font glyphs in xrdp_painter.c is not bounds-checked . Since some of this data is controllable by the user, this can result in an out-of-bounds read within the xrdp executable. The vulnerability allows an out-of-bounds read within a potentially privileged process. On non-Debian platforms, xrdp tends to run as root. Potentially an out-of-bounds write can follow the out-of-bounds read. There is no denial-of-service impact, providing xrdp is running in forking mode. This issue has been addressed in release 0.9.23.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-42822
CVE-2023-38873The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer is vulnerable to Clickjacking. Clickjacking, also known as a "UI redress attack", is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to click on the top-level page. Thus, the attacker is "hijacking" clicks meant for their page and routing them to another page, most likely owned by another application, domain, or both.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-38873
CVE-2023-43323mooSocial 3.1.8 is vulnerable to external service interaction on post function. When executed, the server sends a HTTP and DNS request to external server. The Parameters effected are multiple - messageText, data[wall_photo], data[userShareVideo] and data[userShareLink].6.5https://nvd.nist.gov/vuln/detail/CVE-2023-43323
CVE-2023-5196Mattermost fails to enforce character limits in all possible notification props allowing an attacker to send a really long value for a notification_prop resulting in the server consuming an abnormal quantity of computing resources and possibly becoming temporarily unavailable for its users. \n\n\n\n6.5https://nvd.nist.gov/vuln/detail/CVE-2023-5196
CVE-2023-5293A vulnerability, which was classified as critical, was found in ECshop 4.1.5. Affected is an unknown function of the file /admin/leancloud.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240924.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-5293
CVE-2023-5232The Font Awesome More Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'icon' shortcode in versions up to, and including, 3.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.6.4https://nvd.nist.gov/vuln/detail/CVE-2023-5232
CVE-2023-5233The Font Awesome Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'fawesome' shortcode in versions up to, and including, 5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.6.4https://nvd.nist.gov/vuln/detail/CVE-2023-5233
CVE-2023-5295The Blog Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'vivafbcomment' shortcode in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.6.4https://nvd.nist.gov/vuln/detail/CVE-2023-5295
CVE-2023-5334The WP Responsive header image slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'sp_responsiveslider' shortcode in versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.6.4https://nvd.nist.gov/vuln/detail/CVE-2023-5334
CVE-2023-44121The vulnerability is an intent redirection in LG ThinQ Service ("com.lge.lms2") in the "com/lge/lms/things/ui/notification/NotificationManager.java" file. This vulnerability could be exploited by a third-party app installed on an LG device by sending a broadcast with the action "com.lge.lms.things.notification.ACTION". Additionally, this vulnerability is very dangerous because LG ThinQ Service is a system app (having android:sharedUserId="android.uid.system" setting). Intent redirection in this app leads to accessing arbitrary not exported activities of absolutely all apps.6.3https://nvd.nist.gov/vuln/detail/CVE-2023-44121
CVE-2018-11245app/webroot/js/misp.js in MISP 2.4.91 has a DOM based XSS with cortex type attributes.6.1https://nvd.nist.gov/vuln/detail/CVE-2018-11245
CVE-2020-9405IBL Online Weather before 4.3.5a allows unauthenticated reflected XSS via the redirect page.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-9405
CVE-2020-29239Online Birth Certificate System Project V 1.0 is affected by cross-site scripting (XSS). This vulnerability can result in an attacker injecting the XSS payload in the User Registration section. When an admin visits the View Detail of Application section from the admin panel, the attacker can able to steal the cookie according to the crafted payload.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-29239
CVE-2021-1094NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where an out of bounds array access may lead to denial of service or information disclosure.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-1094
CVE-2021-44726KNIME Server before 4.13.4 allows XSS via the old WebPortal login page.6.1https://nvd.nist.gov/vuln/detail/CVE-2021-44726
CVE-2022-25317An issue was discovered in Cerebrate through 1.4. genericForm allows reflected XSS in form descriptions via a user-controlled description.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-25317
CVE-2022-1822The Zephyr Project Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘project’ parameter in versions up to, and including, 3.2.40 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-1822
CVE-2023-1688A vulnerability classified as problematic has been found in SourceCodester Earnings and Expense Tracker App 1.0. This affects an unknown part of the file Master.php?a=save_expense. The manipulation of the argument name leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-224307.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-1688
CVE-2022-27665Reflected XSS (via AngularJS sandbox escape expressions) exists in Progress Ipswitch WS_FTP Server 8.6.0. This can lead to execution of malicious code and commands on the client due to improper handling of user-provided input. By inputting malicious payloads in the subdirectory searchbar or Add folder filename boxes, it is possible to execute client-side commands. For example, there is Client-Side Template Injection via subFolderPath to the ThinClient/WtmApiService.asmx/GetFileSubTree URI.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-27665
CVE-2023-0199NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds write can lead to denial of service and data tampering.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-0199
CVE-2023-28286Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability6.1https://nvd.nist.gov/vuln/detail/CVE-2023-28286
CVE-2023-2624The KiviCare WordPress plugin before 3.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as administrator6.1https://nvd.nist.gov/vuln/detail/CVE-2023-2624
CVE-2023-3660A vulnerability was found in Campcodes Retro Cellphone Online Store 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/add_user_modal.php. The manipulation of the argument un leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-234014 is the identifier assigned to this vulnerability.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-3660
CVE-2023-37988Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Creative Solutions Contact Form Generator plugin <= 2.5.5 versions.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-37988
CVE-2023-40755There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Callback Widget v1.0.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-40755
CVE-2022-4137A reflected cross-site scripting (XSS) vulnerability was found in the 'oob' OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page. This flaw requires a user or administrator to interact with a link in order to be vulnerable. This may compromise user details, allowing it to be changed or collected by an attacker.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-4137
CVE-2023-43326A reflected cross-site scripting (XSS) vulnerability exisits in multiple url of mooSocial v3.1.8 allows attackers to steal user's session cookies and impersonate their account via a crafted URL.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-43326
CVE-2023-27616Unauth. Stored Cross-Site Scripting (XSS) vulnerability in David F. Carr RSVPMaker plugin <= 10.6.6 versions.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-27616
CVE-2023-28490Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Estatik Estatik Mortgage Calculator plugin <= 2.0.7 versions.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-28490
CVE-2023-30471Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cornel Raiu WP Search Analytics plugin <= 1.4.7 versions.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-30471
CVE-2023-30472Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in MyThemeShop URL Shortener by MyThemeShop plugin <= 1.0.17 versions.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-30472
CVE-2023-30493Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Themefic Ultimate Addons for Contact Form 7 plugin <= 3.2.0 versions.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-30493
CVE-2023-30961Palantir Gotham was found to be vulnerable to a bug where under certain circumstances, the frontend could have applied an incorrect classification to a newly created property or link.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-30961
CVE-2023-40045\n\n\nIn WS_FTP Server versions prior to 8.7.4 and 8.8.2,\n\n a reflected cross-site scripting (XSS) vulnerability exists in WS_FTP Server's Ad Hoc Transfer module.  An attacker could leverage this vulnerability to target WS_FTP Server users with a specialized payload which results in the execution of malicious JavaScript within the context of the victims browser.\n\n6.1https://nvd.nist.gov/vuln/detail/CVE-2023-40045
CVE-2023-40330Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Milan Petrovic GD Security Headers plugin <= 1.6.1 versions.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-40330
CVE-2023-40333Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Qode Interactive Bridge Core plugin <= 3.0.9 versions.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-40333
CVE-2023-40663Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Rextheme WP VR plugin <= 8.3.4 versions.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-40663
CVE-2023-40664Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RedNao Donations Made Easy – Smart Donations plugin <= 4.0.12 versions.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-40664
CVE-2023-40667Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Lasso Simple URLs plugin <= 117 versions.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-40667
CVE-2023-41233Cross-site scripting vulnerability in Item List page registration process of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-41233
CVE-2023-41235Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest Themes Everest News Pro theme <= 1.1.7 versions.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-41235
CVE-2023-41236Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Happy addons Happy Elementor Addons Pro plugin <= 2.8.0 versions.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-41236
CVE-2023-41237Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest Themes Arya Multipurpose Pro theme <= 1.0.8 versions.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-41237
CVE-2023-41238Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in UltimatelySocial Social Media Share Buttons & Social Sharing Icons plugin <= 2.8.3 versions.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-41238
CVE-2023-41653Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Beplus Sermon'e – Sermons Online plugin <= 1.0.0 versions.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-41653
CVE-2023-41860Unauth. Cross-Site Scripting (XSS) vulnerability in TravelMap plugin <= 1.0.1 versions.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-41860
CVE-2023-41861Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Restrict plugin <= 2.2.4 versions.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-41861
CVE-2023-41962Cross-site scripting vulnerability in Credit Card Payment Setup page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script in the page.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-41962
CVE-2023-43263A Cross-site scripting (XSS) vulnerability in Froala Editor v.4.1.1 allows attackers to execute arbitrary code via the Markdown component.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-43263
CVE-2023-43484Cross-site scripting vulnerability in Item List page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-43484
CVE-2023-43614Cross-site scripting vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-43614
CVE-2023-44043A reflected cross-site scripting (XSS) vulnerability in /install/index.php of Black Cat CMS 1.4.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website title parameter.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-44043
CVE-2023-4523\nReal Time Automation 460 Series products with versions prior to v8.9.8 are vulnerable to cross-site scripting, which could allow an attacker to run any JavaScript reference from the URL string. If this were to occur, the gateway's HTTP interface would redirect to the main page, which is index.htm.\n\n6.1https://nvd.nist.gov/vuln/detail/CVE-2023-4523
CVE-2023-41445Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the index.php component.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-41445
CVE-2023-41448Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the ID parameter in the index.php component.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-41448
CVE-2023-41451Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the txt parameter in the index.php component.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-41451
CVE-2023-41453Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the cmd parameter in the index.php component.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-41453
CVE-2023-43233A stored cross-site scripting (XSS) vulnerability in the cms/content/edit component of YZNCMS v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-43233
CVE-2023-5244Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 2.0.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-5244
CVE-2023-41446Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted script to the title parameter in the index.php component.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-41446
CVE-2023-41447Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the subcmd parameter in the index.php component.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-41447
CVE-2023-26149Versions of the package quill-mention before 4.0.0 are vulnerable to Cross-site Scripting (XSS) due to improper user-input sanitization, via the renderList function. \r\r**Note:**\r\rIf the mentions list is sourced from unsafe (user-sourced) data, this might allow an injection attack when a Quill user hits @.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-26149
CVE-2022-47187There is a file upload XSS vulnerability in Generex CS141 below 2.06 version. The web application allows file uploading, making it possible to upload a file with HTML content. When HTML files are allowed, XSS payload can be injected into the uploaded file.\n\n6.1https://nvd.nist.gov/vuln/detail/CVE-2022-47187
CVE-2023-43657discourse-encrypt is a plugin that provides a secure communication channel through Discourse. Improper escaping of encrypted topic titles could lead to a cross site scripting (XSS) issue when a site has content security policy (CSP) headers disabled. Having CSP disabled is a non-default configuration, and having it disabled with discourse-encrypt installed will result in a warning in the Discourse admin dashboard. This has been fixed in commit `9c75810af9` which is included in the latest version of the discourse-encrypt plugin. Users are advised to upgrade. Users unable to upgrade should ensure that CSP headers are enabled and properly configured.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-43657
CVE-2023-26146All versions of the package ithewei/libhv are vulnerable to Cross-site Scripting (XSS) such that when a file with a name containing a malicious payload is served by the application, the filename is displayed without proper sanitization when it is rendered.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-26146
CVE-2023-26147All versions of the package ithewei/libhv are vulnerable to HTTP Response Splitting when untrusted user input is used to build headers values. An attacker can add the \\r\\n (carriage return line feeds) characters to end the HTTP response headers and inject malicious content, like for example additional headers or new response body, leading to a potential XSS vulnerability.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-26147
CVE-2023-39308Unauth. Stored Cross-Site Scripting (XSS) vulnerability in UserFeedback Team User Feedback plugin <= 1.0.7 versions.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-39308
CVE-2023-41658Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Photo Gallery Slideshow & Masonry Tiled Gallery plugin <= 1.0.13 versions.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-41658
CVE-2023-41662Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ulf Benjaminsson WP-dTree plugin <= 4.4.5 versions.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-41662
CVE-2023-41663Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Giovambattista Fazioli WP Bannerize Pro plugin <= 1.6.9 versions.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-41663
CVE-2023-41691Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Pensopay WooCommerce PensoPay plugin <= 6.3.1 versions.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-41691
CVE-2023-5316Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-5316
CVE-2023-5320Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-5320
CVE-2023-5303A vulnerability, which was classified as problematic, was found in Online Banquet Booking System 1.0. Affected is an unknown function of the file /view-booking-detail.php of the component Account Detail Handler. The manipulation of the argument username leads to cross site scripting. It is possible to launch the attack remotely. VDB-240942 is the identifier assigned to this vulnerability.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-5303
CVE-2023-5304A vulnerability has been found in Online Banquet Booking System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /book-services.php of the component Service Booking. The manipulation of the argument message leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-240943.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-5304
CVE-2023-5305A vulnerability was found in Online Banquet Booking System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /mail.php of the component Contact Us Page. The manipulation of the argument message leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-240944.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-5305
CVE-2023-5323Cross-site Scripting (XSS) - Generic in GitHub repository dolibarr/dolibarr prior to 18.0.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-5323
CVE-2023-41692Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Hennessey Digital Attorney theme <= 3 theme.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-41692
CVE-2016-7420Crypto++ (aka cryptopp) through 5.6.4 does not document the requirement for a compile-time NDEBUG definition disabling the many assert calls that are unintended in production use, which might allow context-dependent attackers to obtain sensitive information by leveraging access to process memory after an assertion failure, as demonstrated by reading a core dump.5.9https://nvd.nist.gov/vuln/detail/CVE-2016-7420
CVE-2023-4806A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.5.9https://nvd.nist.gov/vuln/detail/CVE-2023-4806
CVE-2023-43645OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA is vulnerable to a denial of service attack when certain Check calls are executed against authorization models that contain circular relationship definitions. When the call is made, it's possible for the server to exhaust resources and die. Users are advised to upgrade to v1.3.2 and update any offending models. There are no known workarounds for this vulnerability. Note that for models which contained cycles or a relation definition that has the relation itself in its evaluation path, checks and queries that require evaluation will no longer be evaluated on v1.3.2+ and will return errors instead. Users who do not have cyclic models are unaffected.5.9https://nvd.nist.gov/vuln/detail/CVE-2023-43645
CVE-2023-28261Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability5.7https://nvd.nist.gov/vuln/detail/CVE-2023-28261
CVE-2023-1206A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%.5.7https://nvd.nist.gov/vuln/detail/CVE-2023-1206
CVE-2023-4875Null pointer dereference when composing from a specially crafted draft message in Mutt >1.5.2 <2.2.125.7https://nvd.nist.gov/vuln/detail/CVE-2023-4875
CVE-2023-0989An information disclosure issue in GitLab CE/EE affecting all versions starting from 13.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows an attacker to extract non-protected CI/CD variables by tricking a user to visit a fork with a malicious CI/CD configuration.5.7https://nvd.nist.gov/vuln/detail/CVE-2023-0989
CVE-2017-11877Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Viewer 2007 Service Pack 3, and Microsoft Excel 2016 for Mac allow a security feature bypass by not enforcing macro settings on an Excel document, aka "Microsoft Excel Security Feature Bypass Vulnerability".5.5https://nvd.nist.gov/vuln/detail/CVE-2017-11877
CVE-2018-16878A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS5.5https://nvd.nist.gov/vuln/detail/CVE-2018-16878
CVE-2021-1053NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL in which improper validation of a user pointer may lead to denial of service.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-1053
CVE-2021-1077NVIDIA GPU Display Driver for Windows and Linux, R450 and R460 driver branch, contains a vulnerability where the software uses a reference count to manage a resource that is incorrectly updated, which may lead to denial of service.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-1077
CVE-2021-1093NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in firmware where the driver contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary, and may lead to denial of service or system crash.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-1093
CVE-2021-1095NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handlers for all control calls with embedded parameters where dereferencing an untrusted pointer may lead to denial of service.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-1095
CVE-2021-45097KNIME Server before 4.12.6 and 4.13.x before 4.13.4 (when installed in unattended mode) keeps the administrator's password in a file without appropriate file access controls, allowing all local users to read its content.5.5https://nvd.nist.gov/vuln/detail/CVE-2021-45097
CVE-2022-20796On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus (ClamAV) versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2 could allow an authenticated, local attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-20796
CVE-2022-38533In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-38533
CVE-2022-34666NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-34666
CVE-2022-31615NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-31615
CVE-2022-4269A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action "mirred") a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in use (TCP or SCTP) does a retransmission, resulting in a denial of service condition.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-4269
CVE-2022-34678NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged user can cause a null-pointer dereference, which may lead to denial of service.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-34678
CVE-2022-34679NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unhandled return value can lead to a null-pointer dereference, which may lead to denial of service.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-34679
CVE-2022-34680NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an integer truncation can lead to an out-of-bounds read, which may lead to denial of service.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-34680
CVE-2022-34682NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause a null-pointer dereference, which may lead to denial of service.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-34682
CVE-2022-42259NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to denial of service.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-42259
CVE-2022-4285An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-4285
CVE-2023-0187NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds read can lead to denial of service.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-0187
CVE-2023-0188NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged user can cause improper restriction of operations within the bounds of a memory buffer cause an out-of-bounds read, which may lead to denial of service.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-0188
CVE-2023-0190NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where a NULL pointer dereference may lead to denial of service.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-0190
CVE-2023-31081An issue was discovered in drivers/media/test-drivers/vidtv/vidtv_bridge.c in the Linux kernel 6.2. There is a NULL pointer dereference in vidtv_mux_stop_thread. In vidtv_stop_streaming, after dvb->mux=NULL occurs, it executes vidtv_mux_stop_thread(dvb->mux).5.5https://nvd.nist.gov/vuln/detail/CVE-2023-31081
CVE-2023-31082An issue was discovered in drivers/tty/n_gsm.c in the Linux kernel 6.2. There is a sleeping function called from an invalid context in gsmld_write, which will block the kernel.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-31082
CVE-2023-31084An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel 6.2. There is a blocking operation when a task is in !TASK_RUNNING. In dvb_frontend_get_event, wait_event_interruptible is called; the condition is dvb_frontend_test_event(fepriv,events). In dvb_frontend_test_event, down(&fepriv->sem) is called. However, wait_event_interruptible would put the process to sleep, and down(&fepriv->sem) may block the process.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-31084
CVE-2023-31085An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux kernel 6.2. There is a divide-by-zero error in do_div(sz,mtd->erasesize), used indirectly by ctrl_cdev_ioctl, when mtd->erasesize is 0.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-31085
CVE-2023-2878Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs.\n5.5https://nvd.nist.gov/vuln/detail/CVE-2023-2878
CVE-2023-32360An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An unauthenticated user may be able to access recently printed documents.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-32360
CVE-2023-20588\nA division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. \n\n\n\n\n\n\n\n5.5https://nvd.nist.gov/vuln/detail/CVE-2023-20588
CVE-2020-21490An issue was discovered in GNU Binutils 2.34. It is a memory leak when process microblaze-dis.c. This one will consume memory on each insn disassembled.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-21490
CVE-2022-48064GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-48064
CVE-2023-4508A user able to control file input to Gerbv, between versions 2.4.0 and 2.10.0, can cause a crash and cause denial-of-service with a specially crafted Gerber RS-274X file.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-4508
CVE-2023-39742giflib v5.2.1 was discovered to contain a segmentation fault via the component getarg.c.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-39742
CVE-2023-41991A certificate validation issue was addressed. This issue is fixed in macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-41991
CVE-2023-42811aes-gcm is a pure Rust implementation of the AES-GCM. Starting in version 0.10.0 and prior to version 0.10.3, in the AES GCM implementation of decrypt_in_place_detached, the decrypted ciphertext (i.e. the correct plaintext) is exposed even if tag verification fails. If a program using the `aes-gcm` crate's `decrypt_in_place*` APIs accesses the buffer after decryption failure, it will contain a decryption of an unauthenticated input. Depending on the specific nature of the program this may enable Chosen Ciphertext Attacks (CCAs) which can cause a catastrophic breakage of the cipher including full plaintext recovery. Version 0.10.3 contains a fix for this issue.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-42811
CVE-2023-0833A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular permissions.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-0833
CVE-2023-23495A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-23495
CVE-2023-32361The issue was addressed with improved handling of caches. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access user-sensitive data.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-32361
CVE-2023-32421A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14. An app may be able to observe unprotected user data.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-32421
CVE-2023-38596The issue was addressed with improved handling of protocols. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may fail to enforce App Transport Security.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-38596
CVE-2023-40391The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14, Xcode 15. An app may be able to disclose kernel memory.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-40391
CVE-2023-40399The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to disclose kernel memory.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-40399
CVE-2023-40402A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-40402
CVE-2023-40406The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, macOS Ventura 13.6, macOS Sonoma 14. An app may be able to read arbitrary files.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-40406
CVE-2023-40410An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to disclose kernel memory.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-40410
CVE-2023-40418An authentication issue was addressed with improved state management. This issue is fixed in watchOS 10. An Apple Watch Ultra may not lock when using the Depth app.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-40418
CVE-2023-40422The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14. An app may be able to cause a denial-of-service.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-40422
CVE-2023-40424The issue was addressed with improved checks. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access user-sensitive data.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-40424
CVE-2023-40426A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14. An app may be able to bypass certain Privacy preferences.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-40426
CVE-2023-40428The issue was addressed with improved handling of caches. This issue is fixed in iOS 17 and iPadOS 17. An app may be able to access sensitive user data.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-40428
CVE-2023-40429A permissions issue was addressed with improved validation. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access sensitive user data.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-40429
CVE-2023-40435This issue was addressed by enabling hardened runtime. This issue is fixed in Xcode 15. An app may be able to access App Store credentials.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-40435
CVE-2023-40450The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may bypass Gatekeeper checks.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-40450
CVE-2023-40541This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sonoma 14. A shortcut may output sensitive user data without consent.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-40541
CVE-2023-41066An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14. An app may be able to unexpectedly leak a user's credentials from secure text fields.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-41066
CVE-2023-41067A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may bypass Gatekeeper checks.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-41067
CVE-2023-41070A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access sensitive data logged when a user shares a link.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-41070
CVE-2023-41073An authorization issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access protected user data.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-41073
CVE-2023-41078An authorization issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14. An app may be able to bypass certain Privacy preferences.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-41078
CVE-2023-41079The issue was addressed with improved permissions logic. This issue is fixed in macOS Sonoma 14. An app may be able to bypass Privacy preferences.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-41079
CVE-2023-41232An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.7, iOS 17 and iPadOS 17, macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. An app may be able to disclose kernel memory.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-41232
CVE-2023-41968This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read arbitrary files.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-41968
CVE-2023-41980A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to bypass Privacy preferences.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-41980
CVE-2023-41986The issue was addressed with improved checks. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to modify protected parts of the file system.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-41986
CVE-2023-41996The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6. Apps that fail verification checks may still launch.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-41996
CVE-2023-44126The vulnerability is that the Call management ("com.android.server.telecom") app patched by LG sends a lot of LG-owned implicit broadcasts that disclose sensitive data to all third-party apps installed on the same device. Those intents include data such as call states, durations, called numbers, contacts info, etc.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-44126
CVE-2023-44127he vulnerability is that the Call management ("com.android.server.telecom") app patched by LG launches implicit intents that disclose sensitive data to all third-party apps installed on the same device. Those intents include data such as contact details and phone numbers.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-44127
CVE-2023-4065A flaw was found in Red Hat AMQ Broker Operator, where it displayed a password defined in ActiveMQArtemisAddress CR, shown in plain text in the Operator Log. This flaw allows an authenticated local attacker to access information outside of their permissions.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-4065
CVE-2023-20253A vulnerability in the command line interface (cli) management interface of Cisco SD-WAN vManage could allow an authenticated, local attacker to bypass authorization and allow the attacker to roll back the configuration on vManage controllers and edge router device.\r\n\r This vulnerability is due to improper access control in the cli-management interface of an affected system. An attacker with low-privilege (read only) access to the cli could exploit this vulnerability by sending a request to roll back the configuration on for other controller and devices managed by an affected system. A successful exploit could allow the attacker to to roll back the configuration on for other controller and devices managed by an affected system.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-20253
CVE-2023-4066A flaw was found in Red Hat's AMQ Broker, which stores certain passwords in a secret security-properties-prop-module, defined in ActivemqArtemisSecurity CR; however, they are shown in plaintext in the StatefulSet details yaml of AMQ Broker.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-4066
CVE-2023-41911Samsung Mobile Processor Exynos 2200 allows a GPU Double Free (issue 1 of 2).5.5https://nvd.nist.gov/vuln/detail/CVE-2023-41911
CVE-2023-5321Missing Authorization in GitHub repository hamza417/inure prior to build94.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-5321
CVE-2023-42132FD Application Apr. 2022 Edition (Version 9.01) and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-42132
CVE-2021-37742app/View/Elements/GalaxyClusters/view_relation_tree.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster relationships.5.4https://nvd.nist.gov/vuln/detail/CVE-2021-37742
CVE-2022-45033A cross-site scripting (XSS) vulnerability in Expense Tracker 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Chat text field.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-45033
CVE-2023-0379The Spotlight Social Feeds WordPress plugin before 1.4.3 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks5.4https://nvd.nist.gov/vuln/detail/CVE-2023-0379
CVE-2023-29206XWiki Commons are technical libraries common to several other top level XWiki projects. There was no check in the author of a JavaScript xobject or StyleSheet xobject added in a XWiki document, so until now it was possible for a user having only Edit Right to create such object and to craft a script allowing to perform some operations when executing by a user with appropriate rights. This has been patched in XWiki 14.9-rc-1 by only executing the script if the author of it has Script rights.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-29206
CVE-2023-2349A vulnerability classified as problematic has been found in SourceCodester Service Provider Management System 1.0. Affected is an unknown function of the file /admin/index.php. The manipulation of the argument page leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227592.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-2349
CVE-2023-2350A vulnerability classified as problematic was found in SourceCodester Service Provider Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Users.php. The manipulation of the argument id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227593 was assigned to this vulnerability.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-2350
CVE-2023-20115A vulnerability in the SFTP server implementation for Cisco Nexus 3000 Series Switches and 9000 Series Switches in standalone NX-OS mode could allow an authenticated, remote attacker to download or overwrite files from the underlying operating system of an affected device. \r\n\r This vulnerability is due to a logic error when verifying the user role when an SFTP connection is opened to an affected device. An attacker could exploit this vulnerability by connecting and authenticating via SFTP as a valid, non-administrator user. A successful exploit could allow the attacker to read or overwrite files from the underlying operating system with the privileges of the authenticated user.\r\n\r There are workarounds that address this vulnerability.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-20115
CVE-2023-43376A cross-site scripting (XSS) vulnerability in /hoteldruid/clienti.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the nometipotariffa1 parameter.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43376
CVE-2023-27628Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Webvitaly Sitekit plugin <= 1.3 versions.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-27628
CVE-2023-30959In Apollo change requests, comments added by users could contain a javascript URI link that when rendered will result in an XSS that require user interaction.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-30959
CVE-2023-40417A window management issue was addressed with improved state management. This issue is fixed in Safari 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. Visiting a website that frames malicious content may lead to UI spoofing.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-40417
CVE-2023-40605Auth. (contributor) Cross-Site Scripting (XSS) vulnerability in 93digital Typing Effect plugin <= 1.3.6 versions.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-40605
CVE-2023-40669Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in twinpictures, baden03 Collapse-O-Matic plugin <= 1.8.5.5 versions.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-40669
CVE-2023-41888GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. The lack of path filtering on the GLPI URL may allow an attacker to transmit a malicious URL of login page that can be used to attempt a phishing attack on user credentials. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-41888
CVE-2023-41904Zoho ManageEngine ADManager Plus before 7203 allows 2FA bypass (for AuthToken generation) in REST APIs.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-41904
CVE-2023-43232A stored cross-site scripting (XSS) vulnerability in the Website column management function of DedeBIZ v6.2.11 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43232
CVE-2023-43331A cross-site scripting (XSS) vulnerability in the Add User function of Small CRM v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43331
CVE-2023-43828A Cross-site scripting (XSS) vulnerability in /panel/languages/ of Subrion v4.2.1 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into 'Title' parameter.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43828
CVE-2023-43830A Cross-site scripting (XSS) vulnerability in /panel/configuration/financial/ of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into several fields: 'Minimum deposit', 'Maximum deposit' and/or 'Maximum balance'.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43830
CVE-2023-43857Dreamer CMS v4.1.3 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component /admin/u/toIndex.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43857
CVE-2023-44042A stored cross-site scripting (XSS) vulnerability in /settings/index.php of Black Cat CMS 1.4.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website header parameter.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-44042
CVE-2023-44207Stored cross-site scripting (XSS) vulnerability in protection plan name. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-44207
CVE-2023-5135The Simple Cloudflare Turnstile plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'gravity-simple-turnstile' shortcode in versions up to, and including, 1.23.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-5135
CVE-2023-5161The Modal Window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 5.3.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-5161
CVE-2023-5162The Options for Twenty Seventeen plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'social-links' shortcode in versions up to, and including, 2.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-5162
CVE-2023-44048Sourcecodester Expense Tracker App v1 is vulnerable to Cross Site Scripting (XSS) via add category.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-44048
CVE-2023-43191JFinalCMS foreground message can be embedded malicious code saved in the database. When users browse the comments, these malicious codes embedded in the HTML will be executed, and the user's browser will be controlled by the attacker, so as to achieve the special purpose of the attacker, such as cookie theft5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43191
CVE-2023-44275OPNsense before 23.7.5 allows XSS via the index.php column_count parameter to the Lobby Dashboard.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-44275
CVE-2023-44276OPNsense before 23.7.5 allows XSS via the index.php sequence parameter to the Lobby Dashboard.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-44276
CVE-2023-5230The TM WooCommerce Compare & Wishlist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'tm_woo_wishlist_table' shortcode in versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-5230
CVE-2023-43871A File upload vulnerability in WBCE v.1.6.1 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS).5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43871
CVE-2023-43872A File upload vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS).5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43872
CVE-2023-43873A Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Name filed in the Manage Menu.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43873
CVE-2023-43874Multiple Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Copyright and Author fields in the Meta & Custom Tags Menu.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43874
CVE-2023-43876A Cross-Site Scripting (XSS) vulnerability in installation of October v.3.4.16 allows an attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost field.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43876
CVE-2023-43878Rite CMS 3.0 has Multiple Cross-Site scripting (XSS) vulnerabilities that allow attackers to execute arbitrary code via a crafted payload into the Main Menu Items in the Administration Menu.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43878
CVE-2023-43884A Cross-site scripting (XSS) vulnerability in Reference ID from the panel Transactions, of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into 'Reference ID' parameter.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43884
CVE-2023-44173Online Movie Ticket Booking System v1.0 is vulnerable to\n\nan authenticated Reflected Cross-Site Scripting vulnerability.\n\n\n\n5.4https://nvd.nist.gov/vuln/detail/CVE-2023-44173
CVE-2023-44174Online Movie Ticket Booking System v1.0 is vulnerable to\n\nan authenticated Stored Cross-Site Scripting vulnerability.\n\n\n\n5.4https://nvd.nist.gov/vuln/detail/CVE-2023-44174
CVE-2023-5195Mattermost fails to properly validate the permissions when soft deleting a team allowing a team member to soft delete other teams that they are not part of\n\n5.4https://nvd.nist.gov/vuln/detail/CVE-2023-5195
CVE-2023-43944A Stored Cross Site Scripting (XSS) vulnerability was found in SourceCodester Task Management System 1.0. It allows attackers to execute arbitrary code via parameter field in index.php?page=project_list.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43944
CVE-2023-41666Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Stockdio Stock Quotes List plugin <= 2.9.9 versions.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-41666
CVE-2023-41687Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Irina Sokolovskaya Goods Catalog plugin <= 2.4.1 versions.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-41687
CVE-2023-5273A vulnerability classified as problematic was found in SourceCodester Best Courier Management System 1.0. This vulnerability affects unknown code of the file manage_parcel_status.php. The manipulation of the argument id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-240886 is the identifier assigned to this vulnerability.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-5273
CVE-2023-5286A vulnerability, which was classified as problematic, has been found in SourceCodester Expense Tracker App v1. Affected by this issue is some unknown functionality of the file add_category.php of the component Category Handler. The manipulation of the argument category_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-240914 is the identifier assigned to this vulnerability.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-5286
CVE-2023-5317Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-5317
CVE-2023-5319Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-5319
CVE-2023-43702Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the "tracking_number" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43702
CVE-2023-43703Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the "product_info[][name]" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43703
CVE-2023-43704Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the "title" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43704
CVE-2023-43705Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the "translation_value[1]" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43705
CVE-2023-43706Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the "email_templates_key" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43706
CVE-2023-43707Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the "CatalogsPageDescriptionForm[1][name]\n" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43707
CVE-2023-43708Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the "configuration_title[1](MODULE_PAYMENT_SAGE_PAY_SERVER_TEXT_TITLE)" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43708
CVE-2023-43709Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the "configuration_title[1](MODULE)" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43709
CVE-2023-43710Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the "configuration_title[1][MODULE_SHIPPING_PERCENT_TEXT_TITLE]" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43710
CVE-2023-43711Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the "admin_firstname" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43711
CVE-2023-5302A vulnerability, which was classified as problematic, has been found in SourceCodester Best Courier Management System 1.0. This issue affects some unknown processing of the component Manage Account Page. The manipulation of the argument First Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240941 was assigned to this vulnerability.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-5302
CVE-2023-43712Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the "access_levels_name" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43712
CVE-2023-43713Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability,\nwhich allows attackers to inject JS via the "title" parameter, in the "/admin/admin-menu/add-submit"\nendpoint, which can lead to unauthorized execution of scripts in a user's web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43713
CVE-2023-43714Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the "SKIP_CART_PAGE_TITLE[1]" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43714
CVE-2023-43715Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the "ENTRY_FIRST_NAME_MIN_LENGTH_TITLE[1]" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43715
CVE-2023-43716Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the "MAX_DISPLAY_NEW_PRODUCTS_TITLE[1]" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43716
CVE-2023-43717Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the "MSEARCH_HIGHLIGHT_ENABLE_TITLE[1]" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43717
CVE-2023-43718Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the "MSEARCH_ENABLE_TITLE[1]" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43718
CVE-2023-43719Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the "SHIPPING_GENDER_TITLE[1]" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43719
CVE-2023-43720Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the "BILLING_GENDER_TITLE[1]" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43720
CVE-2023-43721Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the "PACKING_SLIPS_SUMMARY_TITLE[1]" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43721
CVE-2023-43722Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the "orders_status_groups_name[1]" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43722
CVE-2023-43723Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the "orders_status_name[1]" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43723
CVE-2023-43724Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the "derb6zmklgtjuhh2cn5chn2qjbm2stgmfa4.oastify.comscription[1][name]" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43724
CVE-2023-43725Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the "orders_products_status_name_long[1]" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43725
CVE-2023-43726Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the "orders_products_status_manual_name_long[1]" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43726
CVE-2023-43727Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the "stock_indication_text[1]" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43727
CVE-2023-43728Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the "stock_delivery_terms_text[1]" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43728
CVE-2023-43729Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the "xsell_type_name[1]" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43729
CVE-2023-43730Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the "countries_name[1]" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43730
CVE-2023-43731Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the "zone_name" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43731
CVE-2023-43732Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the "tax_class_title" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43732
CVE-2023-43733Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the "company_address" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43733
CVE-2023-43734Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the "name" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43734
CVE-2023-43735Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the "formats_titles[7]" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43735
CVE-2023-5111Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the "featured_type_name[1]" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-5111
CVE-2023-5112Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the "specials_type_name[1]" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-5112
CVE-2023-41728Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Rescue Themes Rescue Shortcodes plugin <= 2.5 versions.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-41728
CVE-2023-41797Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Gold Plugins Locations plugin <= 4.0 versions.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-41797
CVE-2023-44477Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Boxy Studio Cooked plugin <= 1.7.13 versions.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-44477
CVE-2023-44242Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in 2J Slideshow Team Slideshow, Image Slider by 2J plugin <= 1.3.54 versions.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-44242
CVE-2023-44264Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Arrow Plugins The Awesome Feed – Custom Feed plugin <= 2.2.5 versions.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-44264
CVE-2019-6976libvips before 8.7.4 generates output images from uninitialized memory locations when processing corrupted input image data because iofuncs/memory.c does not zero out allocated memory. This can result in leaking raw process memory contents through the output image.5.3https://nvd.nist.gov/vuln/detail/CVE-2019-6976
CVE-2020-9407IBL Online Weather before 4.3.5a allows attackers to obtain sensitive information by reading the IWEBSERVICE_JSONRPC_COOKIE cookie.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-9407
CVE-2020-20739im_vips2dz in /libvips/libvips/deprecated/im_vips2dz.c in libvips before 8.8.2 has an uninitialized variable which may cause the leakage of remote server path or stack address.5.3https://nvd.nist.gov/vuln/detail/CVE-2020-20739
CVE-2021-30004In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-30004
CVE-2021-34434In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoked when a durable client is offline, then existing subscriptions for that client are not revoked.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-34434
CVE-2021-40171The absence of notifications regarding an ongoing RF jamming attack in the SecuritasHome home alarm system, version HPGW-G 0.0.2.23F BG_U-ITR-F1-BD_BL.A30.20181117, allows an attacker to block legitimate traffic while not alerting the owner of the system.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-40171
CVE-2023-21720Microsoft Edge (Chromium-based) Tampering Vulnerability5.3https://nvd.nist.gov/vuln/detail/CVE-2023-21720
CVE-2023-20052On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed:\r\n\r \r A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on an affected device.\r\n\r \r This vulnerability is due to enabling XML entity substitution that may result in XML external entity injection. An attacker could exploit this vulnerability by submitting a crafted DMG file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to leak bytes from any file that may be read by the ClamAV scanning process.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-20052
CVE-2023-28486Sudo before 1.9.13 does not escape control characters in log messages.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-28486
CVE-2023-28487Sudo before 1.9.13 does not escape control characters in sudoreplay output.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-28487
CVE-2023-0466The function X509_VERIFY_PARAM_add0_policy() is documented to\nimplicitly enable the certificate policy check when doing certificate\nverification. However the implementation of the function does not\nenable the check which allows certificates with invalid or incorrect\npolicies to pass the certificate verification.\n\nAs suddenly enabling the policy check could break existing deployments it was\ndecided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy()\nfunction.\n\nInstead the applications that require OpenSSL to perform certificate\npolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly\nenable the policy check by calling X509_VERIFY_PARAM_set_flags() with\nthe X509_V_FLAG_POLICY_CHECK flag argument.\n\nCertificate policy checks are disabled by default in OpenSSL and are not\ncommonly used by applications.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-0466
CVE-2023-26048Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. This issue has been patched in versions 9.4.51, 10.0.14, and 11.0.14. Users are advised to upgrade. Users unable to upgrade may set the multipart parameter `maxRequestSize` which must be set to a non-negative value, so the whole multipart content is limited (although still read into memory).5.3https://nvd.nist.gov/vuln/detail/CVE-2023-26048
CVE-2023-26049Jetty is a java based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE="b; JSESSIONID=1337; c=d"` will be parsed as one cookie, with the name DISPLAY_LANGUAGE and a value of b; JSESSIONID=1337; c=d instead of 3 separate cookies. This has security implications because if, say, JSESSIONID is an HttpOnly cookie, and the DISPLAY_LANGUAGE cookie value is rendered on the page, an attacker can smuggle the JSESSIONID cookie into the DISPLAY_LANGUAGE cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server or its logging system. This issue has been addressed in versions 9.4.51, 10.0.14, 11.0.14, and 12.0.0.beta0 and users are advised to upgrade. There are no known workarounds for this issue.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-26049
CVE-2023-3431Improper Access Control in GitHub repository plantuml/plantuml prior to 1.2023.9.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-3431
CVE-2023-3446Issue summary: Checking excessively long DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_check(), DH_check_ex()\nor EVP_PKEY_param_check() to check a DH key or DH parameters may experience long\ndelays. Where the key or parameters that are being checked have been obtained\nfrom an untrusted source this may lead to a Denial of Service.\n\nThe function DH_check() performs various checks on DH parameters. One of those\nchecks confirms that the modulus ('p' parameter) is not too large. Trying to use\na very large modulus is slow and OpenSSL will not normally use a modulus which\nis over 10,000 bits in length.\n\nHowever the DH_check() function checks numerous aspects of the key or parameters\nthat have been supplied. Some of those checks use the supplied modulus value\neven if it has already been found to be too large.\n\nAn application that calls DH_check() and supplies a key or parameters obtained\nfrom an untrusted source could be vulernable to a Denial of Service attack.\n\nThe function DH_check() is itself called by a number of other OpenSSL functions.\nAn application calling any of those other functions may similarly be affected.\nThe other functions affected by this are DH_check_ex() and\nEVP_PKEY_param_check().\n\nAlso vulnerable are the OpenSSL dhparam and pkeyparam command line applications\nwhen using the '-check' option.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-3446
CVE-2021-25786An issue was discovered in QPDF version 10.0.4, allows remote attackers to execute arbitrary code via crafted .pdf file to Pl_ASCII85Decoder::write parameter in libqpdf.5.3https://nvd.nist.gov/vuln/detail/CVE-2021-25786
CVE-2023-36844A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environment variables.\n\nUsing a crafted request an attacker is able to modify \n\ncertain PHP environment variables leading to partial loss of integrity, which may allow chaining to other vulnerabilities.\nThis issue affects Juniper Networks Junos OS on EX Series:\n\n\n\n * All versions prior to 20.4R3-S9;\n * 21.1 versions 21.1R1 and later;\n * 21.2 versions prior to 21.2R3-S7;\n * 21.3 versions \n\nprior to \n\n 21.3R3-S5;\n * 21.4 versions \n\nprior to \n\n21.4R3-S5;\n * 22.1 versions \n\nprior to \n\n22.1R3-S4;\n * 22.2 versions \n\nprior to \n\n22.2R3-S2;\n * 22.3 versions \n\nprior to 22.3R3-S1;\n * 22.4 versions \n\nprior to \n\n22.4R2-S2, 22.4R3;\n * 23.2 versions prior to \n\n23.2R1-S1, 23.2R2.\n\n\n\n\n5.3https://nvd.nist.gov/vuln/detail/CVE-2023-36844
CVE-2023-40167Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the `+` character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. Versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1 contain a patch for this issue. There is no workaround as there is no known exploit scenario.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-40167
CVE-2023-43617An issue was discovered in Croc through 9.6.5. When a custom shared secret is used, the sender and receiver may divulge parts of this secret to an untrusted Relay, as part of composing a room name.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-43617
CVE-2023-36851A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.\n\n\n\nWith a specific request to \n\nwebauth_operation.php\n\nthat doesn't require authentication, an attacker is able to upload arbitrary files via J-Web, leading to a loss of \n\nintegrity\n\nfor a certain part of the file system, which may allow chaining to other vulnerabilities.\n\n\nThis issue affects Juniper Networks Junos OS on SRX Series:\n\n\n\n * 22.4 versions prior to 22,4R2-S2, 22.4R3;\n * 23.2 versions prior to 23.2R2.\n\n\n\n\n5.3https://nvd.nist.gov/vuln/detail/CVE-2023-36851
CVE-2023-40049\n\n\nIn WS_FTP Server version prior to 8.8.2,\n\n an unauthenticated user could enumerate files under the 'WebServiceHost' directory listing.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-40049
CVE-2023-41311Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause an app to be activated automatically.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-41311
CVE-2023-41312Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause several apps to be activated automatically.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-41312
CVE-2023-41323GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An unauthenticated user can enumerate users logins. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-41323
CVE-2023-43775Denial-of-service vulnerability in the web server of the Eaton SMP Gateway allows \n\nattacker to potentially force an unexpected restart of the automation platform, impacting the availability of the product. In rare situations, the issue could cause\nthe SMP device to restart in Safe Mode or Max Safe Mode. When in Max Safe Mode, the product is\nnot vulnerable anymore.\n5.3https://nvd.nist.gov/vuln/detail/CVE-2023-43775
CVE-2023-44205Sensitive information disclosure due to improper authorization. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-44205
CVE-2023-4565Broadcast permission control vulnerability in the framework module. Successful exploitation of this vulnerability may cause the hotspot feature to be unavailable.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-4565
CVE-2023-38871The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer has a user enumeration vulnerability in the login and forgot password functionalities. The app reacts differently when a user or email address is valid, and when it's not. This may allow an attacker to determine whether a user or email address is valid, or brute force valid usernames and email addresses.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-38871
CVE-2023-26148All versions of the package ithewei/libhv are vulnerable to CRLF Injection when untrusted user input is used to set request headers. An attacker can add the \\r\\n (carriage return line feeds) characters and inject additional headers in the request sent.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-26148
CVE-2023-3914A business logic error in GitLab EE affecting all versions prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows access to internal projects. A service account is not deleted when a namespace is deleted, allowing access to internal projects.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-3914
CVE-2023-2358\nHitachi Vantara Pentaho Business Analytics Server prior to versions 9.5.0.0 and 9.3.0.4, including 8.3.x.x, saves passwords of the Hadoop Copy Files step in plaintext. \n\n4.9https://nvd.nist.gov/vuln/detail/CVE-2023-2358
CVE-2023-43493SQL injection vulnerability in Item List page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with author or higher privilege to obtain sensitive information.4.9https://nvd.nist.gov/vuln/detail/CVE-2023-43493
CVE-2023-4505The Staff / Employee Business Directory for Active Directory plugin for WordPress is vulnerable to LDAP Passback in versions up to, and including, 1.2.3. This is due to insufficient validation when changing the LDAP server. This makes it possible for authenticated attackers, with administrative access and above, to change the LDAP server and retrieve the credentials for the original LDAP server.4.9https://nvd.nist.gov/vuln/detail/CVE-2023-4505
CVE-2023-3775A Vault Enterprise Sentinel Role Governing Policy created by an operator to restrict access to resources in one namespace can be applied to requests outside in another non-descendant namespace, potentially resulting in denial of service. Fixed in Vault Enterprise 1.15.0, 1.14.4, 1.13.8.4.9https://nvd.nist.gov/vuln/detail/CVE-2023-3775
CVE-2023-5259A vulnerability classified as problematic was found in ForU CMS. This vulnerability affects unknown code of the file /admin/cms_admin.php. The manipulation of the argument del leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The identifier of this vulnerability is VDB-240868.4.9https://nvd.nist.gov/vuln/detail/CVE-2023-5259
CVE-2023-25483Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ankit Agarwal, Priyanshu Mittal Easy Coming Soon plugin <= 2.3 versions.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-25483
CVE-2023-27617Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in David F. Carr RSVPMaker plugin <= 10.6.6 versions.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-27617
CVE-2023-27622Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Abel Ruiz GuruWalk Affiliates plugin <= 1.0.0 versions.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-27622
CVE-2023-28790Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Brett Shumaker Simple Staff List plugin <= 2.2.3 versions.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-28790
CVE-2023-40047\n\n\nIn WS_FTP Server version prior to 8.8.2, a stored cross-site scripting (XSS) vulnerability exists in WS_FTP Server's Management module. An attacker with administrative privileges could import a SSL certificate with malicious attributes containing cross-site scripting payloads.  Once the cross-site scripting payload is successfully stored,  an attacker could leverage this vulnerability to target WS_FTP Server admins with a specialized payload which results in the execution of malicious JavaScript within the context of the victims browser.\n\n\n\n\n\n4.8https://nvd.nist.gov/vuln/detail/CVE-2023-40047
CVE-2023-40604Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jes Madsen Cookies by JM plugin <= 1.0 versions.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-40604
CVE-2023-40665Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pdfcrowd Save as Image plugin by Pdfcrowd plugin <= 2.16.0 versions.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-40665
CVE-2023-40668Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pdfcrowd Save as PDF plugin by Pdfcrowd plugin <= 2.16.0 versions.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-40668
CVE-2023-40675Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PluginOps Landing Page Builder plugin <= 1.5.1.2 versions.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-40675
CVE-2023-40676Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jason Crouse, VeronaLabs Slimstat Analytics plugin <= 5.0.8 versions.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-40676
CVE-2023-40677Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Vertical marquee plugin <= 7.1 versions.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-40677
CVE-2023-41241Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SureCart WordPress Ecommerce For Creating Fast Online Stores plugin <= 2.5.0 versions.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-41241
CVE-2023-41242Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Hassan Ali Snap Pixel plugin <= 1.5.7 versions.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-41242
CVE-2023-4423The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.1.37.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-4423
CVE-2023-43879Rite CMS 3.0 has a Cross-Site scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload into the Global Content Blocks in the Administration Menu.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-43879
CVE-2023-41655Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Andreas Heigl authLdap plugin <= 2.5.9 versions.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-41655
CVE-2023-41657Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Groundhogg Inc. HollerBox plugin <= 2.3.2 versions.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-41657
CVE-2023-41661Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PressPage Entertainment Inc. Smarty for WordPress plugin <= 3.1.35 versions.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-41661
CVE-2023-41729Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SendPress Newsletters plugin <= 1.22.3.31 versions.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-41729
CVE-2023-41731Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution WordPress publish post email notification plugin <= 1.0.2.2 versions.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-41731
CVE-2023-41733Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in YYDevelopment Back To The Top Button plugin <= 2.1.5 versions.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-41733
CVE-2023-41734Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nigauri Insert Estimated Reading Time plugin <= 1.2 versions.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-41734
CVE-2023-41736Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Email posts to subscribers plugin <= 6.2 versions.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-41736
CVE-2023-41737Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPGens Swifty Bar, sticky bar by WPGens plugin <= 1.2.10 versions.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-41737
CVE-2023-44265Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Popup contact form plugin <= 7.1 versions.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-44265
CVE-2023-44266Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jewel Theme WP Adminify plugin <= 3.1.6 versions.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-44266
CVE-2023-31083An issue was discovered in drivers/bluetooth/hci_ldisc.c in the Linux kernel 6.2. In hci_uart_tty_ioctl, there is a race condition between HCIUARTSETPROTO and HCIUARTGETPROTO. HCI_UART_PROTO_SET is set before hu->proto is set. A NULL pointer dereference may occur.4.7https://nvd.nist.gov/vuln/detail/CVE-2023-31083
CVE-2023-29354Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability4.7https://nvd.nist.gov/vuln/detail/CVE-2023-29354
CVE-2023-2898There is a null-pointer-dereference flaw found in f2fs_write_end_io in fs/f2fs/data.c in the Linux kernel. This flaw allows a local privileged user to cause a denial of service problem.4.7https://nvd.nist.gov/vuln/detail/CVE-2023-2898
CVE-2023-41051In a typical Virtual Machine Monitor (VMM) there are several components, such as boot loader, virtual device drivers, virtio backend drivers and vhost drivers, that need to access the VM physical memory. The vm-memory rust crate provides a set of traits to decouple VM memory consumers from VM memory providers. An issue was discovered in the default implementations of the `VolatileMemory::{get_atomic_ref, aligned_as_ref, aligned_as_mut, get_ref, get_array_ref}` trait functions, which allows out-of-bounds memory access if the `VolatileMemory::get_slice` function returns a `VolatileSlice` whose length is less than the function’s `count` argument. No implementations of `get_slice` provided in `vm_memory` are affected. Users of custom `VolatileMemory` implementations may be impacted if the custom implementation does not adhere to `get_slice`'s documentation. The issue started in version 0.1.0 but was fixed in version 0.12.2 by inserting a check that verifies that the `VolatileSlice` returned by `get_slice` is of the correct length. Users are advised to upgrade. There are no known workarounds for this issue.\n4.7https://nvd.nist.gov/vuln/detail/CVE-2023-41051
CVE-2023-41979A race condition was addressed with improved locking. This issue is fixed in macOS Sonoma 14. An app may be able to modify protected parts of the file system.4.7https://nvd.nist.gov/vuln/detail/CVE-2023-41979
CVE-2023-42756A flaw was found in the Netfilter subsystem of the Linux kernel. A race condition between IPSET_CMD_ADD and IPSET_CMD_SWAP can lead to a kernel panic due to the invocation of `__ip_set_put` on a wrong `set`. This issue may allow a local user to crash the system.4.7https://nvd.nist.gov/vuln/detail/CVE-2023-42756
CVE-2023-0194NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer driver, where an invalid display configuration may lead to denial of service.4.6https://nvd.nist.gov/vuln/detail/CVE-2023-0194
CVE-2021-1233A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information on an affected device. The vulnerability is due to insufficient input validation of requests that are sent to the iperf tool. An attacker could exploit this vulnerability by sending a crafted request to the iperf tool, which is included in Cisco SD-WAN Software. A successful exploit could allow the attacker to obtain any file from the filesystem of an affected device.4.4https://nvd.nist.gov/vuln/detail/CVE-2021-1233
CVE-2023-2269A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component.4.4https://nvd.nist.gov/vuln/detail/CVE-2023-2269
CVE-2023-3212A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structure after it has been freed and set to NULL. A privileged local user could use this flaw to cause a kernel panic.4.4https://nvd.nist.gov/vuln/detail/CVE-2023-3212
CVE-2023-41981The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations.4.4https://nvd.nist.gov/vuln/detail/CVE-2023-41981
CVE-2023-32819In display, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07993705; Issue ID: ALPS08014138.4.4https://nvd.nist.gov/vuln/detail/CVE-2023-32819
CVE-2021-33683SAP Web Dispatcher and Internet Communication Manager (ICM), versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.73, WEBDISP 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, KERNEL 7.21, 7.22, 7.49, 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, process invalid HTTP header. The incorrect handling of the invalid Transfer-Encoding header in a particular manner leads to a possibility of HTTP Request Smuggling attack. An attacker could exploit this vulnerability to bypass web application firewall protection, divert sensitive data such as customer requests, session credentials, etc.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-33683
CVE-2021-45096KNIME Analytics Platform before 4.5.0 is vulnerable to XXE (external XML entity injection) via a crafted workflow file (.knwf), aka AP-17730.4.3https://nvd.nist.gov/vuln/detail/CVE-2021-45096
CVE-2022-3661Insufficient data validation in Extensions in Google Chrome prior to 107.0.5304.62 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted Chrome extension. (Chromium security severity: Low)4.3https://nvd.nist.gov/vuln/detail/CVE-2022-3661
CVE-2023-21794Microsoft Edge (Chromium-based) Spoofing Vulnerability4.3https://nvd.nist.gov/vuln/detail/CVE-2023-21794
CVE-2023-29334Microsoft Edge (Chromium-based) Spoofing Vulnerability4.3https://nvd.nist.gov/vuln/detail/CVE-2023-29334
CVE-2023-2462Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to obfuscate main origin data via a crafted HTML page. (Chromium security severity: Medium)4.3https://nvd.nist.gov/vuln/detail/CVE-2023-2462
CVE-2023-2463Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium)4.3https://nvd.nist.gov/vuln/detail/CVE-2023-2463
CVE-2023-2464Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to perform an origin spoof in the security UI via a crafted HTML page. (Chromium security severity: Medium)4.3https://nvd.nist.gov/vuln/detail/CVE-2023-2464
CVE-2023-2465Inappropriate implementation in CORS in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)4.3https://nvd.nist.gov/vuln/detail/CVE-2023-2465
CVE-2023-2466Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: Low)4.3https://nvd.nist.gov/vuln/detail/CVE-2023-2466
CVE-2023-2467Inappropriate implementation in Prompts in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to bypass permissions restrictions via a crafted HTML page. (Chromium security severity: Low)4.3https://nvd.nist.gov/vuln/detail/CVE-2023-2467
CVE-2023-2468Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who had compromised the renderer process to obfuscate the security UI via a crafted HTML page. (Chromium security severity: Low)4.3https://nvd.nist.gov/vuln/detail/CVE-2023-2468
CVE-2023-4900Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate a permission prompt via a crafted HTML page. (Chromium security severity: Medium)4.3https://nvd.nist.gov/vuln/detail/CVE-2023-4900
CVE-2023-4901Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium)4.3https://nvd.nist.gov/vuln/detail/CVE-2023-4901
CVE-2023-4902Inappropriate implementation in Input in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)4.3https://nvd.nist.gov/vuln/detail/CVE-2023-4902
CVE-2023-4903Inappropriate implementation in Custom Mobile Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)4.3https://nvd.nist.gov/vuln/detail/CVE-2023-4903
CVE-2023-4904Insufficient policy enforcement in Downloads in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Enterprise policy restrictions via a crafted download. (Chromium security severity: Medium)4.3https://nvd.nist.gov/vuln/detail/CVE-2023-4904
CVE-2023-4905Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium)4.3https://nvd.nist.gov/vuln/detail/CVE-2023-4905
CVE-2023-4906Insufficient policy enforcement in Autofill in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low)4.3https://nvd.nist.gov/vuln/detail/CVE-2023-4906
CVE-2023-4907Inappropriate implementation in Intents in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low)4.3https://nvd.nist.gov/vuln/detail/CVE-2023-4907
CVE-2023-4908Inappropriate implementation in Picture in Picture in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low)4.3https://nvd.nist.gov/vuln/detail/CVE-2023-4908
CVE-2023-4909Inappropriate implementation in Interstitials in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low)4.3https://nvd.nist.gov/vuln/detail/CVE-2023-4909
CVE-2023-36479Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. This issue was patched in version 9.4.52, 10.0.16, 11.0.16 and 12.0.0-beta2.\n4.3https://nvd.nist.gov/vuln/detail/CVE-2023-36479
CVE-2023-41900Jetty is a Java based web server and servlet engine. Versions 9.4.21 through 9.4.51, 10.0.15, and 11.0.15 are vulnerable to weak authentication. If a Jetty `OpenIdAuthenticator` uses the optional nested `LoginService`, and that `LoginService` decides to revoke an already authenticated user, then the current request will still treat the user as authenticated. The authentication is then cleared from the session and subsequent requests will not be treated as authenticated. So a request on a previously authenticated session could be allowed to bypass authentication after it had been rejected by the `LoginService`. This impacts usages of the jetty-openid which have configured a nested `LoginService` and where that `LoginService` will is capable of rejecting previously authenticated users. Versions 9.4.52, 10.0.16, and 11.0.16 have a patch for this issue.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-41900
CVE-2022-4245A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-4245
CVE-2023-35984The issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An attacker in physical proximity can cause a limited out of bounds write.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-35984
CVE-2023-40388A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14. Safari may save photos to an unprotected location.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-40388
CVE-2023-40532Path traversal vulnerability in Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with author or higher privilege to obtain partial information of the files on the web server.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-40532
CVE-2023-42453Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Users were able to forge read receipts for any event (if they knew the room ID and event ID). Note that the users were not able to view the events, but simply mark it as read. This could be confusing as clients will show the event as read by the user, even if they are not in the room. This issue has been patched in version 1.93.0. Users are advised to upgrade. There are no known workarounds for this issue.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-42453
CVE-2023-40026Argo CD is a declarative continuous deployment framework for Kubernetes. In Argo CD versions prior to 2.3 (starting at least in v0.1.0, but likely in any version using Helm before 2.3), using a specifically-crafted Helm file could reference external Helm charts handled by the same repo-server to leak values, or files from the referenced Helm Chart. This was possible because Helm paths were predictable. The vulnerability worked by adding a Helm chart that referenced Helm resources from predictable paths. Because the paths of Helm charts were predictable and available on an instance of repo-server, it was possible to reference and then render the values and resources from other existing Helm charts regardless of permissions. While generally, secrets are not stored in these files, it was nevertheless possible to reference any values from these charts. This issue was fixed in Argo CD 2.3 and subsequent versions by randomizing Helm paths. User's still using Argo CD 2.3 or below are advised to update to a supported version. If this is not possible, disabling Helm chart rendering, or using an additional repo-server for each Helm chart would prevent possible exploitation.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-40026
CVE-2023-43663PrestaShop is an Open Source e-commerce web application. In affected versions any module can be disabled or uninstalled from back office, even with low user right. This allows low privileged users to disable portions of a shops functionality. Commit `ce1f6708` addresses this issue and is included in version 8.1.2. Users are advised to upgrade. There are no known workarounds for this issue.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-43663
CVE-2023-43664PrestaShop is an Open Source e-commerce web application. In the Prestashop Back office interface, an employee can list all modules without any access rights: method `ajaxProcessGetPossibleHookingListForModule` doesn't check access rights. This issue has been addressed in commit `15bd281c` which is included in version 8.1.2. Users are advised to upgrade. There are no known workaround for this issue.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-43664
CVE-2023-2233An improper authorization issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16.2.8, all versions starting from 16.3 before 16.3.5 and all versions starting from 16.4 before 16.4.1. It allows a project reporter to leak the owner's Sentry instance projects.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-2233
CVE-2023-3115An issue has been discovered in GitLab EE affecting all versions affecting all versions from 11.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. Single Sign On restrictions were not correctly enforced for indirect project members accessing public members-only project repositories.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-3115
CVE-2023-3920An issue has been discovered in GitLab affecting all versions starting from 11.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that a maintainer to create a fork relationship between existing projects contrary to the documentation.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-3920
CVE-2023-3979An issue has been discovered in GitLab affecting all versions starting from 10.6 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that upstream members to collaborate with you on your branch get permission to write to the merge request’s source branch.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-3979
CVE-2023-44469A Server-Side Request Forgery issue in the OpenID Connect Issuer in LemonLDAP::NG before 2.17.1 allows authenticated remote attackers to send GET requests to arbitrary URLs through the request_uri authorization parameter. This is similar to CVE-2020-10770.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-44469
CVE-2023-4532An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. Users were capable of linking CI/CD jobs of private projects which they are not a member of.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-4532
CVE-2023-5198An issue has been discovered in GitLab affecting all versions prior to 16.2.7, all versions starting from 16.3 before 16.3.5, and all versions starting from 16.4 before 16.4.1. It was possible for a removed project member to write to protected branches using deploy keys.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-5198
CVE-2023-5194Mattermost fails to properly validate permissions when demoting and deactivating a user allowing for a system/user manager to demote / deactivate another manager\n\n4.3https://nvd.nist.gov/vuln/detail/CVE-2023-5194
CVE-2023-41306Vulnerability of mutex management in the bone voice ID trusted application (TA) module. Successful exploitation of this vulnerability may cause the bone voice ID feature to be unavailable.3.7https://nvd.nist.gov/vuln/detail/CVE-2023-41306
CVE-2023-41335Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. When users update their passwords, the new credentials may be briefly held in the server database. While this doesn't grant the server any added capabilities—it already learns the users' passwords as part of the authentication process—it does disrupt the expectation that passwords won't be stored in the database. As a result, these passwords could inadvertently be captured in database backups for a longer duration. These temporarily stored passwords are automatically erased after a 48-hour window. This issue has been addressed in version 1.93.0. Users are advised to upgrade. There are no known workarounds for this issue.3.7https://nvd.nist.gov/vuln/detail/CVE-2023-41335
CVE-2023-38872An Insecure Direct Object Reference (IDOR) vulnerability in gugoan Economizzer commit 3730880 (April 2023) and v.0.9-beta1 allows any unauthenticated attacker to access cash book entry attachments of any other user, if they know the Id of the attachment.3.7https://nvd.nist.gov/vuln/detail/CVE-2023-38872
CVE-2023-5313A vulnerability classified as problematic was found in phpkobo Ajax Poll Script 3.18. Affected by this vulnerability is an unknown functionality of the file ajax-poll.php of the component Poll Handler. The manipulation leads to improper enforcement of a single, unique action. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240949 was assigned to this vulnerability.3.7https://nvd.nist.gov/vuln/detail/CVE-2023-5313
CVE-2023-44128he vulnerability is to delete arbitrary files in LGInstallService ("com.lge.lginstallservies") app. The app contains the exported "com.lge.lginstallservies.InstallService" service that exposes an AIDL interface. All its "installPackage*" methods are finally calling the "installPackageVerify()" method that performs signature validation after the delete file method. An attacker can control conditions so this security check is never performed and an attacker-controlled file is deleted.3.6https://nvd.nist.gov/vuln/detail/CVE-2023-44128
CVE-2023-41332Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In Cilium clusters where Cilium's Layer 7 proxy has been disabled, creating workloads with `policy.cilium.io/proxy-visibility` annotations (in Cilium >= v1.13) or `io.cilium.proxy-visibility` annotations (in Cilium <= v1.12) causes the Cilium agent to segfault on the node to which the workload is assigned. Existing traffic on the affected node will continue to flow, but the Cilium agent on the node will not able to process changes to workloads running on the node. This will also prevent workloads from being able to start on the affected node. The denial of service will be limited to the node on which the workload is scheduled, however an attacker may be able to schedule workloads on the node of their choosing, which could lead to targeted attacks. This issue has been resolved in Cilium versions 1.14.2, 1.13.7, and 1.12.14. Users unable to upgrade can avoid this denial of service attack by enabling the Layer 7 proxy.\n\n3.5https://nvd.nist.gov/vuln/detail/CVE-2023-41332
CVE-2023-3906An input validation issue in the asset proxy in GitLab EE, affecting all versions from 12.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1, allowed an authenticated attacker to craft image urls which bypass the asset proxy.3.5https://nvd.nist.gov/vuln/detail/CVE-2023-3906
CVE-2021-31498This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-12744.3.3https://nvd.nist.gov/vuln/detail/CVE-2021-31498
CVE-2021-31501This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-13310.3.3https://nvd.nist.gov/vuln/detail/CVE-2021-31501
CVE-2021-31506This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-13674.3.3https://nvd.nist.gov/vuln/detail/CVE-2021-31506
CVE-2023-29497A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14. An app may be able to access calendar data saved to a temporary directory.3.3https://nvd.nist.gov/vuln/detail/CVE-2023-29497
CVE-2023-35990The issue was addressed with improved checks. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14. An app may be able to identify what other apps a user has installed.3.3https://nvd.nist.gov/vuln/detail/CVE-2023-35990
CVE-2023-37448A lock screen issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14. A user may be able to view restricted content from the lock screen.3.3https://nvd.nist.gov/vuln/detail/CVE-2023-37448
CVE-2023-40384A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information.3.3https://nvd.nist.gov/vuln/detail/CVE-2023-40384
CVE-2023-40386A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14. An app may be able to access Notes attachments.3.3https://nvd.nist.gov/vuln/detail/CVE-2023-40386
CVE-2023-40395The issue was addressed with improved handling of caches. This issue is fixed in tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access contacts.3.3https://nvd.nist.gov/vuln/detail/CVE-2023-40395
CVE-2023-40427The issue was addressed with improved handling of caches. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information.3.3https://nvd.nist.gov/vuln/detail/CVE-2023-40427
CVE-2023-40434A configuration issue was addressed with additional restrictions. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access a user's Photos Library.3.3https://nvd.nist.gov/vuln/detail/CVE-2023-40434
CVE-2023-40456The issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10. An app may be able to access edited photos saved to a temporary directory.3.3https://nvd.nist.gov/vuln/detail/CVE-2023-40456
CVE-2023-40520The issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10. An app may be able to access edited photos saved to a temporary directory.3.3https://nvd.nist.gov/vuln/detail/CVE-2023-40520
CVE-2023-41065A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to read sensitive location information.3.3https://nvd.nist.gov/vuln/detail/CVE-2023-41065
CVE-2023-41310Keep-alive vulnerability in the sticky broadcast mechanism. Successful exploitation of this vulnerability may cause malicious apps to run continuously in the background.3.3https://nvd.nist.gov/vuln/detail/CVE-2023-41310
CVE-2023-44124The vulnerability is to theft of arbitrary files with system privilege in the Screen recording ("com.lge.gametools.gamerecorder") app in the "com/lge/gametools/gamerecorder/settings/ProfilePreferenceFragment.java" file. The main problem is that the app launches implicit intents that can be intercepted by third-party apps installed on the same device. They also can return arbitrary data that will be passed to the "onActivityResult()" method. The Screen recording app saves contents of arbitrary URIs to SD card which is a world-readable storage.3.3https://nvd.nist.gov/vuln/detail/CVE-2023-44124
CVE-2023-44129The vulnerability is that the Messaging ("com.android.mms") app patched by LG forwards attacker-controlled intents back to the attacker in the exported "com.android.mms.ui.QClipIntentReceiverActivity" activity. The attacker can abuse this functionality by launching this activity and then sending a broadcast with the "com.lge.message.action.QCLIP" action. The attacker can send, e.g., their own data/clipdata and set Intent.FLAG_GRANT_* flags. After the attacker received that intent in the "onActivityResult()" method, they would have access to arbitrary content providers that have the `android:grantUriPermissions="true"` flag set.3.3https://nvd.nist.gov/vuln/detail/CVE-2023-44129
CVE-2021-24371The Import feature of the RSVPMaker WordPress plugin before 8.7.3 (/wp-admin/tools.php?page=rsvpmaker_export_screen) takes an URL input and calls curl on it, without first validating it to ensure it's a remote one. As a result, a high privilege user could use that feature to scan the internal network via a SSRF attack.2.7https://nvd.nist.gov/vuln/detail/CVE-2021-24371
CVE-2023-5159Mattermost fails to properly verify the permissions when managing/updating a bot allowing a User Manager role with user edit permissions to manage/update bots.\n\n2.7https://nvd.nist.gov/vuln/detail/CVE-2023-5159
CVE-2023-5193Mattermost fails to properly check permissions when retrieving a post allowing for a System Role with the permission to manage channels to read the posts of a DM conversation.\n\n2.7https://nvd.nist.gov/vuln/detail/CVE-2023-5193
CVE-2023-0195NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer driver nvlddmkm.sys, where an can cause CWE-1284,\nwhich may lead to hypothetical Information leak of unimportant data such as local variable data of the driver2.4https://nvd.nist.gov/vuln/detail/CVE-2023-0195
CVE-2010-1623Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.https://nvd.nist.gov/vuln/detail/CVE-2010-1623
CVE-2013-1315Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013; Office Web Apps 2010; Excel 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."https://nvd.nist.gov/vuln/detail/CVE-2013-1315
CVE-2014-1737The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device.https://nvd.nist.gov/vuln/detail/CVE-2014-1737
CVE-2014-3153The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.https://nvd.nist.gov/vuln/detail/CVE-2014-3153
CVE-2014-3534arch/s390/kernel/ptrace.c in the Linux kernel before 3.15.8 on the s390 platform does not properly restrict address-space control operations in PTRACE_POKEUSR_AREA requests, which allows local users to obtain read and write access to kernel memory locations, and consequently gain privileges, via a crafted application that makes a ptrace system call.https://nvd.nist.gov/vuln/detail/CVE-2014-3534
CVE-2014-2648Unspecified vulnerability in HP Operations Manager 9.10 and 9.11 on UNIX allows remote attackers to execute arbitrary code via unknown vectors.https://nvd.nist.gov/vuln/detail/CVE-2014-2648
CVE-2014-8587SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors.https://nvd.nist.gov/vuln/detail/CVE-2014-8587
CVE-2015-0063Microsoft Excel 2007 SP3; the proofing tools in Office 2010 SP2; Excel 2010 SP2; Excel 2013 Gold, SP1, and RT; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Excel Remote Code Execution Vulnerability."https://nvd.nist.gov/vuln/detail/CVE-2015-0063
CVE-2022-21813NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel driver, where improper handling of insufficient permissions or privileges may allow an unprivileged local user limited write access to protected memory, which can lead to denial of service.https://nvd.nist.gov/vuln/detail/CVE-2022-21813
CVE-2022-21814NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel driver package, where improper handling of insufficient permissions or privileges may allow an unprivileged local user limited write access to protected memory, which can lead to denial of service.https://nvd.nist.gov/vuln/detail/CVE-2022-21814
CVE-2022-28181NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user on the network can cause an out-of-bounds write through a specially crafted shader, which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. The scope of the impact may extend to other components.https://nvd.nist.gov/vuln/detail/CVE-2022-28181
CVE-2023-36845A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series \n\nand SRX Series \n\nallows an unauthenticated, network-based attacker to remotely execute code.\n\nUsing a crafted request which sets the variable PHPRC an attacker is able to modify the PHP execution environment allowing the injection und execution of code.\n\n\nThis issue affects Juniper Networks Junos OS on EX Series\n\n\nand \n\n\nSRX Series:\n\n\n\n * All versions prior to \n\n20.4R3-S9;\n * 21.1 versions 21.1R1 and later;\n * 21.2 versions prior to 21.2R3-S7;\n * 21.3 versions prior to 21.3R3-S5;\n * 21.4 versions prior to 21.4R3-S5;\n * 22.1 versions \n\nprior to \n\n22.1R3-S4;\n * 22.2 versions \n\nprior to \n\n22.2R3-S2;\n * 22.3 versions \n\nprior to \n\n22.3R2-S2, 22.3R3-S1;\n * 22.4 versions \n\nprior to \n\n22.4R2-S1, 22.4R3;\n * 23.2 versions prior to 23.2R1-S1, 23.2R2.\n\n\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-36845
CVE-2023-36846A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.\n\n\n\nWith a specific request to user.php that doesn't require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of \n\nintegrity\n\nfor a certain \n\npart of the file system, which may allow chaining to other vulnerabilities.\n\n\nThis issue affects Juniper Networks Junos OS on SRX Series:\n\n\n\n * All versions prior to 20.4R3-S8;\n * 21.1 versions 21.1R1 and later;\n * 21.2 versions prior to 21.2R3-S6;\n * 21.3 versions \n\nprior to \n\n 21.3R3-S5;\n * 21.4 versions \n\nprior to \n\n21.4R3-S5;\n * 22.1 versions \n\nprior to \n\n22.1R3-S3;\n * 22.2 versions \n\nprior to \n\n22.2R3-S2;\n * 22.3 versions \n\nprior to \n\n22.3R2-S2, 22.3R3;\n * 22.4 versions \n\nprior to \n\n22.4R2-S1, 22.4R3.\n\n\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-36846
CVE-2023-36847A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.\n\n\n\n\n\nWith a specific request to installAppPackage.php that doesn't require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of \n\nintegrity\n\nfor a certain \n\npart of the file system, which may allow chaining to other vulnerabilities.\n\n\nThis issue affects Juniper Networks Junos OS on EX Series:\n\n\n\n * All versions prior to 20.4R3-S8;\n * 21.1 versions 21.1R1 and later;\n * 21.2 versions prior to 21.2R3-S6;\n * 21.3 versions \n\nprior to \n\n 21.3R3-S5;\n * 21.4 versions \n\nprior to \n\n21.4R3-S4;\n * 22.1 versions \n\nprior to \n\n22.1R3-S3;\n * 22.2 versions \n\nprior to \n\n22.2R3-S1;\n * 22.3 versions \n\nprior to \n\n22.3R2-S2, 22.3R3;\n * 22.4 versions \n\nprior to \n\n22.4R2-S1, 22.4R3.\n\n\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-36847
CVE-2023-44216PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification, aka a GPU.zip issue. For example, attackers can sometimes accurately determine text contained on a web page from one origin if they control a resource from a different origin.https://nvd.nist.gov/vuln/detail/CVE-2023-44216
CVE-2023-5221A vulnerability classified as critical has been found in ForU CMS. This affects an unknown part of the file /install/index.php. The manipulation of the argument db_name leads to code injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-240363. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.https://nvd.nist.gov/vuln/detail/CVE-2023-5221
CVE-2023-5222A vulnerability classified as critical was found in Viessmann Vitogate 300 up to 2.1.3.0. This vulnerability affects the function isValidUser of the file /cgi-bin/vitogate.cgi of the component Web Management Interface. The manipulation leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240364. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.https://nvd.nist.gov/vuln/detail/CVE-2023-5222
CVE-2023-20109A vulnerability in the Cisco Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute arbitrary code on an affected device or cause the device to crash.\r\n\r This vulnerability is due to insufficient validation of attributes in the Group Domain of Interpretation (GDOI) and G-IKEv2 protocols of the GET VPN feature. An attacker could exploit this vulnerability by either compromising an installed key server or modifying the configuration of a group member to point to a key server that is controlled by the attacker. A successful exploit could allow the attacker to execute arbitrary code and gain full control of the affected system or cause the affected system to reload, resulting in a denial of service (DoS) condition. For more information, see the Details ["#details"] section of this advisory.https://nvd.nist.gov/vuln/detail/CVE-2023-20109
CVE-2023-20179A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to inject HTML content.\r\n\r This vulnerability is due to improper validation of user-supplied data in element fields. An attacker could exploit this vulnerability by submitting malicious content within requests and persuading a user to view a page that contains injected content. A successful exploit could allow the attacker to modify pages within the web-based management interface, possibly leading to further browser-based attacks against users of the application.https://nvd.nist.gov/vuln/detail/CVE-2023-20179
CVE-2023-20186A vulnerability in the Authentication, Authorization, and Accounting (AAA) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to bypass command authorization and copy files to or from the file system of an affected device using the Secure Copy Protocol (SCP).\r\n\r This vulnerability is due to incorrect processing of SCP commands in AAA command authorization checks. An attacker with valid credentials and level 15 privileges could exploit this vulnerability by using SCP to connect to an affected device from an external machine. A successful exploit could allow the attacker to obtain or change the configuration of the affected device and put files on or retrieve files from the affected device.https://nvd.nist.gov/vuln/detail/CVE-2023-20186
CVE-2023-20187A vulnerability in the Multicast Leaf Recycle Elimination (mLRE) feature of Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. \r\n\r This vulnerability is due to incorrect handling of certain IPv6 multicast packets when they are fanned out more than seven times on an affected device. An attacker could exploit this vulnerability by sending a specific IPv6 multicast or IPv6 multicast VPN (MVPNv6) packet through the affected device. A successful exploit could allow the attacker to cause a reload of the affected device, resulting in a DoS condition.https://nvd.nist.gov/vuln/detail/CVE-2023-20187
CVE-2023-20202A vulnerability in the Wireless Network Control daemon (wncd) of Cisco IOS XE Software for Wireless LAN Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition.\r\n\r This vulnerability is due to improper memory management. An attacker could exploit this vulnerability by sending a series of network requests to an affected device. A successful exploit could allow the attacker to cause the wncd process to consume available memory and eventually cause the device to reload, resulting in a DoS condition.https://nvd.nist.gov/vuln/detail/CVE-2023-20202
CVE-2023-20226A vulnerability in Application Quality of Experience (AppQoE) and Unified Threat Defense (UTD) on Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition.\r\n\r This vulnerability is due to the mishandling of a crafted packet stream through the AppQoE or UTD application. An attacker could exploit this vulnerability by sending a crafted packet stream through an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.https://nvd.nist.gov/vuln/detail/CVE-2023-20226
CVE-2023-20227A vulnerability in the Layer 2 Tunneling Protocol (L2TP) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r This vulnerability is due to improper handling of certain L2TP packets. An attacker could exploit this vulnerability by sending crafted L2TP packets to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition.\r\n\r Note: Only traffic directed to the affected system can be used to exploit this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-20227
CVE-2023-20231A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device.\r\n\r This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to execute arbitrary Cisco IOS XE Software CLI commands with level 15 privileges.\r\n\r Note: This vulnerability is exploitable only if the attacker obtains the credentials for a Lobby Ambassador account. This account is not configured by default.https://nvd.nist.gov/vuln/detail/CVE-2023-20231
CVE-2023-20251A vulnerability in the memory buffer of Cisco Wireless LAN Controller (WLC) AireOS Software could allow an unauthenticated, adjacent attacker to cause memory leaks that could eventually lead to a device reboot.\r\n\r This vulnerability is due to memory leaks caused by multiple clients connecting under specific conditions. An attacker could exploit this vulnerability by causing multiple wireless clients to attempt to connect to an access point (AP) on an affected device. A successful exploit could allow the attacker to cause the affected device to reboot after a significant amount of time, resulting in a denial of service (DoS) condition.https://nvd.nist.gov/vuln/detail/CVE-2023-20251
CVE-2023-20252A vulnerability in the Security Assertion Markup Language (SAML) APIs of Cisco Catalyst SD-WAN Manager Software could allow an unauthenticated, remote attacker to gain unauthorized access to the application as an arbitrary user.\r\n\r This vulnerability is due to improper authentication checks for SAML APIs. An attacker could exploit this vulnerability by sending requests directly to the SAML API. A successful exploit could allow the attacker to generate an authorization token sufficient to gain access to the application.https://nvd.nist.gov/vuln/detail/CVE-2023-20252
CVE-2023-20268A vulnerability in the packet processing functionality of Cisco access point (AP) software could allow an unauthenticated, adjacent attacker to exhaust resources on an affected device.\r\n\r This vulnerability is due to insufficient management of resources when handling certain types of traffic. An attacker could exploit this vulnerability by sending a series of specific wireless packets to an affected device. A successful exploit could allow the attacker to consume resources on an affected device. A sustained attack could lead to the disruption of the Control and Provisioning of Wireless Access Points (CAPWAP) tunnel and intermittent loss of wireless client traffic.https://nvd.nist.gov/vuln/detail/CVE-2023-20268
CVE-2023-43656matrix-hookshot is a Matrix bot for connecting to external services like GitHub, GitLab, JIRA, and more. Instances that have enabled transformation functions (those that have `generic.allowJsTransformationFunctions` in their config), may be vulnerable to an attack where it is possible to break out of the `vm2` sandbox and as a result Hookshot will be vulnerable to this. This problem is only likely to affect users who have allowed untrusted users to apply their own transformation functions. If you have only enabled a limited set of trusted users, this threat is reduced (though not eliminated). Version 4.5.0 and above of hookshot include a new sandbox library which should better protect users. Users are advised to upgrade. Users unable to upgrade should disable `generic.allowJsTransformationFunctions` in the config.https://nvd.nist.gov/vuln/detail/CVE-2023-43656
CVE-2023-43320An issue in Proxmox Server Solutions GmbH Proxmox VE v.5.4 thru v.8.0, Proxmox Backup Server v.1.1 thru v.3.0, and Proxmox Mail Gateway v.7.1 thru v.8.0 allows a remote authenticated attacker to escalate privileges via bypassing the two-factor authentication component.https://nvd.nist.gov/vuln/detail/CVE-2023-43320
CVE-2023-5215A flaw was found in libnbd. A server can reply with a block size larger than 2^63 (the NBD spec states the size is a 64-bit unsigned value). This issue could lead to an application crash or other unintended behavior for NBD clients that doesn't treat the return value of the nbd_get_size() function correctly.https://nvd.nist.gov/vuln/detail/CVE-2023-5215
CVE-2023-5256In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation.\n\nThis vulnerability only affects sites with the JSON:API module enabled, and can be mitigated by uninstalling JSON:API.\n\nThe core REST and contributed GraphQL modules are not affected.\n\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-5256
CVE-2023-43662ShokoServer is a media server which specializes in organizing anime. In affected versions the `/api/Image/WithPath` endpoint is accessible without authentication and is supposed to return default server images. The endpoint accepts the parameter `serverImagePath`, which is not sanitized in any way before being passed to `System.IO.File.OpenRead`, which results in an arbitrary file read. This issue may lead to an arbitrary file read which is exacerbated in the windows installer which installs the ShokoServer as administrator. Any unauthenticated attacker may be able to access sensitive information and read files stored on the server. The `/api/Image/WithPath` endpoint has been removed in commit `6c57ba0f0` which will be included in subsequent releases. Users should limit access to the `/api/Image/WithPath` endpoint or manually patch their installations until a patched release is made. This issue was discovered by the GitHub Security lab and is also indexed as GHSL-2023-191.https://nvd.nist.gov/vuln/detail/CVE-2023-43662
CVE-2023-5257A vulnerability was found in WhiteHSBG JNDIExploit 1.4 on Windows. It has been rated as problematic. Affected by this issue is the function handleFileRequest of the file src/main/java/com/feihong/ldap/HTTPServer.java. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. VDB-240866 is the identifier assigned to this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-5257
CVE-2023-5258A vulnerability classified as critical has been found in OpenRapid RapidCMS 1.3.1. This affects an unknown part of the file /resource/addgood.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240867.https://nvd.nist.gov/vuln/detail/CVE-2023-5258
CVE-2023-5262A vulnerability has been found in OpenRapid RapidCMS 1.3.1 and classified as critical. Affected by this vulnerability is the function isImg of the file /admin/config/uploadicon.php. The manipulation of the argument fileName leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240871.https://nvd.nist.gov/vuln/detail/CVE-2023-5262
CVE-2023-5263A vulnerability was found in ZZZCMS 2.1.7 and classified as critical. Affected by this issue is the function restore of the file /admin/save.php of the component Database Backup File Handler. The manipulation leads to permission issues. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240872.https://nvd.nist.gov/vuln/detail/CVE-2023-5263
CVE-2023-5264A vulnerability classified as critical was found in huakecms 3.0. Affected by this vulnerability is an unknown functionality of the file /admin/cms_content.php. The manipulation of the argument cid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240877 was assigned to this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-5264
CVE-2023-5266A vulnerability, which was classified as critical, was found in DedeBIZ 6.2. This affects an unknown part of the file /src/admin/tags_main.php. The manipulation of the argument ids leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240879.https://nvd.nist.gov/vuln/detail/CVE-2023-5266
CVE-2023-5268A vulnerability was found in DedeBIZ 6.2 and classified as critical. This issue affects some unknown processing of the file /src/admin/makehtml_taglist_action.php. The manipulation of the argument mktime leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240881 was assigned to this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-5268
CVE-2023-3024Forcing the Bluetooth LE stack to segment 'prepare write response' packets can lead to an out-of-bounds memory access.https://nvd.nist.gov/vuln/detail/CVE-2023-3024
CVE-2023-26218The Web Client component of TIBCO Software Inc.'s TIBCO Nimbus contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker to social engineer a legitimate user with network access to execute scripts targeting the affected system or the victim's local system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Nimbus: versions 10.6.0 and below.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-26218
CVE-2023-43655Composer is a dependency manager for PHP. Users publishing a composer.phar to a public web-accessible server where the composer.phar can be executed as a php file may be subject to a remote code execution vulnerability if PHP also has `register_argc_argv` enabled in php.ini. Versions 2.6.4, 2.2.22 and 1.10.27 patch this vulnerability. Users are advised to upgrade. Users unable to upgrade should make sure `register_argc_argv` is disabled in php.ini, and avoid publishing composer.phar to the web as this is not best practice.\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-43655
CVE-2022-35908Cambium Enterprise Wi-Fi System Software before 6.4.2 does not sanitize the ping host argument in device-agent.https://nvd.nist.gov/vuln/detail/CVE-2022-35908
CVE-2023-44270An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets (CSS). There may be \\r discrepancies, as demonstrated by @font-face{ font:(\\r/*);} in a rule.https://nvd.nist.gov/vuln/detail/CVE-2023-44270
CVE-2023-5296A vulnerability was found in Xinhu RockOA 1.1/2.3.2/15.X3amdi and classified as problematic. Affected by this issue is some unknown functionality of the file api.php?m=reimplat&a=index of the component Password Handler. The manipulation leads to weak password recovery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-240926 is the identifier assigned to this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-5296
CVE-2023-5297A vulnerability was found in Xinhu RockOA 2.3.2. It has been classified as problematic. This affects the function start of the file task.php?m=sys|runt&a=beifen. The manipulation leads to exposure of backup file to an unauthorized control sphere. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240927.https://nvd.nist.gov/vuln/detail/CVE-2023-5297
CVE-2023-5207A vulnerability was discovered in GitLab CE and EE affecting all versions starting 16.0 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. An authenticated attacker could perform arbitrary pipeline execution under the context of another user.https://nvd.nist.gov/vuln/detail/CVE-2023-5207
CVE-2023-4211A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-4211
CVE-2023-5324A vulnerability has been found in eeroOS up to 6.16.4-11 and classified as critical. This vulnerability affects unknown code of the component Ethernet Interface. The manipulation leads to denial of service. The attack needs to be approached within the local network. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-241024.https://nvd.nist.gov/vuln/detail/CVE-2023-5324
CVE-2023-5326A vulnerability was found in SATO CL4NX-J Plus 1.13.2-u455_r2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component WebConfig. The manipulation leads to improper authentication. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-241027.https://nvd.nist.gov/vuln/detail/CVE-2023-5326
CVE-2023-5327A vulnerability was found in SATO CL4NX-J Plus 1.13.2-u455_r2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /rest/dir/. The manipulation of the argument full leads to path traversal. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-241028.https://nvd.nist.gov/vuln/detail/CVE-2023-5327
CVE-2023-5328A vulnerability classified as critical has been found in SATO CL4NX-J Plus 1.13.2-u455_r2. This affects an unknown part of the component Cookie Handler. The manipulation with the input auth=user,level1,settings; web=true leads to improper authentication. Access to the local network is required for this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-241029 was assigned to this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-5328
CVE-2023-41800Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in UniConsent UniConsent CMP for GDPR CPRA GPP TCF plugin <= 1.4.2 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-41800
CVE-2023-41847Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WEN Solutions Notice Bar plugin <= 3.1.0 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-41847
CVE-2023-41855Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Regpacks Regpack plugin <= 0.1 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-41855
CVE-2023-41856Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ClickToTweet.Com Click To Tweet plugin <= 2.0.14 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-41856
CVE-2023-41859Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ashok Rane Order Delivery Date for WP e-Commerce plugin <= 1.2 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-41859
CVE-2023-44244Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FooPlugins FooGallery plugin <= 2.2.44 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-44244
CVE-2023-44474Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in MD Jakir Hosen Tiger Forms – Drag and Drop Form Builder plugin <= 2.0.0 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-44474
CVE-2023-44479Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jim Krill WP Jump Menu plugin <= 3.6.4 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-44479
CVE-2023-44144Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Dreamfox Payment gateway per Product for WooCommerce plugin <= 3.2.7 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-44144
CVE-2023-44145Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in jesweb.Dev Anchor Episodes Index (Spotify for Podcasters) plugin <= 2.1.7 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-44145
CVE-2023-44239Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jobin Jose WWM Social Share On Image Hover plugin <= 2.2 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-44239
CVE-2023-44245Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Leap Contractor Contact Form Website to Workflow Tool plugin <= 4.0.0 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-44245
CVE-2023-44262Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Renzo Johnson Blocks plugin <= 1.6.41 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-44262
CVE-2023-44263Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Riyaz Social Metrics plugin <= 2.2 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-44263
CVE-2023-3768Incorrect data input validation vulnerability, which could allow an attacker with access to the network to implement fuzzing techniques that would allow him to gain knowledge about specially crafted packets that would create a DoS condition through the MMS protocol when initiating communication, achieving a complete system reboot of the device and its services.https://nvd.nist.gov/vuln/detail/CVE-2023-3768
CVE-2023-44228Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Onclick show popup plugin <= 8.1 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-44228
CVE-2023-44230Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Popup contact form plugin <= 7.1 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-44230
CVE-2023-5160Mattermost fails to check the Show Full Name option at the /api/v4/teams/TEAM_ID/top/team_members endpoint allowing a member to get the full name of another user even if the Show Full Name option was disabled\n\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-5160
CVE-2023-5106An issue has been discovered in Ultimate-licensed GitLab EE affecting all versions starting 13.12 prior to 16.2.8, 16.3.0 prior to 16.3.5, and 16.4.0 prior to 16.4.1 that could allow an attacker to impersonate users in CI pipelines through direct transfer group imports.https://nvd.nist.gov/vuln/detail/CVE-2023-5106
CVE-2023-41580Phpipam before v1.5.2 was discovered to contain a LDAP injection vulnerability via the dname parameter at /users/ad-search-result.php. This vulnerability allows attackers to enumerate arbitrary fields in the LDAP server and access sensitive data via a crafted POST request.https://nvd.nist.gov/vuln/detail/CVE-2023-41580
CVE-2015-10124A vulnerability was found in Most Popular Posts Widget Plugin up to 0.8 on WordPress. It has been classified as critical. Affected is the function add_views/show_views of the file functions.php. The manipulation leads to sql injection. It is possible to launch the attack remotely. Upgrading to version 0.9 is able to address this issue. The patch is identified as a99667d11ac8d320006909387b100e9a8b5c12e1. It is recommended to upgrade the affected component. VDB-241026 is the identifier assigned to this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2015-10124
CVE-2023-3744Server-Side Request Forgery vulnerability in SLims version 9.6.0. This vulnerability could allow an authenticated attacker to send requests to internal services or upload the contents of relevant files via the "scrape_image.php" file in the imageURL parameter.https://nvd.nist.gov/vuln/detail/CVE-2023-3744
CVE-2023-3769Incorrect data input validation vulnerability, which could allow an attacker with access to the network to implement fuzzing techniques that would allow him to gain knowledge about specially crafted packets that would create a DoS condition through the MMS protocol when initiating communication, achieving a complete system reboot of the device and its services.https://nvd.nist.gov/vuln/detail/CVE-2023-3769
CVE-2023-3770\n Incorrect validation vulnerability of the data entered, allowing an attacker with access to the network on which the affected device is located to use the discovery port protocol (1925/UDP) to obtain device-specific information without the need for authentication.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-3770
CVE-2023-4659Cross-Site Request Forgery vulnerability, whose exploitation could allow an attacker to perform different actions on the platform as an administrator, simply by changing the token value to "admin". It is also possible to perform POST, GET and DELETE requests without any token value. Therefore, an unprivileged remote user is able to create, delete and modify users within theapplication.https://nvd.nist.gov/vuln/detail/CVE-2023-4659
CVE-2023-0809In Mosquitto before 2.0.16, excessive memory is allocated based on malicious initial packets that are not CONNECT packets.https://nvd.nist.gov/vuln/detail/CVE-2023-0809
CVE-2023-37605Buffer Overflow vulnerability in baramundi software GmbH EMM Agent 23.1.50 and before allows an attacker to cause a denial of service via a crafted request to the password parameter.https://nvd.nist.gov/vuln/detail/CVE-2023-37605
CVE-2023-3592In Mosquitto before 2.0.16, a memory leak occurs when clients send v5 CONNECT packets with a will message that contains invalid property types.\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-3592
CVE-2023-43835Super Store Finder 3.7 and below is vulnerable to authenticated Arbitrary PHP Code Injection that could lead to Remote Code Execution when settings overwrite config.inc.php content.https://nvd.nist.gov/vuln/detail/CVE-2023-43835
CVE-2023-43890Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the diagnostic tools page. This vulnerability is exploited via a crafted HTTP request.https://nvd.nist.gov/vuln/detail/CVE-2023-43890
CVE-2023-44463An issue was discovered in pretix before 2023.7.1. Incorrect parsing of configuration files causes the application to trust unchecked X-Forwarded-For headers even though it has not been configured to do so. This can lead to IP address spoofing by users of the application.https://nvd.nist.gov/vuln/detail/CVE-2023-44463
CVE-2023-5344Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969.https://nvd.nist.gov/vuln/detail/CVE-2023-5344
CVE-2023-43267A cross-site scripting (XSS) vulnerability in the publish article function of emlog pro v2.1.14 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title field.https://nvd.nist.gov/vuln/detail/CVE-2023-43267
CVE-2023-43268Deyue Remote Vehicle Management System v1.1 was discovered to contain a deserialization vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-43268
CVE-2023-43297An issue in animal-art-lab v13.6.1 allows attackers to send crafted notifications via leakage of the channel access token.https://nvd.nist.gov/vuln/detail/CVE-2023-43297
CVE-2023-43361Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local attacker to execute arbitrary code and cause a denial of service during the conversion of wav files to ogg files.https://nvd.nist.gov/vuln/detail/CVE-2023-43361
CVE-2023-43836There is a SQL injection vulnerability in the Jizhicms 2.4.9 backend, which users can use to obtain database informationhttps://nvd.nist.gov/vuln/detail/CVE-2023-43836
CVE-2023-44008File Upload vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the File Manager function.https://nvd.nist.gov/vuln/detail/CVE-2023-44008
CVE-2023-44009File Upload vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the Skin Management function.https://nvd.nist.gov/vuln/detail/CVE-2023-44009
CVE-2023-43891Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the Changing Username and Password function. This vulnerability is exploited via a crafted payload.https://nvd.nist.gov/vuln/detail/CVE-2023-43891
CVE-2023-43892Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the Hostname parameter within the WAN settings. This vulnerability is exploited via a crafted payload.https://nvd.nist.gov/vuln/detail/CVE-2023-43892
CVE-2023-43893Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the wakeup_mac parameter in the Wake-On-LAN (WoL) function. This vulnerability is exploited via a crafted payload.https://nvd.nist.gov/vuln/detail/CVE-2023-43893
CVE-2023-44011An issue in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the layout.master skin file at the Skin management component.https://nvd.nist.gov/vuln/detail/CVE-2023-44011
CVE-2023-44012Cross Site Scripting vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the helpkey parameter in the Help.aspx component.https://nvd.nist.gov/vuln/detail/CVE-2023-44012
CVE-2023-28372A flaw exists in FlashBlade Purity (OE) Version 4.1.0 whereby a user with privileges to extend an object’s retention period can affect the availability of the object lock.\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-28372
CVE-2023-31042A flaw exists in FlashBlade Purity whereby an authenticated user with access to FlashBlade’s object store protocol can impact the availability of the system’s data access and replication protocols. \n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-31042
CVE-2023-36627A flaw exists in FlashBlade Purity whereby a user with access to an administrative account on a FlashBlade that is configured with timezone-dependent snapshot schedules can configure a timezone to prevent the schedule from functioning properly. \nhttps://nvd.nist.gov/vuln/detail/CVE-2023-36627
CVE-2023-43980Presto Changeo testsitecreator up to v1.1.1 was discovered to contain a SQL injection vulnerability via the component disable_json.php.https://nvd.nist.gov/vuln/detail/CVE-2023-43980
CVE-2023-28373A flaw exists in FlashArray Purity whereby an array administrator by configuring an external key manager can affect the availability of data on the system including snapshots protected by SafeMode. \nhttps://nvd.nist.gov/vuln/detail/CVE-2023-28373
CVE-2023-32572A flaw exists in FlashArray Purity wherein under limited circumstances, an array administrator can alter the retention lock of a pgroup and disable pgroup SafeMode protection. \nhttps://nvd.nist.gov/vuln/detail/CVE-2023-32572
CVE-2023-36628A flaw exists in VASA which allows users with access to a vSphere/ESXi VMware admin on a FlashArray to gain root access through privilege escalation.\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-36628
CVE-2023-39222OS command injection vulnerability in FURUNO SYSTEMS wireless LAN access point devices allows an authenticated user to execute an arbitrary OS command that is not intended to be executed from the web interface by sending a specially crafted request. Affected products and versions are as follows: ACERA 1320 firmware ver.01.26 and earlier, ACERA 1310 firmware ver.01.26 and earlier, ACERA 1210 firmware ver.02.36 and earlier, ACERA 1150i firmware ver.01.35 and earlier, ACERA 1150w firmware ver.01.35 and earlier, ACERA 1110 firmware ver.01.76 and earlier, ACERA 1020 firmware ver.01.86 and earlier, ACERA 1010 firmware ver.01.86 and earlier, ACERA 950 firmware ver.01.60 and earlier, ACERA 850F firmware ver.01.60 and earlier, ACERA 900 firmware ver.02.54 and earlier, ACERA 850M firmware ver.02.06 and earlier, ACERA 810 firmware ver.03.74 and earlier, and ACERA 800ST firmware ver.07.35 and earlier. They are affected when running in ST(Standalone) mode.https://nvd.nist.gov/vuln/detail/CVE-2023-39222
CVE-2023-39429Cross-site scripting vulnerability in FURUNO SYSTEMS wireless LAN access point devices allows an authenticated user to inject an arbitrary script via a crafted configuration. Affected products and versions are as follows: ACERA 1210 firmware ver.02.36 and earlier, ACERA 1150i firmware ver.01.35 and earlier, ACERA 1150w firmware ver.01.35 and earlier, ACERA 1110 firmware ver.01.76 and earlier, ACERA 1020 firmware ver.01.86 and earlier, ACERA 1010 firmware ver.01.86 and earlier, ACERA 950 firmware ver.01.60 and earlier, ACERA 850F firmware ver.01.60 and earlier, ACERA 900 firmware ver.02.54 and earlier, ACERA 850M firmware ver.02.06 and earlier, ACERA 810 firmware ver.03.74 and earlier, and ACERA 800ST firmware ver.07.35 and earlier. They are affected when running in ST(Standalone) mode.https://nvd.nist.gov/vuln/detail/CVE-2023-39429
CVE-2023-41086Cross-site request forgery (CSRF) vulnerability exists in FURUNO SYSTEMS wireless LAN access point devices. If a user views a malicious page while logged in, unintended operations may be performed. Affected products and versions are as follows: ACERA 1210 firmware ver.02.36 and earlier, ACERA 1150i firmware ver.01.35 and earlier, ACERA 1150w firmware ver.01.35 and earlier, ACERA 1110 firmware ver.01.76 and earlier, ACERA 1020 firmware ver.01.86 and earlier, ACERA 1010 firmware ver.01.86 and earlier, ACERA 950 firmware ver.01.60 and earlier, ACERA 850F firmware ver.01.60 and earlier, ACERA 900 firmware ver.02.54 and earlier, ACERA 850M firmware ver.02.06 and earlier, ACERA 810 firmware ver.03.74 and earlier, and ACERA 800ST firmware ver.07.35 and earlier. They are affected when running in ST(Standalone) mode.https://nvd.nist.gov/vuln/detail/CVE-2023-41086
CVE-2023-42771Authentication bypass vulnerability in ACERA 1320 firmware ver.01.26 and earlier, and ACERA 1310 firmware ver.01.26 and earlier allows a network-adjacent unauthenticated attacker who can access the affected product to download configuration files and/or log files, and upload configuration files and/or firmware. They are affected when running in ST(Standalone) mode.https://nvd.nist.gov/vuln/detail/CVE-2023-42771
CVE-2023-43627Path traversal vulnerability in ACERA 1320 firmware ver.01.26 and earlier, and ACERA 1310 firmware ver.01.26 and earlier allows a network-adjacent authenticated attacker to alter critical information such as system files by sending a specially crafted request. They are affected when running in ST(Standalone) mode.https://nvd.nist.gov/vuln/detail/CVE-2023-43627
CVE-2023-3335Insertion of Sensitive Information into Log File vulnerability in Hitachi Ops Center Administrator on Linux allows local users  to gain sensive information.This issue affects Hitachi Ops Center Administrator: before 10.9.3-00.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-3335
CVE-2023-3440Incorrect Default Permissions vulnerability in Hitachi JP1/Performance Management on Windows allows File Manipulation.This issue affects JP1/Performance Management - Manager: from 09-00 before 12-50-07; JP1/Performance Management - Base: from 09-00 through 10-50-*; JP1/Performance Management - Agent Option for Application Server: from 11-00 before 11-50-16; JP1/Performance Management - Agent Option for Enterprise Applications: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for HiRDB: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for IBM Lotus Domino: from 10-00 before 11-50-16; JP1/Performance Management - Agent Option for Microsoft(R) Exchange Server: from 09-00 before  12-00-14; JP1/Performance Management - Agent Option for Microsoft(R) Internet Information Server: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for Microsoft(R) SQL Server: from 09-00 before 12-50-07; JP1/Performance Management - Agent Option for Oracle: from 09-00 before  12-10-08; JP1/Performance Management - Agent Option for Platform: from 09-00 before 12-50-07; JP1/Performance Management - Agent Option for Service Response: from 09-00 before 11-50-16; JP1/Performance Management - Agent Option for Transaction System: from 11-00 before 12-00-14; JP1/Performance Management - Remote Monitor for Microsoft(R) SQL Server: from 09-00 before 12-50-07; JP1/Performance Management - Remote Monitor for Oracle: from 09-00 before 12-10-08; JP1/Performance Management - Remote Monitor for Platform: from 09-00 before 12-10-08; JP1/Performance Management - Remote Monitor for Virtual Machine: from 10-00 before 12-50-07; JP1/Performance Management - Agent Option for Domino: from 09-00 through 09-00-*; JP1/Performance Management - Agent Option for IBM WebSphere Application Server: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for IBM WebSphere MQ: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for JP1/AJS3: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for OpenTP1: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for Oracle WebLogic Server: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for uCosminexus Application Server: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for Virtual Machine: from 09-00 through 09-01-*.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-3440
CVE-2023-3967Allocation of Resources Without Limits or Throttling vulnerability in Hitachi Ops Center Common Services on Linux allows DoS.This issue affects Hitachi Ops Center Common Services: before 10.9.3-00.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-3967
CVE-2023-5345A use-after-free vulnerability in the Linux kernel's fs/smb/client component can be exploited to achieve local privilege escalation.\n\nIn case of an error in smb3_fs_context_parse_param, ctx->password was freed but the field was not set to NULL which could lead to double free.\n\nWe recommend upgrading past commit e6e43b8aa7cd3c3af686caf0c2e11819a886d705.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-5345
CVE-2023-26150Versions of the package asyncua before 0.9.96 are vulnerable to Improper Authentication such that it is possible to access Address Space without encryption and authentication.\r\r**Note:**\r\rThis issue is a result of missing checks for services that require an active session.https://nvd.nist.gov/vuln/detail/CVE-2023-26150
CVE-2023-26151Versions of the package asyncua before 0.9.96 are vulnerable to Denial of Service (DoS) such that an attacker can send a malformed packet and as a result, the server will enter into an infinite loop and consume excessive memory.https://nvd.nist.gov/vuln/detail/CVE-2023-26151
CVE-2023-26152All versions of the package static-server are vulnerable to Directory Traversal due to improper input sanitization passed via the validPath function of server.js.https://nvd.nist.gov/vuln/detail/CVE-2023-26152
CVE-2023-21673Improper Access to the VM resource manager can lead to Memory Corruption.https://nvd.nist.gov/vuln/detail/CVE-2023-21673
CVE-2023-22382Weak configuration in Automotive while VM is processing a listener request from TEE.https://nvd.nist.gov/vuln/detail/CVE-2023-22382
CVE-2023-22384Memory Corruption in VR Service while sending data using Fast Message Queue (FMQ).https://nvd.nist.gov/vuln/detail/CVE-2023-22384
CVE-2023-22385Memory Corruption in Data Modem while making a MO call or MT VOLTE call.https://nvd.nist.gov/vuln/detail/CVE-2023-22385
CVE-2023-24843Transient DOS in Modem while triggering a camping on an 5G cell.https://nvd.nist.gov/vuln/detail/CVE-2023-24843
CVE-2023-24844Memory Corruption in Core while invoking a call to Access Control core library with hardware protected address range.https://nvd.nist.gov/vuln/detail/CVE-2023-24844
CVE-2023-24847Transient DOS in Modem while allocating DSM items.https://nvd.nist.gov/vuln/detail/CVE-2023-24847
CVE-2023-24848Information Disclosure in Data Modem while performing a VoLTE call with an undefined RTCP FB line value.https://nvd.nist.gov/vuln/detail/CVE-2023-24848
CVE-2023-24849Information Disclosure in data Modem while parsing an FMTP line in an SDP message.https://nvd.nist.gov/vuln/detail/CVE-2023-24849
CVE-2023-24850Memory Corruption in HLOS while importing a cryptographic key into KeyMaster Trusted Application.https://nvd.nist.gov/vuln/detail/CVE-2023-24850
CVE-2023-24853Memory Corruption in HLOS while registering for key provisioning notify.https://nvd.nist.gov/vuln/detail/CVE-2023-24853
CVE-2023-24855Memory corruption in Modem while processing security related configuration before AS Security Exchange.https://nvd.nist.gov/vuln/detail/CVE-2023-24855
CVE-2023-28539Memory corruption in WLAN Host when the firmware invokes multiple WMI Service Available command.https://nvd.nist.gov/vuln/detail/CVE-2023-28539
CVE-2023-28540Cryptographic issue in Data Modem due to improper authentication during TLS handshake.https://nvd.nist.gov/vuln/detail/CVE-2023-28540
CVE-2023-28571Information disclosure in WLAN HOST while processing the WLAN scan descriptor list during roaming scan.https://nvd.nist.gov/vuln/detail/CVE-2023-28571
CVE-2023-33026Transient DOS in WLAN Firmware while parsing a NAN management frame.https://nvd.nist.gov/vuln/detail/CVE-2023-33026
CVE-2023-33027Transient DOS in WLAN Firmware while parsing rsn ies.https://nvd.nist.gov/vuln/detail/CVE-2023-33027
CVE-2023-33028Memory corruption in WLAN Firmware while doing a memory copy of pmk cache.https://nvd.nist.gov/vuln/detail/CVE-2023-33028
CVE-2023-33029Memory corruption in DSP Service during a remote call from HLOS to DSP.https://nvd.nist.gov/vuln/detail/CVE-2023-33029
CVE-2023-33034Memory corruption while parsing the ADSP response command.https://nvd.nist.gov/vuln/detail/CVE-2023-33034
CVE-2023-33035Memory corruption while invoking callback function of AFE from ADSP.https://nvd.nist.gov/vuln/detail/CVE-2023-33035
CVE-2023-33039Memory corruption in Automotive Display while destroying the image handle created using connected display driver.https://nvd.nist.gov/vuln/detail/CVE-2023-33039
CVE-2023-3655cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to 03.A06rks 2023.02.37 are affected by a dangerous methods, that allows to leak the database (system settings, user accounts,...). This vulnerability can be triggered by an HTTP endpoint exposed to the network.\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-3655
CVE-2023-3656cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to 03.A06rks 2023.02.37 are affected by an unauthenticated remote code execution vulnerability. This vulnerability can be triggered by an HTTP endpoint exposed to the network.https://nvd.nist.gov/vuln/detail/CVE-2023-3656
CVE-2023-44217\nA local privilege escalation vulnerability in SonicWall Net Extender MSI client for Windows 10.2.336 and earlier versions allows a local low-privileged user to gain system privileges through running repair functionality.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-44217
CVE-2023-44218\nA flaw within the SonicWall NetExtender Pre-Logon feature enables an unauthorized user to gain access to the host Windows operating system with 'SYSTEM' level privileges, leading to a local privilege escalation (LPE) vulnerability.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-44218
CVE-2023-3654cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to 03.A06rks 2023.02.37 are affected by a origin bypass via the host header in an HTTP request. This vulnerability can be triggered by an HTTP endpoint exposed to the network.\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-3654
CVE-2023-37891Cross-Site Request Forgery (CSRF) vulnerability in OptiMonk OptiMonk: Popups, Personalization & A/B Testing plugin <= 2.0.4 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-37891
CVE-2023-37991Cross-Site Request Forgery (CSRF) vulnerability in Monchito.Net WP Emoji One plugin <= 0.6.0 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-37991
CVE-2023-37992Cross-Site Request Forgery (CSRF) vulnerability in PressPage Entertainment Inc. Smarty for WordPress plugin <= 3.1.35 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-37992
CVE-2023-37996Cross-Site Request Forgery (CSRF) vulnerability in GTmetrix GTmetrix for WordPress plugin <= 0.4.7 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-37996
CVE-2023-37998Cross-Site Request Forgery (CSRF) vulnerability in Saas Disabler plugin <= 3.0.3 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-37998
CVE-2023-38381Cross-Site Request Forgery (CSRF) vulnerability in Cyle Conoly WP-FlyBox plugin <= 6.46 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-38381
CVE-2022-46841Cross-Site Request Forgery (CSRF) vulnerability in Soflyy Oxygen Builder plugin <= 4.4 versions.https://nvd.nist.gov/vuln/detail/CVE-2022-46841
CVE-2023-0828Cross-site Scripting (XSS) vulnerability in Syslog Section of Pandora FMS allows attacker to cause that users cookie value will be transferred to the attackers users server. This issue affects Pandora FMS v767 version and prior versions on all platforms.https://nvd.nist.gov/vuln/detail/CVE-2023-0828
CVE-2023-24518A Cross-site Request Forgery (CSRF) vulnerability in Pandora FMS allows an attacker to force authenticated users to send a request to a web application they are currently authenticated against. This issue affects Pandora FMS version 767 and earlier versions on all platforms.https://nvd.nist.gov/vuln/detail/CVE-2023-24518
CVE-2023-25463Cross-Site Request Forgery (CSRF) vulnerability in Gopi Ramasamy WP tell a friend popup form plugin <= 7.1 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-25463
CVE-2023-37990Cross-Site Request Forgery (CSRF) vulnerability in Mike Perelink Pro plugin <= 2.1.4 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-37990
CVE-2023-38390Cross-Site Request Forgery (CSRF) vulnerability in Anshul Labs Mobile Address Bar Changer plugin <= 3.0 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-38390
CVE-2023-38396Cross-Site Request Forgery (CSRF) vulnerability in Alain Gonzalez plugin <= 3.1.2 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-38396
CVE-2023-38398Cross-Site Request Forgery (CSRF) vulnerability in Taboola plugin <= 2.0.1 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-38398
CVE-2023-4097The file upload functionality is not implemented correctly and allows uploading of any type of file. As a prerequisite, it is necessary for the attacker to log into the application with a valid username.https://nvd.nist.gov/vuln/detail/CVE-2023-4097
CVE-2022-47891All versions of NetMan 204 allow an attacker that knows the MAC and serial number of the device to reset the administrator password via the legitimate recovery function.https://nvd.nist.gov/vuln/detail/CVE-2022-47891
CVE-2022-47892All versions of NetMan 204 could allow an unauthenticated remote attacker to read a file (config.cgi) containing sensitive information, like credentials.https://nvd.nist.gov/vuln/detail/CVE-2022-47892
CVE-2022-47893There is a remote code execution vulnerability that affects all versions of NetMan 204. A remote attacker could upload a firmware file containing a webshell, that could allow him to execute arbitrary code as root.https://nvd.nist.gov/vuln/detail/CVE-2022-47893
CVE-2023-25989Cross-Site Request Forgery (CSRF) vulnerability in Meks Video Importer, Meks Time Ago, Meks ThemeForest Smart Widget, Meks Smart Author Widget, Meks Audio Player, Meks Easy Maps, Meks Easy Photo Feed Widget, Meks Simple Flickr Widget, Meks Easy Ads Widget, Meks Smart Social Widget plugins leading to dismiss or the popup.https://nvd.nist.gov/vuln/detail/CVE-2023-25989
CVE-2023-2830Cross-Site Request Forgery (CSRF) vulnerability in Trustindex.Io WP Testimonials plugin <= 1.4.2 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-2830
CVE-2023-39165Cross-Site Request Forgery (CSRF) vulnerability in Fetch Designs Sign-up Sheets plugin <= 2.2.8 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-39165
CVE-2023-39917Cross-Site Request Forgery (CSRF) vulnerability in Photo Gallery Team Photo Gallery by Ays – Responsive Image Gallery plugin <= 5.2.6 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-39917
CVE-2023-39923Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme The Post Grid plugin <= 7.2.7 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-39923
CVE-2023-39989Cross-Site Request Forgery (CSRF) vulnerability in 99robots Header Footer Code Manager plugin <= 1.1.34 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-39989
CVE-2023-40210Cross-Site Request Forgery (CSRF) vulnerability in Sean Barton (Tortoise IT) SB Child List plugin <= 4.5 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-40210
CVE-2023-4098It has been identified that the web application does not correctly filter input parameters, allowing SQL injections, DoS or information disclosure. As a prerequisite, it is necessary to log into the application.https://nvd.nist.gov/vuln/detail/CVE-2023-4098
CVE-2023-4099The QSige Monitor application does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so. As a prerequisite, it is necessary to log into the application.https://nvd.nist.gov/vuln/detail/CVE-2023-4099
CVE-2023-4100Allows an attacker to perform XSS attacks stored on certain resources. Exploiting this vulnerability can lead to a DoS condition, among other actions.https://nvd.nist.gov/vuln/detail/CVE-2023-4100
CVE-2023-4101The QSige login SSO does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so. As a prerequisite, it is necessary to log into the application.https://nvd.nist.gov/vuln/detail/CVE-2023-4101
CVE-2023-4102QSige login SSO does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so. As a prerequisite, it is necessary to log into the application.https://nvd.nist.gov/vuln/detail/CVE-2023-4102
CVE-2023-4103QSige statistics are affected by a remote SQLi vulnerability. It has been identified that the web application does not correctly filter input parameters, allowing SQL injections, DoS or information disclosure. As a prerequisite, it is necessary to log into the application.https://nvd.nist.gov/vuln/detail/CVE-2023-4103
CVE-2023-5350SQL Injection in GitHub repository salesagility/suitecrm prior to 7.14.1.https://nvd.nist.gov/vuln/detail/CVE-2023-5350
CVE-2023-5351Cross-site Scripting (XSS) - Stored in GitHub repository salesagility/suitecrm prior to 7.14.1.https://nvd.nist.gov/vuln/detail/CVE-2023-5351
CVE-2023-2681An SQL Injection vulnerability has been found on Jorani version 1.0.0. This vulnerability allows an authenticated remote user, with low privileges, to send queries with malicious SQL code on the "/leaves/validate" path and the “id” parameter, managing to extract arbritary information from the database.https://nvd.nist.gov/vuln/detail/CVE-2023-2681
CVE-2023-32669Authorization bypass vulnerability in BuddyBoss 2.2.9 version, the exploitation of which could allow an authenticated user to access and rename other users' albums. This vulnerability can be exploited by changing the album identification (id).https://nvd.nist.gov/vuln/detail/CVE-2023-32669
CVE-2023-32670Cross-Site Scripting vulnerability \n\nin BuddyBoss 2.2.9 version\n\n, which could allow a local attacker with basic privileges to execute a malicious payload through the "[name]=image.jpg" parameter, allowing to assign a persistent javascript payload that would be triggered when the associated image is loaded.\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-32670
CVE-2023-32671A stored XSS vulnerability has been found on BuddyBoss Platform affecting version 2.2.9. This vulnerability allows an attacker to store a malicious javascript payload via POST request when sending an invitation.https://nvd.nist.gov/vuln/detail/CVE-2023-32671
CVE-2023-32790Cross-Site Scripting (XSS) vulnerability in NXLog Manager 5.6.5633 version. This vulnerability allows an attacker to inject a malicious JavaScript payload into the 'Full Name' field during a user edit, due to improper sanitization of the input parameter.https://nvd.nist.gov/vuln/detail/CVE-2023-32790
CVE-2023-32791Cross-Site Request Forgery (CSRF) vulnerability in NXLog Manager 5.6.5633 version. This vulnerability allows an attacker to manipulate and delete user accounts within the platform by sending a specifically crafted query to the server. The vulnerability is based on the lack of proper validation of the origin of incoming requests.https://nvd.nist.gov/vuln/detail/CVE-2023-32791
CVE-2023-32792Cross-Site Request Forgery (CSRF) vulnerability in NXLog Manager 5.6.5633 version. This vulnerability allows an attacker to eliminate roles within the platform by sending a specifically crafted query to the server. The vulnerability is based on the absence of proper validation of the origin of incoming requests.https://nvd.nist.gov/vuln/detail/CVE-2023-32792
CVE-2023-39159Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Fraud Prevention For Woocommerce plugin <= 2.1.5 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-39159
CVE-2023-40009Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Pipes plugin <= 1.4.0 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-40009
CVE-2023-40198Cross-Site Request Forgery (CSRF) vulnerability in Antsanchez Easy Cookie Law plugin <= 3.1 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-40198
CVE-2023-40199Cross-Site Request Forgery (CSRF) vulnerability in CRUDLab WP Like Button plugin <= 1.7.0 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-40199
CVE-2023-40201Cross-Site Request Forgery (CSRF) vulnerability in FuturioWP Futurio Extra plugin <= 1.8.4 versions leads to activation of arbitrary plugin.https://nvd.nist.gov/vuln/detail/CVE-2023-40201
CVE-2023-40202Cross-Site Request Forgery (CSRF) vulnerability in Hannes Etzelstorfer // codemiq WP HTML Mail plugin <= 3.4.1 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-40202
CVE-2023-40212Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Product Attachment for WooCommerce plugin <= 2.1.8 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-40212
CVE-2023-42508JFrog Artifactory prior to version 7.66.0 is vulnerable to specific endpoint abuse with a specially crafted payload, which can lead to unauthenticated users being able to send emails with manipulated email body.https://nvd.nist.gov/vuln/detail/CVE-2023-42508
CVE-2023-5353Improper Access Control in GitHub repository salesagility/suitecrm prior to 7.14.1.https://nvd.nist.gov/vuln/detail/CVE-2023-5353
CVE-2023-0506The web service of ByDemes Group Airspace CCTV Web Service in its 2.616.BY00.11 version, contains a privilege escalation vulnerability, detected in the Camera Control Panel, whose exploitation could allow a low-privileged attacker to gain administrator access.https://nvd.nist.gov/vuln/detail/CVE-2023-0506
CVE-2023-27435Cross-Site Request Forgery (CSRF) vulnerability in Sami Ahmed Siddiqui HTTP Auth plugin <= 0.3.2 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-27435
CVE-2023-2544Authorization bypass vulnerability in UPV PEIX, affecting the component "pdf_curri_new.php". Through a POST request, an authenticated user could change the ID parameter to retrieve all the stored information of other registered users.https://nvd.nist.gov/vuln/detail/CVE-2023-2544
CVE-2023-32091Cross-Site Request Forgery (CSRF) vulnerability in POEditor plugin <= 0.9.4 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-32091
CVE-2023-39158Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Banner Management For WooCommerce plugin <= 2.4.2 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-39158
CVE-2023-3349Information exposure vulnerability in IBERMATICA RPS 2019, which exploitation could allow an unauthenticated user to retrieve sensitive information, such as usernames, IP addresses or SQL queries sent to the application. By accessing the URL /RPS2019Service/status.html, the application enables the logging mechanism by generating the log file, which can be downloaded.https://nvd.nist.gov/vuln/detail/CVE-2023-3349
CVE-2023-3350A Cryptographic Issue vulnerability has been found on IBERMATICA RPS, affecting version 2019. By firstly downloading the log file, an attacker could retrieve the SQL query sent to the application in plaint text. This log file contains the password hashes coded with AES-CBC-128 bits algorithm, which can be decrypted with a .NET function, obtaining the username's password in plain text.https://nvd.nist.gov/vuln/detail/CVE-2023-3350
CVE-2023-40558Cross-Site Request Forgery (CSRF) vulnerability in eMarket Design YouTube Video Gallery by YouTube Showcase plugin <= 3.3.5 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-40558
CVE-2023-41244Cross-Site Request Forgery (CSRF) vulnerability in Buildfail Localize Remote Images plugin <= 1.0.9 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-41244
CVE-2023-41693Cross-Site Request Forgery (CSRF) vulnerability in edward_plainview MyCryptoCheckout plugin <= 2.125 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-41693
CVE-2023-4929All firmware versions of the NPort 5000 Series are affected by an improper validation of integrity check vulnerability. This vulnerability results from insufficient checks on firmware updates or upgrades, potentially allowing malicious users to manipulate the firmware and gain control of devices.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-4929
CVE-2023-4882DOS vulnerability that could allow an attacker to register a new VNF (Virtual Network Function) value. This action could trigger the args_assets() function defined in the arg-log.php file, which would then execute the args-abort.c file, causing the service to crash.https://nvd.nist.gov/vuln/detail/CVE-2023-4882
CVE-2023-4883Invalid pointer release vulnerability. Exploitation of this vulnerability could allow an attacker to interrupt the correct operation of the service by sending a specially crafted json string to the VNF (Virtual Network Function), and triggering the ogs_sbi_message_free function, which could cause a service outage.https://nvd.nist.gov/vuln/detail/CVE-2023-4883
CVE-2023-4884An attacker could send an HTTP request to an Open5GS endpoint and retrieve the information stored on the device due to the lack of Authentication.https://nvd.nist.gov/vuln/detail/CVE-2023-4884
CVE-2023-4885Man in the Middle vulnerability, which could allow an attacker to intercept VNF (Virtual Network Function) communications resulting in the exposure of sensitive information.https://nvd.nist.gov/vuln/detail/CVE-2023-4885
CVE-2023-4886A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and truststore, were found to be world readable.https://nvd.nist.gov/vuln/detail/CVE-2023-4886
CVE-2023-3196This vulnerability could allow an attacker to store a malicious JavaScript payload in the login footer and login page description parameters within the administration panel.https://nvd.nist.gov/vuln/detail/CVE-2023-3196
CVE-2023-4564This vulnerability could allow an attacker to store a malicious JavaScript payload in the broadcast message parameter within the admin panel.https://nvd.nist.gov/vuln/detail/CVE-2023-4564
CVE-2023-4817This vulnerability allows an authenticated attacker to upload malicious files by bypassing the restrictions of the upload functionality, compromising the entire device.https://nvd.nist.gov/vuln/detail/CVE-2023-4817
CVE-2023-33200A local non-privileged user can make improper GPU processing operations to exploit a software race condition. If the system’s memory is carefully prepared by the user, then this in turn could give them access to already freed memory.\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-33200
CVE-2023-34970A local non-privileged user can make improper GPU processing operations to access a limited amount outside of buffer bounds or to exploit a software race condition. If the system’s memory is carefully prepared by the user, then this in turn could give them access to already freed memory\n\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-34970
CVE-2023-4732A flaw was found in the Linux Kernel's memory management subsytem. A task exits and releases a 2MB page in a vma (vm_area_struct) and hits the BUG statement in pfn_swap_entry_to_page() referencing pmd_t x.https://nvd.nist.gov/vuln/detail/CVE-2023-4732
CVE-2023-4911A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.https://nvd.nist.gov/vuln/detail/CVE-2023-4911
CVE-2023-5255For certificates that utilize the auto-renew feature in Puppet Server, a flaw exists which prevents the certificates from being revoked.https://nvd.nist.gov/vuln/detail/CVE-2023-5255
CVE-2023-43976An issue in CatoNetworks CatoClient before v.5.4.0 allows attackers to escalate privileges and winning the race condition (TOCTOU) via the PrivilegedHelperTool component.https://nvd.nist.gov/vuln/detail/CVE-2023-43976
CVE-2023-40830Tenda AC6 v15.03.05.19 is vulnerable to Buffer Overflow as the Index parameter does not verify the length.https://nvd.nist.gov/vuln/detail/CVE-2023-40830
CVE-2023-33268An issue was discovered in DTS Monitoring 3.57.0. The parameter port within the SSL Certificate check function is vulnerable to OS command injection (blind).https://nvd.nist.gov/vuln/detail/CVE-2023-33268
CVE-2023-33269An issue was discovered in DTS Monitoring 3.57.0. The parameter options within the WGET check function is vulnerable to OS command injection (blind).https://nvd.nist.gov/vuln/detail/CVE-2023-33269
CVE-2023-33270An issue was discovered in DTS Monitoring 3.57.0. The parameter url within the Curl check function is vulnerable to OS command injection (blind).https://nvd.nist.gov/vuln/detail/CVE-2023-33270
CVE-2023-33271An issue was discovered in DTS Monitoring 3.57.0. The parameter common_name within the SSL Certificate check function is vulnerable to OS command injection (blind).https://nvd.nist.gov/vuln/detail/CVE-2023-33271
CVE-2023-33272An issue was discovered in DTS Monitoring 3.57.0. The parameter ip within the Ping check function is vulnerable to OS command injection (blind).https://nvd.nist.gov/vuln/detail/CVE-2023-33272
CVE-2023-33273An issue was discovered in DTS Monitoring 3.57.0. The parameter url within the WGET check function is vulnerable to OS command injection (blind).https://nvd.nist.gov/vuln/detail/CVE-2023-33273
CVE-2023-39645Improper neutralization of SQL parameter in Theme Volty CMS Payment Icon module for PrestaShop. In the module “Theme Volty CMS Payment Icon” (tvcmspaymenticon) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions.https://nvd.nist.gov/vuln/detail/CVE-2023-39645
CVE-2023-40519A cross-site scripting (XSS) vulnerability in the bpk-common/auth/login/index.html login portal in Broadpeak Centralized Accounts Management Auth Agent 01.01.00.19219575_ee9195b0, 01.01.01.30097902_fd999e76, and 00.12.01.9565588_1254b459 allows remote attackers to inject arbitrary web script or HTML via the disconnectMessage parameter.https://nvd.nist.gov/vuln/detail/CVE-2023-40519
CVE-2023-43176A deserialization vulnerability in Afterlogic Aurora Files v9.7.3 allows attackers to execute arbitrary code via supplying a crafted .sabredav file.https://nvd.nist.gov/vuln/detail/CVE-2023-43176
CVE-2023-43898Nothings stb 2.28 was discovered to contain a Null Pointer Dereference via the function stbi__convert_format. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted pic file.https://nvd.nist.gov/vuln/detail/CVE-2023-43898
CVE-2023-43951SSCMS 7.2.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Column Management component.https://nvd.nist.gov/vuln/detail/CVE-2023-43951
CVE-2023-43952SSCMS 7.2.2 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Material Management component.https://nvd.nist.gov/vuln/detail/CVE-2023-43952
CVE-2023-43953SSCMS 7.2.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Content Management component.https://nvd.nist.gov/vuln/detail/CVE-2023-43953
CVE-2023-44973An arbitrary file upload vulnerability in the component /content/templates/ of Emlog Pro v2.2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.https://nvd.nist.gov/vuln/detail/CVE-2023-44973
CVE-2023-44974An arbitrary file upload vulnerability in the component /admin/plugin.php of Emlog Pro v2.2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.https://nvd.nist.gov/vuln/detail/CVE-2023-44974
CVE-2023-39646Improper neutralization of SQL parameter in Theme Volty CMS Category Chain Slider module for PrestaShop. In the module “Theme Volty CMS Category Chain Slide"(tvcmscategorychainslider) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions.https://nvd.nist.gov/vuln/detail/CVE-2023-39646
CVE-2023-39648Improper neutralization of SQL parameter in Theme Volty CMS Testimonial module for PrestaShop. In the module “Theme Volty CMS Testimonial” (tvcmstestimonial) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions.https://nvd.nist.gov/vuln/detail/CVE-2023-39648
CVE-2023-39649Improper neutralization of SQL parameter in Theme Volty CMS Category Slider module for PrestaShop. In the module “Theme Volty CMS Category Slider” (tvcmscategoryslider) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions.https://nvd.nist.gov/vuln/detail/CVE-2023-39649
CVE-2023-39651Improper neutralization of SQL parameter in Theme Volty CMS BrandList module for PrestaShop In the module “Theme Volty CMS BrandList” (tvcmsbrandlist) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions.https://nvd.nist.gov/vuln/detail/CVE-2023-39651
CVE-2023-39647Improper neutralization of SQL parameter in Theme Volty CMS Category Product module for PrestaShop. In the module “Theme Volty CMS Category Product” (tvcmscategoryproduct) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions.https://nvd.nist.gov/vuln/detail/CVE-2023-39647