Published on 04 Oct 2023
SingCERT's Security Bulletin summarises the list of vulnerabilities collated from the National Institute of Standards and Technology (NIST)'s National Vulnerability Database (NVD) in the past week.
The vulnerabilities are tabled based on severity, in accordance to their CVSSv3 base scores:
Critical | vulnerabilities with a base score of 9.0 to 10.0 |
High | vulnerabilities with a base score of 7.0 to 8.9 |
Medium | vulnerabilities with a base score of 4.0 to 6.9 |
Low | vulnerabilities with a base score of 0.1 to 3.9 |
None | vulnerabilities with a base score of 0.0 |
For those vulnerabilities without assigned CVSS scores, please visit NVD for the updated CVSS vulnerability entries.
CVE Number | Description | Base Score | Reference |
---|---|---|---|
CVE-2022-22536 | SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53 and SAP Web Dispatcher are vulnerable for request smuggling and request concatenation. An unauthenticated attacker can prepend a victim's request with arbitrary data. This way, the attacker can execute functions impersonating the victim or poison intermediary Web caches. A successful attack could result in complete compromise of Confidentiality, Integrity and Availability of the system.\n\n | 10 | https://nvd.nist.gov/vuln/detail/CVE-2022-22536 |
CVE-2022-0543 | It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution. | 10 | https://nvd.nist.gov/vuln/detail/CVE-2022-0543 |
CVE-2023-3432 | Server-Side Request Forgery (SSRF) in GitHub repository plantuml/plantuml prior to 1.2023.9. | 10 | https://nvd.nist.gov/vuln/detail/CVE-2023-3432 |
CVE-2023-38586 | An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sonoma 14. A sandboxed process may be able to circumvent sandbox restrictions. | 10 | https://nvd.nist.gov/vuln/detail/CVE-2023-38586 |
CVE-2023-40455 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14. A sandboxed process may be able to circumvent sandbox restrictions. | 10 | https://nvd.nist.gov/vuln/detail/CVE-2023-40455 |
CVE-2023-4260 | Potential off-by-one buffer overflow vulnerability in the Zephyr fuse file system.\n\n\n | 10 | https://nvd.nist.gov/vuln/detail/CVE-2023-4260 |
CVE-2023-4262 | Possible buffer overflow in Zephyr mgmt subsystem when asserts are disabled\n\n | 10 | https://nvd.nist.gov/vuln/detail/CVE-2023-4262 |
CVE-2023-43632 | \nAs noted in the “VTPM.md” file in the eve documentation, “VTPM is a server listening on port\n8877 in EVE, exposing limited functionality of the TPM to the clients. \nVTPM allows clients to\nexecute tpm2-tools binaries from a list of hardcoded options”\nThe communication with this server is done using protobuf, and the data is comprised of 2\nparts:\n\n1. Header\n\n2. Data\n\nWhen a connection is made, the server is waiting for 4 bytes of data, which will be the header,\nand these 4 bytes would be parsed as uint32 size of the actual data to come.\n\nThen, in the function “handleRequest” this size is then used in order to allocate a payload on\nthe stack for the incoming data.\n\nAs this payload is allocated on the stack, this will allow overflowing the stack size allocated for\nthe relevant process with freely controlled data.\n\n* An attacker can crash the system. \n* An attacker can gain control over the system, specifically on the “vtpm_server” process\nwhich has very high privileges.\n\n\n | 9.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-43632 |
CVE-2023-5223 | A vulnerability, which was classified as critical, has been found in HimitZH HOJ up to 4.6-9a65e3f. This issue affects some unknown processing of the component Topic Handler. The manipulation leads to sandbox issue. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240365 was assigned to this vulnerability. | 9.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-5223 |
CVE-2023-43651 | JumpServer is an open source bastion host. An authenticated user can exploit a vulnerability in MongoDB sessions to execute arbitrary commands, leading to remote code execution. This vulnerability may further be leveraged to gain root privileges on the system. Through the WEB CLI interface provided by the koko component, a user logs into the authorized mongoDB database and exploits the MongoDB session to execute arbitrary commands. This vulnerability has been addressed in versions 2.28.20 and 3.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 9.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-43651 |
CVE-2023-5201 | The OpenHook plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 4.3.0 via the 'php' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to execute code on the server. This requires the [php] shortcode setting to be enabled on the vulnerable site. | 9.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-5201 |
CVE-2018-1160 | Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-1160 |
CVE-2018-21004 | The rsvpmaker plugin before 5.6.4 for WordPress has SQL injection. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-21004 |
CVE-2019-15646 | The rsvpmaker plugin before 6.2 for WordPress has SQL injection. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-15646 |
CVE-2020-9406 | IBL Online Weather before 4.3.5a allows unauthenticated eval injection via the queryBCP method of the Auxiliary Service. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-9406 |
CVE-2020-25215 | yWorks yEd Desktop before 3.20.1 allows XXE attacks via an XML or GraphML document. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-25215 |
CVE-2020-25216 | yWorks yEd Desktop before 3.20.1 allows code execution via an XSL Transformation when using an XML file in conjunction with a custom stylesheet. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-25216 |
CVE-2021-1300 | Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-1300 |
CVE-2021-1301 | Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-1301 |
CVE-2021-41326 | In MISP before 2.4.148, app/Lib/Export/OpendataExport.php mishandles parameter data that is used in a shell_exec call. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-41326 |
CVE-2021-42169 | The Simple Payroll System with Dynamic Tax Bracket in PHP using SQLite Free Source Code (by: oretnom23 ) is vulnerable from remote SQL-Injection-Bypass-Authentication for the admin account. The parameter (username) from the login form is not protected correctly and there is no security and escaping from malicious payloads. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-42169 |
CVE-2021-40393 | An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-40393 |
CVE-2021-40394 | An out-of-bounds write vulnerability exists in the RS-274X aperture macro variables handling functionality of Gerbv 2.7.0 and dev (commit b5f1eacd) and the forked version of Gerbv (commit 71493260). A specially-crafted gerber file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-40394 |
CVE-2022-23303 | The implementations of SAE in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9494. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-23303 |
CVE-2022-23304 | The implementations of EAP-pwd in hostapd before 2.10 and wpa_supplicant before 2.10 are vulnerable to side-channel attacks as a result of cache access patterns. NOTE: this issue exists because of an incomplete fix for CVE-2019-9495. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-23304 |
CVE-2022-29599 | In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-29599 |
CVE-2022-36227 | In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the code-execution impact: "In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution." | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-36227 |
CVE-2022-48337 | GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u *" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-48337 |
CVE-2023-20032 | On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed:\r\n\r \r A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code.\r\n\r \r This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow write. An attacker could exploit this vulnerability by submitting a crafted HFS+ partition file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the ClamAV scanning process, or else crash the process, resulting in a denial of service (DoS) condition.\r\n\r For a description of this vulnerability, see the ClamAV blog ["https://blog.clamav.net/"]. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-20032 |
CVE-2023-1529 | Out of bounds memory access in WebHID in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a malicious HID device. (Chromium security severity: High) | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1529 |
CVE-2022-0194 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ad_addcomment function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15876. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-0194 |
CVE-2022-23121 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parse_entries function. The issue results from the lack of proper error handling when parsing AppleDouble entries. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15819. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-23121 |
CVE-2022-23122 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the setfilparams function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15837. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-23122 |
CVE-2022-23123 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getdirparams method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15830. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-23123 |
CVE-2022-23124 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the get_finderinfo method. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15870. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-23124 |
CVE-2022-23125 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the copyapplfile function. When parsing the len element, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-15869. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-23125 |
CVE-2022-46387 | ConEmu through 220807 and Cmder before 1.3.21 report the title of the terminal, including control characters, which allows an attacker to change the title and then execute it as commands. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-46387 |
CVE-2022-43634 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of Netatalk. Authentication is not required to exploit this vulnerability. The specific flaw exists within the dsi_writeinit function. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-17646. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-43634 |
CVE-2023-2344 | A vulnerability has been found in SourceCodester Service Provider Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=save_service of the component HTTP POST Request Handler. The manipulation of the argument name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227587. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2344 |
CVE-2023-2345 | A vulnerability was found in SourceCodester Service Provider Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /classes/Master.php?f=delete_inquiry. The manipulation leads to improper authorization. The attack may be launched remotely. The identifier of this vulnerability is VDB-227588. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2345 |
CVE-2023-2346 | A vulnerability was found in SourceCodester Service Provider Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/inquiries/view_inquiry.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227589 was assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2346 |
CVE-2023-2347 | A vulnerability was found in SourceCodester Service Provider Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/services/manage_service.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-227590 is the identifier assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2347 |
CVE-2023-2348 | A vulnerability was found in SourceCodester Service Provider Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/user/manage_user.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227591. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2348 |
CVE-2023-3028 | Insufficient authentication in the MQTT backend (broker) allows an attacker to access and even manipulate the telemetry data of the entire fleet of vehicles using the HopeChart HQT-401 telematics unit. Other models are possibly affected too.\n\n\n\n\n\n\n\n\nMultiple vulnerabilities were identified:\n\n\n\n- The MQTT backend does not require authentication, allowing unauthorized connections from an attacker.\n\n\n\n- The vehicles publish their telemetry data (e.g. GPS Location, speed, odometer, fuel, etc) as messages in public topics. The backend also sends commands to the vehicles as MQTT posts in public topics. As a result, an attacker can access the confidential data of the entire fleet that is managed by the backend.\n\n\n\n- The MQTT messages sent by the vehicles or the backend are not encrypted or authenticated. An attacker can create and post messages to impersonate a vehicle or the backend. The attacker could then, for example, send incorrect information to the backend about the vehicle's location.\n\n\n\n- The backend can inject data into a vehicle´s CAN bus by sending a specific MQTT message on a public topic. Because these messages are not authenticated or encrypted, an attacker could impersonate the backend, create a fake message and inject CAN data in any vehicle managed by the backend.\n\n\nThe confirmed version is 201808021036, however further versions have been also identified as potentially impacted.\n\n\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-3028 |
CVE-2023-34581 | Sourcecodester Service Provider Management System v1.0 is vulnerable to SQL Injection via the ID parameter in /php-spms/?page=services/view&id=2 | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-34581 |
CVE-2023-3644 | A vulnerability was found in SourceCodester Service Provider Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /classes/Master.php?f=save_inquiry. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. VDB-233890 is the identifier assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-3644 |
CVE-2023-39010 | BoofCV 0.42 was discovered to contain a code injection vulnerability via the component boofcv.io.calibration.CalibrationIO.load. This vulnerability is exploited by loading a crafted camera calibration file. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-39010 |
CVE-2021-32292 | An issue was discovered in json-c from 20200420 (post 0.14 unreleased code) through 0.15-20200726. A stack-buffer-overflow exists in the auxiliary sample program json_parse which is located in the function parseit. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-32292 |
CVE-2022-48565 | An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-48565 |
CVE-2023-40764 | User enumeration is found in PHP Jabbers Car Rental Script v3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40764 |
CVE-2023-41910 | An issue was discovered in lldpd before 1.0.17. By crafting a CDP PDU packet with specific CDP_TLV_ADDRESSES TLVs, a malicious actor can remotely force the lldpd daemon to perform an out-of-bounds read on heap memory. This occurs in cdp_decode in daemon/protocols/cdp.c. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41910 |
CVE-2023-4845 | A vulnerability was found in SourceCodester Simple Membership System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file account_edit_query.php. The manipulation of the argument admin_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-239254 is the identifier assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4845 |
CVE-2023-39150 | ConEmu before commit 230724 does not sanitize title responses correctly for control characters, potentially leading to arbitrary code execution. This is related to an incomplete fix for CVE-2022-46387. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-39150 |
CVE-2023-5009 | An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.2.7, all versions starting from 16.3 before 16.3.4. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies. This was a bypass of [CVE-2023-3932](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-3932) showing additional impact. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5009 |
CVE-2023-42793 | In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-42793 |
CVE-2019-19450 | paraparser in ReportLab before 3.5.31 allows remote code execution because start_unichar in paraparser.py evaluates untrusted user input in a unichar element in a crafted XML document with '<unichar code="' followed by arbitrary Python code, a similar issue to CVE-2019-17626. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-19450 |
CVE-2023-41993 | The issue was addressed with improved checks. This issue is fixed in Safari 17, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41993 |
CVE-2021-38243 | xunruicms <=4.5.1 is vulnerable to Remote Code Execution. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-38243 |
CVE-2023-35071 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in MRV Tech Logging Administration Panel allows SQL Injection.This issue affects Logging Administration Panel: before 20230915 .\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-35071 |
CVE-2023-39375 | \nSiberianCMS - CWE-274: Improper Handling of Insufficient Privileges\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-39375 |
CVE-2023-3767 | An OS command injection vulnerability has been found on EasyPHP Webserver affecting version 14.1. This vulnerability could allow an attacker to get full access to the system by sending a specially crafted exploit to the /index.php?zone=settings parameter. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-3767 |
CVE-2023-40400 | This issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. A remote user may cause an unexpected app termination or arbitrary code execution. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40400 |
CVE-2023-41320 | GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. UI layout preferences management can be hijacked to lead to SQL injection. This injection can be use to takeover an administrator account. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41320 |
CVE-2023-41878 | MeterSphere is a one-stop open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing and performance testing. The Selenium VNC config used in Metersphere is using a weak password by default, attackers can login to vnc and obtain high permissions. This issue has been addressed in version 2.10.7 LTS. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41878 |
CVE-2023-42461 | GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. The ITIL actors input field from the Ticket form can be used to perform a SQL injection. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-42461 |
CVE-2023-43154 | In Macrob7 Macs Framework Content Management System (CMS) 1.1.4f, loose comparison in "isValidLogin()" function during login attempt results in PHP type confusion vulnerability that leads to authentication bypass and takeover of the administrator account. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43154 |
CVE-2023-43187 | A remote code execution (RCE) vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute arbitrary code via crafted XML-RPC requests. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43187 |
CVE-2023-43216 | SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_ip.php. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43216 |
CVE-2023-43222 | SeaCMS v12.8 has an arbitrary code writing vulnerability in the /jxz7g2/admin_ping.php file. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43222 |
CVE-2023-43234 | DedeBIZ v6.2.11 was discovered to contain multiple remote code execution (RCE) vulnerabilities at /admin/file_manage_control.php via the $activepath and $filename parameters. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43234 |
CVE-2023-43291 | Deserialization of Untrusted Data in emlog pro v.2.1.15 and earlier allows a remote attacker to execute arbitrary code via the cache.php component. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43291 |
CVE-2023-44013 | Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the list parameter in the fromSetIpMacBind function. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44013 |
CVE-2023-44014 | Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain multiple stack overflows in the formSetMacFilterCfg function via the macFilterType and deviceList parameters. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44014 |
CVE-2023-44015 | Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the schedEndTime parameter in the setSchedWifi function. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44015 |
CVE-2023-44016 | Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the deviceId parameter in the addWifiMacFilter function. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44016 |
CVE-2023-44017 | Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the timeZone parameter in the fromSetSysTime function. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44017 |
CVE-2023-44018 | Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the domain parameter in the add_white_node function. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44018 |
CVE-2023-44019 | Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the mac parameter in the GetParentControlInfo function. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44019 |
CVE-2023-44020 | Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the security parameter in the formWifiBasicSet function. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44020 |
CVE-2023-44021 | Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the formSetClientState function. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44021 |
CVE-2023-44022 | Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44022 |
CVE-2023-44023 | Tenda AC10U v1.0 US_AC10UV1.0RTL_V15.03.06.49_multi_TDE01 was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44023 |
CVE-2023-44169 | SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_notify.php. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44169 |
CVE-2023-44170 | SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_ping.php. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44170 |
CVE-2023-44171 | SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_smtp.php. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44171 |
CVE-2023-44172 | SeaCMS V12.9 was discovered to contain an arbitrary file write vulnerability via the component admin_weixin.php. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44172 |
CVE-2023-4737 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hedef Tracking Admin Panel allows SQL Injection.This issue affects Admin Panel: before 1.2.\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4737 |
CVE-2023-5168 | A compromised content process could have provided malicious data to `FilterNodeD2D1` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5168 |
CVE-2023-5172 | A hashtable in the Ion Engine could have been mutated while there was a live interior reference, leading to a potential use-after-free and exploitable crash. This vulnerability affects Firefox < 118. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5172 |
CVE-2023-5174 | If Windows failed to duplicate a handle during process creation, the sandbox code may have inadvertently freed a pointer twice, resulting in a use-after-free and a potentially exploitable crash.\n*This bug only affects Firefox on Windows when run in non-standard configurations (such as using `runas`). Other operating systems are unaffected.* This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5174 |
CVE-2023-5175 | During process shutdown, it was possible that an `ImageBitmap` was created that would later be used after being freed from a different codepath, leading to a potentially exploitable crash. This vulnerability affects Firefox < 118. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5175 |
CVE-2023-5176 | Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5176 |
CVE-2023-42818 | JumpServer is an open source bastion host. When users enable MFA and use a public key for authentication, the Koko SSH server does not verify the corresponding SSH private key. An attacker could exploit a vulnerability by utilizing a disclosed public key to attempt brute-force authentication against the SSH service This issue has been patched in versions 3.6.5 and 3.5.6. Users are advised to upgrade. There are no known workarounds for this issue. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-42818 |
CVE-2023-43192 | SQL injection can exist in a newly created part of the JFinalcms background, and the parameters submitted by users are not filtered. As a result, special characters in parameters destroy the original logic of SQL statements. Attackers can use this vulnerability to execute any SQL statement. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43192 |
CVE-2023-44080 | An issue in PGYER codefever v.2023.8.14-2ce4006 allows a remote attacker to execute arbitrary code via a crafted request to the branchList component. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44080 |
CVE-2023-41449 | An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the reque parameter. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41449 |
CVE-2023-38870 | A SQL injection vulnerability exists in gugoan Economizzer commit 3730880 (April 2023) and v.0.9-beta1. The cash book has a feature to list accomplishments by category, and the 'category_id' parameter is vulnerable to SQL Injection. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-38870 |
CVE-2023-44273 | Consensys gnark-crypto through 0.11.2 allows Signature Malleability. This occurs because deserialisation of EdDSA and ECDSA signatures does not ensure that the data is in a certain interval. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44273 |
CVE-2023-43869 | D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWAN_Wizard56 function. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43869 |
CVE-2023-30415 | Sourcecodester Packers and Movers Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /inquiries/view_inquiry.php. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30415 |
CVE-2023-43013 | Asset Management System v1.0 is vulnerable to an\n\nunauthenticated SQL Injection vulnerability on the\n\n'email' parameter of index.php page, allowing an\n\nexternal attacker to dump all the contents of the\n\ndatabase contents and bypass the login control.\n\n\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43013 |
CVE-2023-5004 | Hospital management system version 378c157 allows to bypass authentication.\n\nThis is possible because the application is vulnerable to SQLI.\n\n\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5004 |
CVE-2023-5053 | Hospital management system version 378c157 allows to bypass authentication.\n\nThis is possible because the application is vulnerable to SQLI.\n\n\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5053 |
CVE-2023-43739 | The 'bookisbn' parameter of the cart.php resource\n\ndoes not validate the characters received and they\n\nare sent unfiltered to the database.\n\n\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43739 |
CVE-2023-44163 | The 'search' parameter of the process_search.php resource\n\ndoes not validate the characters received and they\n\nare sent unfiltered to the database.\n\n\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44163 |
CVE-2023-44164 | The 'Email' parameter of the process_login.php resource\n\ndoes not validate the characters received and they\n\nare sent unfiltered to the database.\n\n\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44164 |
CVE-2023-44165 | The 'Password' parameter of the process_login.php resource\n\ndoes not validate the characters received and they\n\nare sent unfiltered to the database.\n\n\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44165 |
CVE-2023-44166 | The 'age' parameter of the process_registration.php resource\n\ndoes not validate the characters received and they\n\nare sent unfiltered to the database.\n\n\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44166 |
CVE-2023-44167 | The 'name' parameter of the process_registration.php resource\n\ndoes not validate the characters received and they\n\nare sent unfiltered to the database.\n\n\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44167 |
CVE-2023-44168 | The 'phone' parameter of the process_registration.php resource\n\ndoes not validate the characters received and they\n\nare sent unfiltered to the database.\n\n\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44168 |
CVE-2023-43654 | TorchServe is a tool for serving and scaling PyTorch models in production. TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests and write files to the disk. This issue could be taken advantage of to compromise the integrity of the system and sensitive data. This issue is present in versions 0.1.0 to 0.8.1. A user is able to load the model of their choice from any URL that they would like to use. The user of TorchServe is responsible for configuring both the allowed_urls and specifying the model URL to be used. A pull request to warn the user when the default value for allowed_urls is used has been merged in PR #2534. TorchServe release 0.8.2 includes this change. Users are advised to upgrade. There are no known workarounds for this issue. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43654 |
CVE-2023-5260 | A vulnerability, which was classified as critical, has been found in SourceCodester Simple Membership System 1.0. This issue affects some unknown processing of the file group_validator.php. The manipulation of the argument club_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240869 was assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5260 |
CVE-2023-5261 | A vulnerability, which was classified as critical, was found in Tongda OA 2017. Affected is an unknown function of the file general/hr/manage/staff_title_evaluation/delete.php. The manipulation of the argument EVALUATION_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-240870 is the identifier assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5261 |
CVE-2023-5288 | \nA remote unauthorized attacker may connect to the SIM1012, interact with the device and\nchange configuration settings. The adversary may also reset the SIM and in the worst case upload a\nnew firmware version to the device.\n\n | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5288 |
CVE-2023-5265 | A vulnerability, which was classified as critical, has been found in Tongda OA 2017. Affected by this issue is some unknown functionality of the file general/hr/manage/staff_transfer/delete.php. The manipulation of the argument TRANSFER_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-240878 is the identifier assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5265 |
CVE-2023-5267 | A vulnerability has been found in Tongda OA 2017 and classified as critical. This vulnerability affects unknown code of the file general/hr/recruit/hr_pool/delete.php. The manipulation of the argument EXPERT_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-240880. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5267 |
CVE-2023-5276 | A vulnerability classified as critical was found in SourceCodester Engineers Online Portal 1.0. This vulnerability affects unknown code of the file downloadable_student.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The identifier of this vulnerability is VDB-240904. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5276 |
CVE-2023-5277 | A vulnerability, which was classified as critical, has been found in SourceCodester Engineers Online Portal 1.0. This issue affects some unknown processing of the file student_avatar.php. The manipulation of the argument change leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240905 was assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5277 |
CVE-2023-5278 | A vulnerability, which was classified as critical, was found in SourceCodester Engineers Online Portal 1.0. Affected is an unknown function of the file login.php. The manipulation of the argument username/password leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-240906 is the identifier assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5278 |
CVE-2023-5279 | A vulnerability has been found in SourceCodester Engineers Online Portal 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file my_classmates.php. The manipulation of the argument teacher_class_student_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240907. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5279 |
CVE-2023-5280 | A vulnerability was found in SourceCodester Engineers Online Portal 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file my_students.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240908. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5280 |
CVE-2023-5281 | A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been classified as critical. This affects an unknown part of the file remove_inbox_message.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240909 was assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5281 |
CVE-2023-5282 | A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been declared as critical. This vulnerability affects unknown code of the file seed_message_student.php. The manipulation of the argument teacher_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-240910 is the identifier assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5282 |
CVE-2023-5227 | Unrestricted Upload of File with Dangerous Type in GitHub repository thorsten/phpmyfaq prior to 3.1.8. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5227 |
CVE-2023-5300 | A vulnerability classified as critical has been found in TTSPlanning up to 20230925. This affects an unknown part. The manipulation of the argument uid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240939. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5300 |
CVE-2023-20819 | In CDMA PPP protocol, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privilege needed. User interaction is not needed for exploitation. Patch ID: MOLY01068234; Issue ID: ALPS08010003. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-20819 |
CVE-2023-2136 | Integer overflow in Skia in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | 9.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-2136 |
CVE-2023-39007 | /ui/cron/item/open in the Cron component of OPNsense before 23.7 allows XSS via openAction in app/controllers/OPNsense/Cron/ItemController.php. | 9.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-39007 |
CVE-2023-42657 | \n\n\nIn WS_FTP Server versions prior to 8.7.4 and 8.8.2, a directory traversal vulnerability was discovered. An attacker could leverage this vulnerability to perform file operations (delete, rename, rmdir, mkdir) on files and folders outside of their authorized WS_FTP folder path. Attackers could also escape the context of the WS_FTP Server file structure and perform the same level of operations (delete, rename, rmdir, mkdir) on file and folder locations on the underlying operating system.\n | 9.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-42657 |
CVE-2023-4264 | Potential buffer overflow vulnerabilities n the Zephyr Bluetooth subsystem.\n\n\n | 9.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-4264 |
CVE-2020-24147 | Server-side request forgery (SSR) vulnerability in the WP Smart Import (wp-smart-import) plugin 1.0.0 for WordPress via the file field. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-24147 |
CVE-2023-33934 | Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: through 9.2.1.\n\n | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-33934 |
CVE-2023-4702 | Authentication Bypass Using an Alternate Path or Channel vulnerability in Yepas Digital Yepas allows Authentication Bypass.This issue affects Digital Yepas: before 1.0.1.\n\n | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-4702 |
CVE-2023-40436 | The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14. An attacker may be able to cause unexpected system termination or read kernel memory. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-40436 |
CVE-2023-42462 | GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. The document upload process can be diverted to delete some files. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-42462 |
CVE-2023-44152 | Sensitive information disclosure and manipulation due to improper authentication. The following products are affected: Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-44152 |
CVE-2023-44154 | Sensitive information disclosure and manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-44154 |
CVE-2023-44206 | Sensitive information disclosure and manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-44206 |
CVE-2023-43652 | JumpServer is an open source bastion host. As an unauthenticated user, it is possible to authenticate to the core API with a username and an SSH public key without needing a password or the corresponding SSH private key. An SSH public key should be considered public knowledge and should not used as an authentication secret alone. JumpServer provides an API for the KoKo component to validate user private key logins. This API does not verify the source of requests and will generate a personal authentication token. Given that public keys can be easily leaked, an attacker can exploit the leaked public key and username to authenticate, subsequently gaining access to the current user's information and authorized actions. This issue has been addressed in versions 2.28.20 and 3.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-43652 |
CVE-2022-47186 | There is an unrestricted upload of file vulnerability in Generex CS141 below 2.06 version. An attacker could upload and/or delete any type of file, without any format restriction and without any authentication, in the "upload" directory. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-47186 |
CVE-2023-43909 | Hospital Management System thru commit 4770d was discovered to contain a SQL injection vulnerability via the app_contact parameter in appsearch.php. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-43909 |
CVE-2023-39347 | Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An attacker with the ability to update pod labels can cause Cilium to apply incorrect network policies. This issue arises due to the fact that on pod update, Cilium incorrectly uses user-provided pod labels to select the policies which apply to the workload in question. This can affect Cilium network policies that use the namespace, service account or cluster constructs to restrict traffic, Cilium clusterwide network policies that use Cilium namespace labels to select the Pod and Kubernetes network policies. Non-existent construct names can be provided, which bypass all network policies applicable to the construct. For example, providing a pod with a non-existent namespace as the value of the `io.kubernetes.pod.namespace` label results in none of the namespaced CiliumNetworkPolicies applying to the pod in question. This attack requires the attacker to have Kubernetes API Server access, as described in the Cilium Threat Model. This issue has been resolved in: Cilium versions 1.14.2, 1.13.7, and 1.12.14. Users are advised to upgrade. As a workaround an admission webhook can be used to prevent pod label updates to the `k8s:io.kubernetes.pod.namespace` and `io.cilium.k8s.policy.*` keys. | 9 | https://nvd.nist.gov/vuln/detail/CVE-2023-39347 |
CVE Number | Description | Base Score | Reference |
---|---|---|---|
CVE-2018-17700 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit PhantomPDF 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Array.prototype.concat. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7131. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-17700 |
CVE-2019-17534 | vips_foreign_load_gif_scan_image in foreign/gifload.c in libvips before 8.8.2 tries to access a color map before a DGifGetImageDesc call, leading to a use-after-free. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-17534 |
CVE-2020-12351 | Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-12351 |
CVE-2021-1298 | Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-1298 |
CVE-2021-1299 | Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-1299 |
CVE-2021-1302 | Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information that they are not authorized to access. For more information about these vulnerabilities, see the Details section of this advisory. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-1302 |
CVE-2021-32621 | XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions prior to 12.6.7 and 12.10.3, a user without Script or Programming right is able to execute script requiring privileges by editing gadget titles in the dashboard. The issue has been patched in XWiki 12.6.7, 12.10.3 and 13.0RC1. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-32621 |
CVE-2021-3246 | A heap buffer overflow vulnerability in msadpcm_decode_block of libsndfile 1.0.30 allows attackers to execute arbitrary code via a crafted WAV file. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-3246 |
CVE-2021-42369 | Imagicle Application Suite (for Cisco UC) before 2021.Summer.2 allows SQL injection. A low-privileged user could inject a SQL statement through the "Export to CSV" feature of the Contact Manager web GUI. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-42369 |
CVE-2020-28419 | During installation with certain driver software or application packages an arbitrary code execution could occur. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-28419 |
CVE-2023-0696 | Type confusion in V8 in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0696 |
CVE-2023-0698 | Out of bounds read in WebRTC in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0698 |
CVE-2023-0699 | Use after free in GPU in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page and browser shutdown. (Chromium security severity: Medium) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0699 |
CVE-2023-0701 | Heap buffer overflow in WebUI in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interaction . (Chromium security severity: Medium) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0701 |
CVE-2023-0702 | Type confusion in Data Transfer in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0702 |
CVE-2023-0703 | Type confusion in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who convinced a user to engage in specific UI interactions to potentially exploit heap corruption via UI interactions. (Chromium security severity: Medium) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0703 |
CVE-2023-0927 | Use after free in Web Payments API in Google Chrome on Android prior to 110.0.5481.177 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0927 |
CVE-2023-0928 | Use after free in SwiftShader in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0928 |
CVE-2023-0929 | Use after free in Vulkan in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0929 |
CVE-2023-0930 | Heap buffer overflow in Video in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0930 |
CVE-2023-0931 | Use after free in Video in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0931 |
CVE-2023-0932 | Use after free in WebRTC in Google Chrome on Windows prior to 110.0.5481.177 allowed a remote attacker who convinced the user to engage in specific UI interactions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0932 |
CVE-2023-0933 | Integer overflow in PDF in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Medium) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0933 |
CVE-2023-0941 | Use after free in Prompts in Google Chrome prior to 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0941 |
CVE-2023-1528 | Use after free in Passwords in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1528 |
CVE-2023-1530 | Use after free in PDF in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1530 |
CVE-2023-1531 | Use after free in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1531 |
CVE-2023-1532 | Out of bounds read in GPU Video in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1532 |
CVE-2023-1533 | Use after free in WebProtect in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1533 |
CVE-2023-1534 | Out of bounds read in ANGLE in Google Chrome prior to 111.0.5563.110 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1534 |
CVE-2023-1810 | Heap buffer overflow in Visuals in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1810 |
CVE-2023-1811 | Use after free in Frames in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1811 |
CVE-2023-1812 | Out of bounds memory access in DOM Bindings in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1812 |
CVE-2023-1815 | Use after free in Networking APIs in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1815 |
CVE-2023-1818 | Use after free in Vulkan in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1818 |
CVE-2023-1820 | Heap buffer overflow in Browser History in Google Chrome prior to 112.0.5615.49 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1820 |
CVE-2023-2033 | Type confusion in V8 in Google Chrome prior to 112.0.5615.121 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2033 |
CVE-2023-2133 | Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2133 |
CVE-2023-2134 | Out of bounds memory access in Service Worker API in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2134 |
CVE-2023-2137 | Heap buffer overflow in sqlite in Google Chrome prior to 112.0.5615.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2137 |
CVE-2023-2461 | Use after free in OS Inputs in Google Chrome on ChromeOS prior to 113.0.5672.63 allowed a remote attacker who convinced a user to enage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: Medium) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2461 |
CVE-2023-2721 | Use after free in Navigation in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2721 |
CVE-2023-2722 | Use after free in Autofill UI in Google Chrome on Android prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2722 |
CVE-2023-2723 | Use after free in DevTools in Google Chrome prior to 113.0.5672.126 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2723 |
CVE-2023-2724 | Type confusion in V8 in Google Chrome prior to 113.0.5672.126 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2724 |
CVE-2023-2725 | Use after free in Guest View in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2725 |
CVE-2023-2726 | Inappropriate implementation in WebApp Installs in Google Chrome prior to 113.0.5672.126 allowed an attacker who convinced a user to install a malicious web app to bypass install dialog via a crafted HTML page. (Chromium security severity: Medium) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2726 |
CVE-2023-2769 | A vulnerability classified as critical has been found in SourceCodester Service Provider Management System 1.0. This affects an unknown part of the file /classes/Master.php?f=delete_service. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-229275. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2769 |
CVE-2023-3119 | A vulnerability, which was classified as critical, has been found in SourceCodester Service Provider Management System 1.0. Affected by this issue is some unknown functionality of the file view.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-230798 is the identifier assigned to this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-3119 |
CVE-2023-34468 | The DBCPConnectionPool and HikariCPConnectionPool Controller Services in Apache NiFi 0.0.2 through 1.21.0 allow an authenticated and authorized user to configure a Database URL with the H2 driver that enables custom code execution.\n\nThe resolution validates the Database URL and rejects H2 JDBC locations.\n\nYou are recommended to upgrade to version 1.22.0 or later which fixes this issue.\n\n\n | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-34468 |
CVE-2023-4863 | Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Critical) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4863 |
CVE-2023-43630 | PCR14 is not in the list of PCRs that seal/unseal the “vault” key, but\ndue to the change that was implemented in commit\n“7638364bc0acf8b5c481b5ce5fea11ad44ad7fd4”, fixing this issue alone would not solve the\nproblem of the config partition not being measured correctly.\n\nAlso, the “vault” key is sealed/unsealed with SHA1 PCRs instead of\nSHA256. \nThis issue was somewhat mitigated due to all of the PCR extend functions\nupdating both the values of SHA256 and SHA1 for a given PCR ID.\n\nHowever, due to the change that was implemented in commit\n“7638364bc0acf8b5c481b5ce5fea11ad44ad7fd4”, this is no longer the case for PCR14, as\nthe code in “measurefs.go” explicitly updates only the SHA256 instance of PCR14, which\nmeans that even if PCR14 were to be added to the list of PCRs sealing/unsealing the “vault”\nkey, changes to the config partition would still not be measured.\n\n\n\nAn attacker could modify the config partition without triggering the measured boot, this could\nresult in the attacker gaining full control over the device with full access to the contents of the\nencrypted “vault” \n\n\n\n\n | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43630 |
CVE-2023-43635 | \nVault Key Sealed With SHA1 PCRs\n\n\n\n\n\n\nThe measured boot solution implemented in EVE OS leans on a PCR locking mechanism.\n\nDifferent parts of the system update different PCR values in the TPM, resulting in a unique\nvalue for each PCR entry.\n\nThese PCRs are then used in order to seal/unseal a key from the TPM which is used to\nencrypt/decrypt the “vault” directory.\n\nThis “vault” directory is the most sensitive point in the system and as such, its content should\nbe protected.\n\nThis mechanism is noted in Zededa’s documentation as the “measured boot” mechanism,\ndesigned to protect said “vault”.\n\nThe code that’s responsible for generating and fetching the key from the TPM assumes that\nSHA256 PCRs are used in order to seal/unseal the key, and as such their presence is being\nchecked.\n\nThe issue here is that the key is not sealed using SHA256 PCRs, but using SHA1 PCRs.\nThis leads to several issues:\n\n• Machines that have their SHA256 PCRs enabled but SHA1 PCRs disabled, as well\nas not sealing their keys at all, meaning the “vault” is not protected from an attacker.\n\n• SHA1 is considered insecure and reduces the complexity level required to unseal the\nkey in machines which have their SHA1 PCRs enabled.\n\n\n\nAn attacker can very easily retrieve the contents of the “vault”, which will effectively render\nthe “measured boot” mechanism meaningless.\n\n\n\n\n\n | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43635 |
CVE-2023-43636 | \n\n\nIn EVE OS, the “measured boot” mechanism prevents a compromised device from accessing\nthe encrypted data located in the vault.\n\nAs per the “measured boot” design, the PCR values calculated at different stages of the boot\nprocess will change if any of their respective parts are changed.\n\nThis includes, among other things, the configuration of the bios, grub, the kernel cmdline,\ninitrd, and more.\n\nHowever, this mechanism does not validate the entire rootfs, so an attacker can edit the\nfilesystem and gain control over the system.\n\nAs the default filesystem used by EVE OS is squashfs, this is somewhat harder than an ext4,\nwhich is easily changeable.\n\nThis will not stop an attacker, as an attacker can repackage the squashfs with their changes\nin it and replace the partition altogether.\n\nThis can also be done directly on the device, as the “003-storage-init” container contains the\n“mksquashfs” and “unsquashfs” binaries (with the corresponding libs).\n\n\n\n\n\n\n\nAn attacker can gain full control over the device without changing the PCR values, thus not\ntriggering the “measured boot” mechanism, and having full access to the vault.\n\n\n\nNote:\n\nThis issue was partially fixed in these commits (after disclosure to Zededa), where the config\npartition measurement was added to PCR13:\n\n• aa3501d6c57206ced222c33aea15a9169d629141\n\n• 5fef4d92e75838cc78010edaed5247dfbdae1889.\n\nThis issue was made viable in version 9.0.0 when the calculation was moved to PCR14 but it was not included in the measured boot. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43636 |
CVE-2015-8371 | Composer before 2016-02-10 allows cache poisoning from other projects built on the same host. This results in attacker-controlled code entering a server-side build process. The issue occurs because of the way that dist packages are cached. The cache key is derived from the package name, the dist type, and certain other data from the package repository (which may simply be a commit hash, and thus can be found by an attacker). Versions through 1.0.0-alpha11 are affected, and 1.0.0 is unaffected. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2015-8371 |
CVE-2023-43631 | \nOn boot, the Pillar eve container checks for the existence and content of\n“/config/authorized_keys”.\n\nIf the file is present, and contains a supported public key, the container will go on to open\nport 22 and enable sshd with the given keys as the authorized keys for root login.\n\nAn attacker could easily add their own keys and gain full control over the system without\ntriggering the “measured boot” mechanism implemented by EVE OS, and without marking\nthe device as “UUD” (“Unknown Update Detected”).\n\nThis is because the “/config” partition is not protected by “measured boot”, it is mutable, and\nit is not encrypted in any way.\n\n\n\n\nAn attacker can gain full control over the device without changing the PCR values, thus not\ntriggering the “measured boot” mechanism, and having full access to the vault.\n\n\n\nNote:\n\nThis issue was partially fixed in these commits (after disclosure to Zededa), where the config\npartition measurement was added to PCR13:\n\n• aa3501d6c57206ced222c33aea15a9169d629141\n\n• 5fef4d92e75838cc78010edaed5247dfbdae1889.\n\nThis issue was made viable in version 9.0.0 when the calculation was moved to PCR14 but it was not included in the measured boot. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43631 |
CVE-2023-43633 | \nOn boot, the Pillar eve container checks for the existence and content of\n“/config/GlobalConfig/global.json”.\n\nIf the file exists, it overrides the existing configuration on the device on boot.\n\nThis allows an attacker to change the system’s configuration, which also includes some\ndebug functions.\n\nThis could be used to unlock the ssh with custom “authorized_keys” via the\n“debug.enable.ssh” key, similar to the “authorized_keys” finding that was noted before.\n\nOther usages include unlocking the usb to enable the keyboard via the “debug.enable.usb”\nkey, allowing VNC access via the “app.allow.vnc” key, and more.\n\nAn attacker could easily enable these debug functionalities without triggering the “measured\nboot” mechanism implemented by EVE OS, and without marking the device as “UUD”\n(“Unknown Update Detected”).\nThis is because the “/config” partition is not protected by “measured boot”, it is mutable and it\nis not encrypted in any way.\n\n\n\n\n\nAn attacker can gain full control over the device without changing the PCR values, thereby not\ntriggering the “measured boot” mechanism, and having full access to the vault.\n\n\n\n\nNote:\n\nThis issue was partially fixed in these commits (after disclosure to Zededa), where the config\npartition measurement was added to PCR13:\n\n• aa3501d6c57206ced222c33aea15a9169d629141\n\n• 5fef4d92e75838cc78010edaed5247dfbdae1889.\n\nThis issue was made viable in version 9.0.0 when the calculation was moved to PCR14 but it was not included in the measured boot. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43633 |
CVE-2023-43634 | \nWhen sealing/unsealing the “vault” key, a list of PCRs is used, which defines which PCRs\nare used.\n\nIn a previous project, CYMOTIVE found that the configuration is not protected by the secure\nboot, and in response Zededa implemented measurements on the config partition that was\nmapped to PCR 13.\n\nIn that process, PCR 13 was added to the list of PCRs that seal/unseal the key.\n\nIn commit “56e589749c6ff58ded862d39535d43253b249acf”, the config partition\nmeasurement moved from PCR 13 to PCR 14, but PCR 14 was not added to the list of\nPCRs that seal/unseal the key.\n\nThis change makes the measurement of PCR 14 effectively redundant as it would not affect\nthe sealing/unsealing of the key.\n\n\n\nAn attacker could modify the config partition without triggering the measured boot, this could\nresult in the attacker gaining full control over the device with full access to the contents of the\nencrypted “vault”\n\n\n\n\n | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43634 |
CVE-2023-28055 | \nDell NetWorker, Version 19.7 has an improper authorization vulnerability in the NetWorker client. An unauthenticated attacker within the same network could potentially exploit this by manipulating a command leading to gain of complete access to the server file further resulting in information leaks, denial of service, and arbitrary code execution. Dell recommends customers to upgrade at the earliest opportunity.\n\n | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28055 |
CVE-2023-2315 | Path Traversal in OpenCart versions 4.0.0.0 to 4.0.2.2 allows an authenticated user with access/modify privilege on the Log component to empty out arbitrary files on the server | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2315 |
CVE-2023-35074 | The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-35074 |
CVE-2023-35793 | An issue was discovered in Cassia Access Controller 2.1.1.2303271039. Establishing a web SSH session to gateways is vulnerable to Cross Site Request Forgery (CSRF) attacks. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-35793 |
CVE-2023-39378 | SiberianCMS - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') by an unauthenticated user | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-39378 |
CVE-2023-39434 | A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-39434 |
CVE-2023-40044 | \nIn WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system. \n\n | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40044 |
CVE-2023-40451 | This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 17. An attacker with JavaScript execution may be able to execute arbitrary code. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40451 |
CVE-2023-41074 | The issue was addressed with improved checks. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41074 |
CVE-2023-41322 | GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. A user with write access to another user can make requests to change the latter's password and then take control of their account. Users are advised to upgrade to version 10.0.10. There are no known work around for this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41322 |
CVE-2023-41324 | GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An API user that have read access on users resource can steal accounts of other users. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41324 |
CVE-2023-41326 | GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. A logged user from any profile can hijack the Kanban feature to alter any user field, and end-up with stealing its account. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41326 |
CVE-2023-42819 | JumpServer is an open source bastion host. Logged-in users can access and modify the contents of any file on the system. A user can use the 'Job-Template' menu and create a playbook named 'test'. Get the playbook id from the detail page, like 'e0adabef-c38f-492d-bd92-832bacc3df5f'. An attacker can exploit the directory traversal flaw using the provided URL to access and retrieve the contents of the file. `https://jumpserver-ip/api/v1/ops/playbook/e0adabef-c38f-492d-bd92-832bacc3df5f/file/?key=../../../../../../../etc/passwd` a similar method to modify the file content is also present. This issue has been addressed in version 3.6.5. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-42819 |
CVE-2023-43610 | SQL injection vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor (without setting authority) or higher privilege to perform unintended database operations. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43610 |
CVE-2023-4934 | Authorization Bypass Through User-Controlled Key vulnerability in Usta AYBS allows Authentication Abuse, Authentication Bypass.This issue affects AYBS: before 1.0.3.\n\n | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4934 |
CVE-2023-5183 | Unsafe deserialization of untrusted JSON allows execution of arbitrary code on affected releases of the Illumio PCE. Authentication to the API is required to exploit this vulnerability. The flaw exists within the network_traffic API endpoint. An attacker can leverage this vulnerability to execute code in the context of the PCE’s operating system user. \n\n | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5183 |
CVE-2023-20254 | A vulnerability in the session management system of the Cisco Catalyst SD-WAN Manager multi-tenant feature could allow an authenticated, remote attacker to access another tenant that is being managed by the same Cisco Catalyst SD-WAN Manager instance. This vulnerability requires the multi-tenant feature to be enabled.\r\n\r This vulnerability is due to insufficient user session management within the Cisco Catalyst SD-WAN Manager system. An attacker could exploit this vulnerability by sending a crafted request to an affected system. A successful exploit could allow the attacker to gain unauthorized access to information about another tenant, make configuration changes, or possibly take a tenant offline causing a denial of service condition. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-20254 |
CVE-2023-5184 | Two potential signed to unsigned conversion errors and buffer overflow vulnerabilities at the following locations in the Zephyr IPM drivers.\n | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5184 |
CVE-2023-33972 | Scylladb is a NoSQL data store using the seastar framework, compatible with Apache Cassandra. Authenticated users who are authorized to create tables in a keyspace can escalate their privileges to access a table in the same keyspace, even if they don't have permissions for that table. This issue has not yet been patched. A workaround to address this issue is to disable CREATE privileges on a keyspace, and create new tables on behalf of other users. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-33972 |
CVE-2023-41452 | Cross Site Request Forgery vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the txt parameter in the index.php component. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41452 |
CVE-2023-41450 | An issue in phpkobo AjaxNewsTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the reque parameter. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41450 |
CVE-2023-42222 | WebCatalog before 49.0 is vulnerable to Incorrect Access Control. WebCatalog calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-42222 |
CVE-2023-38874 | A remote code execution (RCE) vulnerability via an insecure file upload exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 (April 2023). A malicious attacker can upload a PHP web shell as an attachment when adding a new cash book entry. Afterwards, the attacker may visit the web shell and execute arbitrary commands. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-38874 |
CVE-2023-38877 | A host header injection vulnerability exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 (April 2023). By sending a specially crafted host header in the reset password request, it is possible to send password reset links to users which, once clicked, lead to an attacker-controlled server and thus leak the password reset token. This allows an attacker to reset other users' passwords. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-38877 |
CVE-2023-5186 | Use after free in Passwords in Google Chrome prior to 117.0.5938.132 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5186 |
CVE-2023-5187 | Use after free in Extensions in Google Chrome prior to 117.0.5938.132 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5187 |
CVE-2023-5217 | Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5217 |
CVE-2023-43226 | An arbitrary file upload vulnerability in dede/baidunews.php in DedeCMS 5.7.111 and earlier allows attackers to execute arbitrary code via uploading a crafted PHP file. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43226 |
CVE-2023-43740 | Online Book Store Project v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'image' parameter of\nadmin_edit.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting\nthe application.\n | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43740 |
CVE-2023-5185 | Gym Management System Project v1.0 is vulnerable to\n\nan Insecure File Upload vulnerability on the 'file'\n\nparameter of profile/i.php page, allowing an\n\nauthenticated attacker to obtain Remote Code Execution\n\non the server hosting the application.\n\n\n\n | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5185 |
CVE-2023-43014 | Asset Management System v1.0 is vulnerable to\n\nan Authenticated SQL Injection vulnerability\n\non the 'first_name' and 'last_name' parameters\n\nof user.php page, allowing an authenticated\n\nattacker to dump all the contents of the database\n\ncontents.\n\n\n\n | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43014 |
CVE-2023-44466 | An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. There is an integer signedness error, leading to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This occurs because of an untrusted length taken from a TCP packet in ceph_decode_32. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44466 |
CVE-2023-5289 | Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.8.4. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5289 |
CVE-2023-5269 | A vulnerability was found in SourceCodester Best Courier Management System 1.0. It has been classified as critical. Affected is an unknown function of the file parcel_list.php of the component GET Parameter Handler. The manipulation of the argument s leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-240882 is the identifier assigned to this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5269 |
CVE-2023-5270 | A vulnerability was found in SourceCodester Best Courier Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file view_parcel.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240883. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5270 |
CVE-2023-5271 | A vulnerability was found in SourceCodester Best Courier Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file edit_parcel.php. The manipulation of the argument email leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240884. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5271 |
CVE-2023-5272 | A vulnerability classified as critical has been found in SourceCodester Best Courier Management System 1.0. This affects an unknown part of the file edit_parcel.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-240885 was assigned to this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5272 |
CVE-2023-5283 | A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been rated as critical. This issue affects some unknown processing of the file teacher_signup.php. The manipulation of the argument firstname/lastname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240911. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5283 |
CVE-2023-5284 | A vulnerability classified as critical has been found in SourceCodester Engineers Online Portal 1.0. Affected is an unknown function of the file upload_save_student.php. The manipulation of the argument uploaded_file leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240912. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5284 |
CVE-2023-5294 | A vulnerability has been found in ECshop 4.1.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/order.php. The manipulation of the argument goods_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240925 was assigned to this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5294 |
CVE-2023-5301 | A vulnerability classified as critical was found in DedeCMS 5.7.111. This vulnerability affects the function AddMyAddon of the file album_add.php. The manipulation of the argument albumUploadFiles leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240940. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5301 |
CVE-2021-1273 | Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | 8.6 | https://nvd.nist.gov/vuln/detail/CVE-2021-1273 |
CVE-2021-1274 | Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | 8.6 | https://nvd.nist.gov/vuln/detail/CVE-2021-1274 |
CVE-2021-1279 | Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | 8.6 | https://nvd.nist.gov/vuln/detail/CVE-2021-1279 |
CVE-2023-40448 | The issue was addressed with improved handling of protocols. This issue is fixed in tvOS 17, iOS 16.7 and iPadOS 16.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. A remote attacker may be able to break out of Web Content sandbox. | 8.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-40448 |
CVE-2023-20033 | A vulnerability in Cisco IOS XE Software for Cisco Catalyst 3650 and Catalyst 3850 Series Switches could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition.\r\n\r This vulnerability is due to improper resource management when processing traffic that is received on the management interface. An attacker could exploit this vulnerability by sending a high rate of traffic to the management interface. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. | 8.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-20033 |
CVE-2023-20176 | A vulnerability in the networking component of Cisco access point (AP) software could allow an unauthenticated, remote attacker to cause a temporary disruption of service.\r\n\r This vulnerability is due to overuse of AP resources. An attacker could exploit this vulnerability by connecting to an AP on an affected device as a wireless client and sending a high rate of traffic over an extended period of time. A successful exploit could allow the attacker to cause the Datagram TLS (DTLS) session to tear down and reset, causing a denial of service (DoS) condition. | 8.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-20176 |
CVE-2023-23374 | Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | 8.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-23374 |
CVE-2023-4972 | Improper Privilege Management vulnerability in Yepas Digital Yepas allows Collect Data as Provided by Users.This issue affects .\n\n | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-4972 |
CVE-2023-42820 | JumpServer is an open source bastion host. This vulnerability is due to exposing the random number seed to the API, potentially allowing the randomly generated verification codes to be replayed, which could lead to password resets. If MFA is enabled users are not affect. Users not using local authentication are also not affected. Users are advised to upgrade to either version 2.28.19 or to 3.6.5. There are no known workarounds or this issue. | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-42820 |
CVE-2023-43125 | \nBIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-43125 |
CVE-2023-20223 | A vulnerability in Cisco DNA Center could allow an unauthenticated, remote attacker to read and modify data in a repository that belongs to an internal service on an affected device.\r\n\r This vulnerability is due to insufficient access control enforcement on API requests. An attacker could exploit this vulnerability by sending a crafted API request to an affected device. A successful exploit could allow the attacker to read and modify data that is handled by an internal service on the affected device. | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-20223 |
CVE-2022-48566 | An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-48566 |
CVE-2023-41915 | OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-41915 |
CVE-2023-38355 | MiniTool Movie Maker 7.0 contains an insecure installation process that allows attackers to achieve remote code execution through a man in the middle attack. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-38355 |
CVE-2023-4853 | A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security policy altogether, resulting in unauthorized endpoint access and possibly a denial of service. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-4853 |
CVE-2023-41333 | Cilium is a networking, observability, and security solution with an eBPF-based dataplane. An attacker with the ability to create or modify CiliumNetworkPolicy objects in a particular namespace is able to affect traffic on an entire Cilium cluster, potentially bypassing policy enforcement in other namespaces. By using a crafted `endpointSelector` that uses the `DoesNotExist` operator on the `reserved:init` label, the attacker can create policies that bypass namespace restrictions and affect the entire Cilium cluster. This includes potentially allowing or denying all traffic. This attack requires API server access, as described in the Kubernetes API Server Attacker section of the Cilium Threat Model. This issue has been resolved in Cilium versions 1.14.2, 1.13.7, and 1.12.14. As a workaround an admission webhook can be used to prevent the use of `endpointSelectors` that use the `DoesNotExist` operator on the `reserved:init` label in CiliumNetworkPolicies.\n | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-41333 |
CVE-2023-43660 | Warpgate is a smart SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps. The SSH key verification for a user can be bypassed by sending an SSH key offer without a signature. This allows bypassing authentication under following conditions: 1. The attacker knows the username and a valid target name 2. The attacked knows the user's public key and 3. Only SSH public key authentication is required for the user account. This issue has been addressed in version 0.8.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-43660 |
CVE-2023-26145 | This affects versions of the package pydash before 6.0.0. A number of pydash methods such as pydash.objects.invoke() and pydash.collections.invoke_map() accept dotted paths (Deep Path Strings) to target a nested Python object, relative to the original source object. These paths can be used to target internal class attributes and dict items, to retrieve, modify or invoke nested Python objects.\r\r**Note:**\r\rThe pydash.objects.invoke() method is vulnerable to Command Injection when the following prerequisites are satisfied:\r\r1) The source object (argument 1) is not a built-in object such as list/dict (otherwise, the __init__.__globals__ path is not accessible)\r\r2) The attacker has control over argument 2 (the path string) and argument 3 (the argument to pass to the invoked method)\r\r\rThe pydash.collections.invoke_map() method is also vulnerable, but is harder to exploit as the attacker does not have direct control over the argument to be passed to the invoked function. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-26145 |
CVE-2017-8631 | A remote code execution vulnerability exists in Excel Services, Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Web Apps 2013, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Web App 2013 Service Pack 1, Microsoft Excel Viewer 2007 Service Pack 3, and Office Online Server when they fail to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-8630, CVE-2017-8632, and CVE-2017-8744. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-8631 |
CVE-2017-11878 | Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, and Microsoft Excel Viewer 2007 Service Pack 3 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Excel Memory Corruption Vulnerability". | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2017-11878 |
CVE-2018-1027 | A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Excel, Microsoft Office. This CVE ID is unique from CVE-2018-0920, CVE-2018-1011, CVE-2018-1029. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-1027 |
CVE-2018-1029 | A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-0920, CVE-2018-1011, CVE-2018-1027. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-1029 |
CVE-2018-8375 | A remote code execution vulnerability exists in Microsoft Excel software when the software fails to properly handle objects in memory, aka "Microsoft Excel Remote Code Execution Vulnerability." This affects Microsoft Excel Viewer, Microsoft Office, Microsoft Excel. This CVE ID is unique from CVE-2018-8379. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-8375 |
CVE-2018-15471 | An issue was discovered in xenvif_set_hash_mapping in drivers/net/xen-netback/hash.c in the Linux kernel through 4.18.1, as used in Xen through 4.11.x and other products. The Linux netback driver allows frontends to control mapping of requests to request queues. When processing a request to set or change this mapping, some input validation (e.g., for an integer overflow) was missing or flawed, leading to OOB access in hash handling. A malicious or buggy frontend may cause the (usually privileged) backend to make out of bounds memory accesses, potentially resulting in one or more of privilege escalation, Denial of Service (DoS), or information leaks. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-15471 |
CVE-2018-16877 | A flaw was found in the way pacemaker's client-server authentication was implemented in versions up to and including 2.0.0. A local attacker could use this flaw, and combine it with other IPC weaknesses, to achieve local privilege escalation. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-16877 |
CVE-2019-14814 | There is heap-based buffer overflow in Linux kernel, all versions up to, excluding 5.3, in the marvell wifi chip driver in Linux kernel, that allows local users to cause a denial of service(system crash) or possibly execute arbitrary code. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-14814 |
CVE-2019-19377 | In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image, performing some operations, and unmounting can lead to a use-after-free in btrfs_queue_work in fs/btrfs/async-thread.c. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-19377 |
CVE-2019-19447 | In the Linux kernel 5.0.21, mounting a crafted ext4 filesystem image, performing some operations, and unmounting can lead to a use-after-free in ext4_put_super in fs/ext4/super.c, related to dump_orphan_list in fs/ext4/super.c. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-19447 |
CVE-2019-19448 | In the Linux kernel 5.0.21 and 5.3.11, mounting a crafted btrfs filesystem image, performing some operations, and then making a syncfs system call can lead to a use-after-free in try_merge_free_space in fs/btrfs/free-space-cache.c because the pointer to a left data structure can be the same as the pointer to a right data structure. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-19448 |
CVE-2019-19726 | OpenBSD through 6.6 allows local users to escalate to root because a check for LD_LIBRARY_PATH in setuid programs can be defeated by setting a very small RLIMIT_DATA resource limit. When executing chpass or passwd (which are setuid root), _dl_setup_env in ld.so tries to strip LD_LIBRARY_PATH from the environment, but fails when it cannot allocate memory. Thus, the attacker is able to execute their own library code as root. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-19726 |
CVE-2021-1052 | NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL in which user-mode clients can access legacy privileged APIs, which may lead to denial of service, escalation of privileges, and information disclosure. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-1052 |
CVE-2021-1260 | Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-1260 |
CVE-2021-1261 | Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-1261 |
CVE-2021-1262 | Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-1262 |
CVE-2021-1263 | Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-1263 |
CVE-2021-1076 | NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys or nvidia.ko) where improper access control may lead to denial of service, information disclosure, or data corruption. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-1076 |
CVE-2021-31478 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12633. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-31478 |
CVE-2021-31479 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12634. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-31479 |
CVE-2021-31481 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SLDPRT files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12659. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-31481 |
CVE-2021-31482 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12708. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-31482 |
CVE-2021-31483 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12709. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-31483 |
CVE-2021-31484 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12710. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-31484 |
CVE-2021-31485 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12711. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-31485 |
CVE-2021-31486 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12712. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-31486 |
CVE-2021-31487 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12715. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-31487 |
CVE-2021-31488 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12716. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-31488 |
CVE-2021-31489 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12717. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-31489 |
CVE-2021-31490 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12718. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-31490 |
CVE-2021-31491 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12719. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-31491 |
CVE-2021-31492 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12720. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-31492 |
CVE-2021-31493 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13304. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-31493 |
CVE-2021-31494 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13305. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-31494 |
CVE-2021-31495 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13307. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-31495 |
CVE-2021-31496 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13308. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-31496 |
CVE-2021-31497 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of DWG files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13311. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-31497 |
CVE-2021-31499 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12745. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-31499 |
CVE-2021-31500 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12746. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-31500 |
CVE-2021-31502 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13673. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-31502 |
CVE-2021-31507 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CGM files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12653. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-31507 |
CVE-2021-31508 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13306. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-31508 |
CVE-2021-31509 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13309. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-31509 |
CVE-2021-31510 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13675. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-31510 |
CVE-2021-31511 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13676. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-31511 |
CVE-2021-31512 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13677. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-31512 |
CVE-2021-31513 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13678. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-31513 |
CVE-2021-31514 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CGM files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-13679. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-31514 |
CVE-2021-31503 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.3.84 (package 16.6.3.134). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of IGS files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12690. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-31503 |
CVE-2021-31504 | This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.3.84 (package 16.6.3.134). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-12691. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-31504 |
CVE-2021-38655 | Microsoft Excel Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-38655 |
CVE-2021-1419 | A vulnerability in the SSH management feature of multiple Cisco Access Points (APs) platforms could allow a local, authenticated user to modify files on the affected device and possibly gain escalated privileges. The vulnerability is due to improper checking on file operations within the SSH management interface. A network administrator user could exploit this vulnerability by accessing an affected device through SSH management to make a configuration change. A successful exploit could allow the attacker to gain privileges equivalent to the root user. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-1419 |
CVE-2022-20001 | fish is a command line shell. fish version 3.1.0 through version 3.3.1 is vulnerable to arbitrary code execution. git repositories can contain per-repository configuration that change the behavior of git, including running arbitrary commands. When using the default configuration of fish, changing to a directory automatically runs `git` commands in order to display information about the current repository in the prompt. If an attacker can convince a user to change their current directory into one controlled by the attacker, such as on a shared file system or extracted archive, fish will run arbitrary commands under the attacker's control. This problem has been fixed in fish 3.4.0. Note that running git in these directories, including using the git tab completion, remains a potential trigger for this issue. As a workaround, remove the `fish_git_prompt` function from the prompt. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-20001 |
CVE-2022-20716 | A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain escalated privileges. This vulnerability is due to improper access control on files within the affected system. A local attacker could exploit this vulnerability by modifying certain files on the vulnerable device. If successful, the attacker could gain escalated privileges and take actions on the system with the privileges of the root user. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-20716 |
CVE-2022-28184 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where an unprivileged regular user can access administrator- privileged registers, which may lead to denial of service, information disclosure, and data tampering. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-28184 |
CVE-2022-26634 | HMA VPN v5.3.5913.0 contains an unquoted service path which allows attackers to escalate privileges to the system level. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-26634 |
CVE-2022-20792 | A vulnerability in the regex module used by the signature database load module of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an authenticated, local attacker to crash ClamAV at database load time, and possibly gain code execution. The vulnerability is due to improper bounds checking that may result in a multi-byte heap buffer overwflow write. An attacker could exploit this vulnerability by placing a crafted CDB ClamAV signature database file in the ClamAV database directory. An exploit could allow the attacker to run code as the clamav user. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-20792 |
CVE-2022-45188 | Netatalk through 3.1.13 has an afp_getappl heap-based buffer overflow resulting in code execution via a crafted .appl file. This provides remote root access on some platforms such as FreeBSD (used for TrueNAS). | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-45188 |
CVE-2022-31607 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where a local user with basic capabilities can cause improper input validation, which may lead to denial of service, escalation of privileges, data tampering, and limited information disclosure. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-31607 |
CVE-2022-31608 | NVIDIA GPU Display Driver for Linux contains a vulnerability in an optional D-Bus configuration file, where a local user with basic capabilities can impact protected D-Bus endpoints, which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-31608 |
CVE-2022-34670 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause truncation errors when casting a primitive to a primitive of smaller size causes data to be lost in the conversion, which may lead to denial of service or information disclosure. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-34670 |
CVE-2022-34676 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds read may lead to denial of service, information disclosure, or data tampering. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-34676 |
CVE-2022-42254 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an out-of-bounds array access may lead to denial of service, data tampering, or information disclosure. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-42254 |
CVE-2022-42255 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an out-of-bounds array access may lead to denial of service, information disclosure, or data tampering. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-42255 |
CVE-2022-42256 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow in index validation may lead to denial of service, information disclosure, or data tampering. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-42256 |
CVE-2022-42260 | NVIDIA vGPU Display Driver for Linux guest contains a vulnerability in a D-Bus configuration file, where an unauthorized user in the guest VM can impact protected D-Bus endpoints, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-42260 |
CVE-2022-42261 | NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where an input index is not validated, which may lead to buffer overrun, which in turn may cause data tampering, information disclosure, or denial of service. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-42261 |
CVE-2022-42264 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause the use of an out-of-range pointer offset, which may lead to data tampering, data loss, information disclosure, or denial of service. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-42264 |
CVE-2022-48339 | An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-48339 |
CVE-2023-0189 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0189 |
CVE-2023-0198 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where improper restriction of operations within the bounds of a memory buffer can lead to denial of service, information disclosure, and data tampering. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0198 |
CVE-2023-1579 | Heap based buffer overflow in binutils-gdb/bfd/libbfd.c in bfd_getl64. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1579 |
CVE-2023-0184 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler which may lead to denial of service, escalation of privileges, information disclosure, and data tampering. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0184 |
CVE-2023-32233 | In the Linux kernel through 6.3.1, a use-after-free in Netfilter nf_tables when processing batch requests can be abused to perform arbitrary read and write operations on kernel memory. Unprivileged local users can obtain root privileges. This occurs because anonymous sets are mishandled. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-32233 |
CVE-2023-36874 | Windows Error Reporting Service Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36874 |
CVE-2022-38076 | Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an authenticated user to potentially enable escalation of privilege via local access. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-38076 |
CVE-2023-4752 | Use After Free in GitHub repository vim/vim prior to 9.0.1858. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4752 |
CVE-2023-4781 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4781 |
CVE-2023-38139 | Windows Kernel Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-38139 |
CVE-2023-36658 | An issue was discovered in OPSWAT MetaDefender KIOSK 4.6.1.9996. It has an unquoted service path that can be abused locally. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36658 |
CVE-2023-4088 | Incorrect Default Permissions vulnerability due to incomplete fix to address CVE-2020-14496 in Mitsubishi Electric Corporation FA engineering software products allows a malicious local attacker to execute a malicious code, which could result in information disclosure, tampering with and deletion, or a denial-of-service (DoS) condition. However, if the mitigated version described in the advisory for CVE-2020-14496 is used and installed in the default installation folder, this vulnerability does not affect the products. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4088 |
CVE-2023-43637 | \nDue to the implementation of "deriveVaultKey", prior to version 7.10, the generated vault key\nwould always have the last 16 bytes predetermined to be "arfoobarfoobarfo".\n\nThis issue happens because "deriveVaultKey" calls "retrieveCloudKey" (which will always\nreturn "foobarfoobarfoobarfoobarfoobarfo" as the key), and then merges the 32byte\nrandomly generated key with this key (by takeing 16bytes from each, see "mergeKeys").\n\nThis makes the key a lot weaker.\n\nThis issue does not persist in devices that were initialized on/after version 7.10, but devices\nthat were initialized before that and updated to a newer version still have this issue.\n\n\n\nRoll an update that enforces the full 32bytes key usage.\n\n\n\n\n\n\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43637 |
CVE-2023-41992 | The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41992 |
CVE-2023-4504 | Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023.\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4504 |
CVE-2023-40581 | yt-dlp is a youtube-dl fork with additional features and fixes. yt-dlp allows the user to provide shell command lines to be executed at various stages in its download steps through the `--exec` flag. This flag allows output template expansion in its argument, so that metadata values may be used in the shell commands. The metadata fields can be combined with the `%q` conversion, which is intended to quote/escape these values so they can be safely passed to the shell. However, the escaping used for `cmd` (the shell used by Python's `subprocess` on Windows) does not properly escape special characters, which can allow for remote code execution if `--exec` is used directly with maliciously crafted remote data. This vulnerability only impacts `yt-dlp` on Windows, and the vulnerability is present regardless of whether `yt-dlp` is run from `cmd` or from `PowerShell`. Support for output template expansion in `--exec`, along with this vulnerable behavior, was added to `yt-dlp` in version 2021.04.11. yt-dlp version 2023.09.24 fixes this issue by properly escaping each special character. `\\n` will be replaced by `\\r` as no way of escaping it has been found. It is recommended to upgrade yt-dlp to version 2023.09.24 as soon as possible. Also, always be careful when using --exec, because while this specific vulnerability has been patched, using unvalidated input in shell commands is inherently dangerous. For Windows users who are not able to upgrade: 1. Avoid using any output template expansion in --exec other than {} (filepath). 2. If expansion in --exec is needed, verify the fields you are using do not contain ", | or &. 3. Instead of using --exec, write the info json and load the fields from it instead.\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40581 |
CVE-2023-42753 | An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This issue may allow a local user to crash the system or potentially escalate their privileges on the system. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-42753 |
CVE-2023-32377 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-32377 |
CVE-2023-32396 | This issue was addressed with improved checks. This issue is fixed in Xcode 15, tvOS 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to gain elevated privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-32396 |
CVE-2023-32541 | A use-after-free vulnerability exists in the footerr functionality of Hancom Office 2020 HWord 11.0.0.7520. A specially crafted .doc file can lead to a use-after-free. An attacker can trick a user into opening a malformed file to trigger this vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-32541 |
CVE-2023-38615 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-38615 |
CVE-2023-40409 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40409 |
CVE-2023-40412 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40412 |
CVE-2023-40419 | The issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10. An app may be able to gain elevated privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40419 |
CVE-2023-40431 | The issue was addressed with improved memory handling. This issue is fixed in iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40431 |
CVE-2023-40432 | The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40432 |
CVE-2023-40443 | The issue was addressed with improved checks. This issue is fixed in iOS 17 and iPadOS 17. An app may be able to gain root privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40443 |
CVE-2023-41063 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41063 |
CVE-2023-41068 | An access issue was addressed with improved access restrictions. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, iOS 16.7 and iPadOS 16.7. A user may be able to elevate privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41068 |
CVE-2023-41071 | A use-after-free issue was addressed with improved memory management. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Ventura 13.6. An app may be able to execute arbitrary code with kernel privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41071 |
CVE-2023-41174 | The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10. An app may be able to execute arbitrary code with kernel privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41174 |
CVE-2023-41984 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41984 |
CVE-2023-41995 | A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41995 |
CVE-2023-42486 | Fortect - CWE-428: Unquoted Search Path or Element, may be used by local user to elevate privileges.\n\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-42486 |
CVE-2023-43825 | Relative path traversal vulnerability in Shihonkanri Plus Ver9.0.3 and earlier allows a local attacker to execute an arbitrary code by having a legitimate user import a specially crafted backup file of the product.. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43825 |
CVE-2023-44122 | The vulnerability is to theft of arbitrary files with system privilege in the LockScreenSettings ("com.lge.lockscreensettings") app in the "com/lge/lockscreensettings/dynamicwallpaper/MyCategoryGuideActivity.java" file. The main problem is that the app launches implicit intents that can be intercepted by third-party apps installed on the same device. They also can return arbitrary data that will be passed to the "onActivityResult()" method. The LockScreenSettings app copies the received file to the "/data/shared/dw/mycategory/wallpaper_01.png" path and then changes the file access mode to world-readable and world-writable. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44122 |
CVE-2023-44123 | The vulnerability is the use of implicit PendingIntents with the PendingIntent.FLAG_MUTABLE set that leads to theft and/or (over-)write of arbitrary files with system privilege in the Bluetooth ("com.lge.bluetoothsetting") app. The attacker's app, if it had access to app notifications, could intercept them and redirect them to its activity, before making it grant access permissions to content providers with the `android:grantUriPermissions="true"` flag. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44123 |
CVE-2023-44125 | The vulnerability is the use of implicit PendingIntents without the PendingIntent.FLAG_IMMUTABLE set that leads to theft and/or (over-)write of arbitrary files with system privilege in the Personalized service ("com.lge.abba") app. The attacker's app, if it had access to app notifications, could intercept them and redirect them to its activity, before making it grant access permissions to content providers with the `android:grantUriPermissions="true"` flag. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44125 |
CVE-2023-44157 | Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 35979. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44157 |
CVE-2023-5197 | A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation.\n\nAddition and removal of rules from chain bindings within the same transaction causes leads to use-after-free.\n\nWe recommend upgrading past commit f15f29fd4779be8a418b66e9d52979bb6d6c2325.\n\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5197 |
CVE-2023-32458 | \nDell AppSync, versions 4.4.0.0 to 4.6.0.0 including Service Pack releases, contains an improper access control vulnerability in Embedded Service Enabler component. A local malicious user could potentially exploit this vulnerability during installation leading to a privilege escalation.\n\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-32458 |
CVE-2023-41444 | An issue in Binalyze IREC.sys v.3.11.0 and before allows a local attacker to execute arbitrary code and escalate privileges via the fun_1400084d0 function in IREC.sys driver. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41444 |
CVE-2023-40307 | An attacker with standard privileges on macOS when requesting administrator privileges from the application can submit input which causes a buffer overflow resulting in a crash of the application. This could make the application unavailable and allow reading or modification of data.\n\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40307 |
CVE-2023-40375 | Integrated application server for IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating system. IBM X-Force ID: 263580. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40375 |
CVE-2023-44464 | pretix before 2023.7.2 allows Pillow to parse EPS files. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44464 |
CVE-2023-32477 | \nDell Common Event Enabler 8.9.8.2 for Windows and prior, contain an improper access control vulnerability. A local low-privileged malicious user may potentially exploit this vulnerability to gain elevated privileges.\n\n | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-32477 |
CVE-2022-4956 | A vulnerability classified as critical has been found in Caphyon Advanced Installer 19.7. This affects an unknown part of the component WinSxS DLL Handler. The manipulation leads to uncontrolled search path. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. Upgrading to version 19.7.1 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-240903. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-4956 |
CVE-2023-43907 | OptiPNG v0.7.7 was discovered to contain a global buffer overflow via the 'buffer' variable at gifread.c. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43907 |
CVE-2018-1000026 | Linux Linux kernel version at least v4.8 onwards, probably well before contains a Insufficient input validation vulnerability in bnx2x network card driver that can result in DoS: Network card firmware assertion takes card off-line. This attack appear to be exploitable via An attacker on a must pass a very large, specially crafted packet to the bnx2x card. This can be done from an untrusted guest VM.. | 7.7 | https://nvd.nist.gov/vuln/detail/CVE-2018-1000026 |
CVE-2018-7998 | In libvips before 8.6.3, a NULL function pointer dereference vulnerability was found in the vips_region_generate function in region.c, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted image file. This occurs because of a race condition involving a failed delayed load and other worker threads. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-7998 |
CVE-2019-3885 | A use-after-free flaw was found in pacemaker up to and including version 2.0.1 which could result in certain sensitive information to be leaked via the system logs. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-3885 |
CVE-2019-17075 | An issue was discovered in write_tpt_entry in drivers/infiniband/hw/cxgb4/mem.c in the Linux kernel through 5.3.2. The cxgb4 driver is directly calling dma_map_single (a DMA function) from a stack variable. This could allow an attacker to trigger a Denial of Service, exploitable if this driver is used on an architecture for which this stack/DMA interaction has security relevance. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-17075 |
CVE-2020-8893 | An issue was discovered in MISP before 2.4.121. The Galaxy view contained an incorrectly sanitized search string in app/View/Galaxies/view.ctp. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-8893 |
CVE-2021-1278 | Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-1278 |
CVE-2021-1241 | Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-1241 |
CVE-2021-43618 | GNU Multiple Precision Arithmetic Library (GMP) through 6.2.1 has an mpz/inp_raw.c integer overflow and resultant buffer overflow via crafted input, leading to a segmentation fault on 32-bit platforms. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-43618 |
CVE-2021-41039 | In versions 1.6 to 2.0.11 of Eclipse Mosquitto, an MQTT v5 client connecting with a large number of user-property properties could cause excessive CPU usage, leading to a loss of performance and possible denial of service. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-41039 |
CVE-2021-44725 | KNIME Server before 4.13.4 allows directory traversal in a request for a client profile. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-44725 |
CVE-2022-20698 | A vulnerability in the OOXML parsing module in Clam AntiVirus (ClamAV) Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper checks that may result in an invalid pointer read. An attacker could exploit this vulnerability by sending a crafted OOXML file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-20698 |
CVE-2020-13677 | Under some circumstances, the Drupal core JSON:API module does not properly restrict access to certain content, which may result in unintended access bypass. Sites that do not have the JSON:API module enabled are not affected. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-13677 |
CVE-2022-0711 | A flaw was found in the way HAProxy processed HTTP responses containing the "Set-Cookie2" header. This flaw could allow an attacker to send crafted HTTP response packets which lead to an infinite loop, eventually resulting in a denial of service condition. The highest threat from this vulnerability is availability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-0711 |
CVE-2022-20770 | On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-20770 |
CVE-2022-20771 | On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-20771 |
CVE-2022-20785 | On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-20785 |
CVE-2022-1453 | The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-util.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in versions up to and including 9.2.5. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-1453 |
CVE-2022-1505 | The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to missing SQL escaping and parameterization on user supplied data passed to a SQL query in the rsvpmaker-api-endpoints.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in versions up to and including 9.2.6. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-1505 |
CVE-2022-1768 | The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to insufficient escaping and parameterization on user supplied data passed to multiple SQL queries in the ~/rsvpmaker-email.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in versions up to, and including, 9.3.2. Please note that this is separate from CVE-2022-1453 & CVE-2022-1505. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-1768 |
CVE-2022-39028 | telnetd in GNU Inetutils through 2.3, MIT krb5-appl through 1.0.3, and derivative works has a NULL pointer dereference via 0xff 0xf7 or 0xff 0xf8. In a typical installation, the telnetd application would crash but the telnet service would remain available through inetd. However, if the telnetd application has many crashes within a short time interval, the telnet service would become unavailable after inetd logs a "telnet/tcp server failing (looping), service terminated" error. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-39028 |
CVE-2022-46285 | A flaw was found in libXpm. This issue occurs when parsing a file with a comment not closed; the end-of-file condition will not be detected, leading to an infinite loop and resulting in a Denial of Service in the application linked to the library. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-46285 |
CVE-2023-0705 | Integer overflow in Core in Google Chrome prior to 110.0.5481.77 allowed a remote attacker who had one a race condition to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Low) | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0705 |
CVE-2022-20803 | A vulnerability in the OLE2 file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.The vulnerability is due to incorrect use of the realloc function that may result in a double-free. An attacker could exploit this vulnerability by submitting a crafted OLE2 file to be scanned by ClamAV on the affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-20803 |
CVE-2023-2135 | Use after free in DevTools in Google Chrome prior to 112.0.5615.137 allowed a remote attacker who convinced a user to enable specific preconditions to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2135 |
CVE-2023-29350 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-29350 |
CVE-2022-47185 | Improper input validation vulnerability on the range header in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic Server: through 9.2.1.\n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-47185 |
CVE-2022-48560 | A use-after-free exists in Python through 3.9 via heappushpop in heapq. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-48560 |
CVE-2023-1995 | Insufficient Logging vulnerability in Hitachi HiRDB Server, HiRDB Server With Addtional Function, HiRDB Structured Data Access Facility.This issue affects HiRDB Server: before 09-60-39, before 09-65-23, \n\nbefore 09-66-17, \n\nbefore 10-01-10, before 10-03-12, before 10-04-06, before 10-05-06, before 10-06-02; HiRDB Server With Addtional Function: before 09-60-2M, before 09-65-/W\n\n, before 09-66-/Q\n\n; HiRDB Structured Data Access Facility: before 09-60-39, before 10-03-12, before 10-04-06, before 10-06-02.\n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-1995 |
CVE-2023-20900 | A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html . | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-20900 |
CVE-2023-28366 | The broker in Eclipse Mosquitto 1.3.2 through 2.x before 2.0.16 has a memory leak that can be abused remotely when a client sends many QoS 2 messages with duplicate message IDs, and fails to respond to PUBREC commands. This occurs because of mishandling of EAGAIN from the libc send function. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28366 |
CVE-2023-4844 | A vulnerability was found in SourceCodester Simple Membership System 1.0. It has been classified as critical. This affects an unknown part of the file club_edit_query.php. The manipulation of the argument club_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239253 was assigned to this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-4844 |
CVE-2023-4846 | A vulnerability was found in SourceCodester Simple Membership System 1.0. It has been rated as critical. This issue affects some unknown processing of the file delete_member.php. The manipulation of the argument mem_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-239255. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-4846 |
CVE-2023-41081 | Important: Authentication Bypass CVE-2023-41081\n\nThe mod_jk component of Apache Tomcat Connectors in some circumstances, such as when a configuration included "JkOptions +ForwardDirectories" but the configuration did not provide explicit mounts for all possible proxied requests, mod_jk would use an implicit mapping and map the request to the first defined worker. Such an implicit mapping could result in the unintended exposure of the status worker and/or bypass security constraints configured in httpd. As of JK 1.2.49, the implicit mapping functionality has been removed and all mappings must now be via explicit configuration. Only mod_jk is affected by this issue. The ISAPI redirector is not affected.\n\nThis issue affects Apache Tomcat Connectors (mod_jk only): from 1.2.0 through 1.2.48.\n\nUsers are recommended to upgrade to version 1.2.49, which fixes the issue.\n\nHistory\n2023-09-13 Original advisory\n\n2023-09-28 Updated summary\n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-41081 |
CVE-2023-38039 | When curl retrieves an HTTP response, it stores the incoming headers so that\nthey can be accessed later via the libcurl headers API.\n\nHowever, curl did not have a limit in how many or how large headers it would\naccept in a response, allowing a malicious server to stream an endless series\nof headers and eventually cause curl to run out of heap memory. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-38039 |
CVE-2023-3341 | The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key; only network access to the control channel's configured TCP port is necessary.\nThis issue affects BIND 9 versions 9.2.0 through 9.16.43, 9.18.0 through 9.18.18, 9.19.0 through 9.19.16, 9.9.3-S1 through 9.16.43-S1, and 9.18.0-S1 through 9.18.18-S1. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-3341 |
CVE-2023-4236 | A flaw in the networking code handling DNS-over-TLS queries may cause `named` to terminate unexpectedly due to an assertion failure. This happens when internal data structures are incorrectly reused under significant DNS-over-TLS query load.\nThis issue affects BIND 9 versions 9.18.0 through 9.18.18 and 9.18.11-S1 through 9.18.18-S1. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-4236 |
CVE-2023-43669 | The Tungstenite crate before 0.20.1 for Rust allows remote attackers to cause a denial of service (minutes of CPU consumption) via an excessive length of an HTTP header in a client handshake. The length affects both how many times a parse is attempted (e.g., thousands of times) and the average amount of data for each parse attempt (e.g., millions of bytes). | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43669 |
CVE-2023-5156 | A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5156 |
CVE-2022-4244 | A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-4244 |
CVE-2022-48606 | Stability-related vulnerability in the binder background management and control module. Successful exploitation of this vulnerability may affect availability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-48606 |
CVE-2023-0456 | A flaw was found in APICast, when 3Scale's OIDC module does not properly evaluate the response to a mismatched token from a separate realm. This could allow a separate realm to be accessible to an attacker, permitting access to unauthorized information. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0456 |
CVE-2023-3223 | A flaw was found in undertow. Servlets annotated with @MultipartConfig may cause an OutOfMemoryError due to large multipart content. This may allow unauthorized users to cause remote Denial of Service (DoS) attack. If the server uses fileSizeThreshold to limit the file size, it's possible to bypass the limit by setting the file name in the request to null. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-3223 |
CVE-2023-40407 | The issue was addressed with improved bounds checks. This issue is fixed in macOS Sonoma 14. A remote attacker may be able to cause a denial-of-service. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40407 |
CVE-2023-41305 | Vulnerability of 5G messages being sent without being encrypted in a VPN environment in the SMS message module. Successful exploitation of this vulnerability may affect confidentiality. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-41305 |
CVE-2023-41307 | Memory overwriting vulnerability in the security module. Successful exploitation of this vulnerability may affect availability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-41307 |
CVE-2023-41308 | Screenshot vulnerability in the input module. Successful exploitation of this vulnerability may affect confidentiality. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-41308 |
CVE-2023-41309 | Permission control vulnerability in the MediaPlaybackController module. Successful exploitation of this vulnerability may affect availability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-41309 |
CVE-2023-42460 | Vyper is a Pythonic Smart Contract Language for the EVM. The `_abi_decode()` function does not validate input when it is nested in an expression. Uses of `_abi_decode()` can be constructed which allow for bounds checking to be bypassed resulting in incorrect results. This issue has not yet been fixed, but a fix is expected in release `0.3.10`. Users are advised to reference pull request #3626. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-42460 |
CVE-2023-42487 | Soundminer – CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-42487 |
CVE-2023-43381 | SQL Injection vulnerability in Tianchoy Blog v.1.8.8 allows a remote attacker to obtain sensitive information via the id parameter in the login.php | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43381 |
CVE-2023-43646 | get-func-name is a module to retrieve a function's name securely and consistently both in NodeJS and the browser. Versions prior to 2.0.1 are subject to a regular expression denial of service (redos) vulnerability which may lead to a denial of service when parsing malicious input. This vulnerability can be exploited when there is an imbalance in parentheses, which results in excessive backtracking and subsequently increases the CPU load and processing time significantly. This vulnerability can be triggered using the following input: '\\t'.repeat(54773) + '\\t/function/i'. This issue has been addressed in commit `f934b228b` which has been included in releases from 2.0.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43646 |
CVE-2023-43856 | Dreamer CMS v4.1.3 was discovered to contain an arbitrary file read vulnerability via the component /admin/TemplateController.java. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43856 |
CVE-2023-44153 | Sensitive information disclosure due to cleartext storage of sensitive information in memory. The following products are affected: Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-44153 |
CVE-2023-44155 | Sensitive information leak through log files. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-44155 |
CVE-2023-44156 | Sensitive information disclosure due to spell-jacking. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-44156 |
CVE-2023-44158 | Sensitive information disclosure due to insufficient token field masking. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-44158 |
CVE-2023-44159 | Sensitive information disclosure due to cleartext storage of sensitive information. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-44159 |
CVE-2023-5157 | A vulnerability was found in MariaDB. An OpenVAS port scan on ports 3306 and 4567 allows a malicious remote client to cause a denial of service. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5157 |
CVE-2023-5173 | In a non-standard configuration of Firefox, an integer overflow could have occurred based on network traffic (possibly under influence of a local unprivileged webpage), leading to an out-of-bounds write to privileged process memory. \n*This bug only affects Firefox if a non-standard preference allowing non-HTTPS Alternate Services (`network.http.altsvc.oe`) is enabled.* This vulnerability affects Firefox < 118. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5173 |
CVE-2023-4129 | \nDell Data Protection Central, version 19.9, contains an Inadequate Encryption Strength Vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, allowing an attacker to recover plaintext from a block of ciphertext.\n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-4129 |
CVE-2023-20034 | Vulnerability in the Elasticsearch database used in the of Cisco SD-WAN vManage software could allow an unauthenticated, remote attacker to access the Elasticsearch configuration database of an affected device with the privileges of the elasticsearch user.\r\n\r These vulnerability is due to the presence of a static username and password configured on the vManage. An attacker could exploit this vulnerability by sending a crafted HTTP request to a reachable vManage on port 9200. A successful exploit could allow the attacker to view the Elasticsearch database content.\r\n\r There are workarounds that address this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-20034 |
CVE-2023-20262 | A vulnerability in the SSH service of Cisco Catalyst SD-WAN Manager could allow an unauthenticated, remote attacker to cause a process crash, resulting in a DoS condition for SSH access only. This vulnerability does not prevent the system from continuing to function, and web UI access is not affected.\r\n\r This vulnerability is due to insufficient resource management when an affected system is in an error condition. An attacker could exploit this vulnerability by sending malicious traffic to the affected system. A successful exploit could allow the attacker to cause the SSH process to crash and restart, resulting in a DoS condition for the SSH service. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-20262 |
CVE-2023-43314 | Buffer Overflow vulnerability in ZYXEL ZYXEL v.PMG2005-T20B allows a remote attacker to cause a denial of service via a crafted script to the uid parameter in the cgi-bin/login.asp component. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43314 |
CVE-2023-43860 | D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWanNonLogin function. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43860 |
CVE-2023-43861 | D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWanPPPoE function. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43861 |
CVE-2023-43862 | D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formLanguageChange function. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43862 |
CVE-2023-43863 | D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWanDhcpplus function. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43863 |
CVE-2023-43864 | D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWAN_Wizard55 function. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43864 |
CVE-2023-43865 | D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWanPPTP function. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43865 |
CVE-2023-43866 | D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWAN_Wizard7 function. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43866 |
CVE-2023-43867 | D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWanL2TP function. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43867 |
CVE-2023-43868 | D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via websGetVar function. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43868 |
CVE-2023-43044 | IBM License Metric Tool 9.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 266893. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43044 |
CVE-2023-4316 | Zod in version 3.22.2 allows an attacker to perform a denial of service while validating emails\n\n\n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-4316 |
CVE-2023-5077 | The Vault and Vault Enterprise ("Vault") Google Cloud secrets engine did not preserve existing Google Cloud IAM Conditions upon creating or updating rolesets. Fixed in Vault 1.13.0. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5077 |
CVE-2023-30591 | Denial-of-service in NodeBB <= v2.8.10 allows unauthenticated attackers to trigger a crash, when invoking `eventName.startsWith()` or `eventName.toString()`, while processing Socket.IO messages via crafted Socket.IO messages containing array or object type for the event name respectively. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-30591 |
CVE-2023-3917 | Denial of Service in pipelines affecting all versions of Gitlab EE and CE prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows attacker to cause pipelines to fail. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-3917 |
CVE-2023-3413 | An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible to read the source code of a project through a fork created before changing visibility to only project members. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-3413 |
CVE-2023-39410 | When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system.\n\nThis issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro version 1.11.3 which addresses this issue.\n\n | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-39410 |
CVE-2023-5285 | A vulnerability classified as critical was found in Tongda OA 2017. Affected by this vulnerability is an unknown functionality of the file general/hr/recruit/recruitment/delete.php. The manipulation of the argument RECRUITMENT_ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-240913 was assigned to this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5285 |
CVE-2023-5318 | Use of Hard-coded Credentials in GitHub repository microweber/microweber prior to 2.0. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5318 |
CVE-2023-5298 | A vulnerability was found in Tongda OA 2017. It has been rated as critical. Affected by this issue is some unknown functionality of the file general/hr/recruit/requirements/delete.php. The manipulation of the argument REQUIREMENTS_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. VDB-240938 is the identifier assigned to this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5298 |
CVE-2023-44488 | VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-44488 |
CVE-2023-5329 | A vulnerability classified as problematic was found in Field Logic DataCube4 up to 20231001. This vulnerability affects unknown code of the file /api/ of the component Web API. The manipulation leads to improper authentication. The exploit has been disclosed to the public and may be used. VDB-241030 is the identifier assigned to this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5329 |
CVE-2023-32820 | In wlan firmware, there is a possible firmware assertion due to improper input handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07932637; Issue ID: ALPS07932637. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-32820 |
CVE-2023-5170 | In canvas rendering, a compromised content process could have caused a surface to change unexpectedly, leading to a memory leak of a privileged process. This memory leak could be used to effect a sandbox escape if the correct data was leaked. This vulnerability affects Firefox < 118. | 7.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5170 |
CVE-2023-43650 | JumpServer is an open source bastion host. The verification code for resetting user's password is vulnerable to brute-force attacks due to the absence of rate limiting. JumpServer provides a feature allowing users to reset forgotten passwords. Affected users are sent a 6-digit verification code, ranging from 000000 to 999999, to facilitate the password reset. Although the code is only available in 1 minute, this window potentially allows for up to 1,000,000 validation attempts. This issue has been addressed in versions 2.28.20 and 3.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 7.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43650 |
CVE-2022-34673 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an out-of-bounds array access may lead to denial of service, information disclosure, or data tampering. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-34673 |
CVE-2022-42257 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to information disclosure, data tampering or denial of service. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-42257 |
CVE-2022-42258 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to denial of service, data tampering, or information disclosure. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-42258 |
CVE-2022-48338 | An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command gem is called through shell-command-to-string, but the feature-name parameters are not escaped. Thus, malicious Ruby source files may cause commands to be executed. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-48338 |
CVE-2019-12868 | app/Model/Server.php in MISP 2.4.109 allows remote command execution by a super administrator because the PHP file_exists function is used with user-controlled entries, and phar:// URLs trigger deserialization. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2019-12868 |
CVE-2020-25654 | An ACL bypass flaw was found in pacemaker. An attacker having a local account on the cluster and in the haclient group could use IPC communication with various daemons directly to perform certain tasks that they would be prevented by ACLs from doing if they went through the configuration. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2020-25654 |
CVE-2023-27320 | Sudo before 1.9.13p2 has a double free in the per-command chroot feature. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-27320 |
CVE-2023-3120 | A vulnerability, which was classified as critical, was found in SourceCodester Service Provider Management System 1.0. This affects an unknown part of the file view_service.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-230799. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-3120 |
CVE-2023-29095 | Auth. (admin+) SQL Injection (SQLi) vulnerability in David F. Carr RSVPMaker plugin < 10.5.5 versions. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-29095 |
CVE-2023-39377 | SiberianCMS - CWE-434: Unrestricted Upload of File with Dangerous Type - A malicious user with administrative privileges may be able to upload a dangerous filetype via an unspecified method | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-39377 |
CVE-2023-40046 | \n\n\nIn WS_FTP Server versions prior to 8.7.4 and 8.8.2,\n\n a SQL injection vulnerability exists in the WS_FTP Server manager interface. An attacker may be able to infer information about the structure and contents of the database and execute SQL statements that alter or delete database elements.\n\n | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-40046 |
CVE-2023-40219 | Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor or higher privilege to upload an arbitrary file to an unauthorized directory. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-40219 |
CVE-2023-44044 | Super Store Finder v3.6 and below was discovered to contain a SQL injection vulnerability via the Search parameter at /admin/stores.php. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-44044 |
CVE-2023-44047 | Sourcecodester Toll Tax Management System v1 is vulnerable to SQL Injection. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-44047 |
CVE-2021-1056 | NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidia.ko) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-1056 |
CVE-2021-1090 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for control calls where the software reads or writes to a buffer by using an index or pointer that references a memory location after the end of the buffer, which may lead to data tampering or denial of service. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-1090 |
CVE-2021-3752 | A use-after-free flaw was found in the Linux kernel’s Bluetooth subsystem in the way user calls connect to the socket and disconnect simultaneously due to a race condition. This flaw allows a user to crash the system or escalate their privileges. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-3752 |
CVE-2021-4156 | An out-of-bounds read flaw was found in libsndfile's FLAC codec functionality. An attacker who is able to submit a specially crafted file (via tricking a user to open or otherwise) to an application linked with libsndfile and using the FLAC codec, could trigger an out-of-bounds read that would most likely cause a crash but could potentially leak memory information that could be used in further exploitation of other flaws. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-4156 |
CVE-2022-28183 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause an out-of-bounds read, which may lead to denial of service and information disclosure. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-28183 |
CVE-2022-28185 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the ECC layer, where an unprivileged regular user can cause an out-of-bounds write, which may lead to denial of service and data tampering. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-28185 |
CVE-2022-34677 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged regular user can cause an integer to be truncated, which may lead to denial of service or data tampering. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-34677 |
CVE-2022-34684 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an off-by-one error may lead to data tampering or information disclosure. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-34684 |
CVE-2022-42263 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an Integer overflow may lead to denial of service or information disclosure. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-42263 |
CVE-2022-42265 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to information disclosure or data tampering. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-42265 |
CVE-2023-0180 | NVIDIA GPU Display Driver for Linux contains a vulnerability in a kernel mode layer handler, which may lead to denial of service or information disclosure. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-0180 |
CVE-2023-0181 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in a kernel mode layer handler, where memory permissions are not correctly checked, which may lead to denial of service and data tampering. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-0181 |
CVE-2023-0183 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer where an out-of-bounds write can lead to denial of service and data tampering. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-0183 |
CVE-2023-0185 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where sign conversion issuescasting an unsigned primitive to signed may lead to denial of service or information disclosure. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-0185 |
CVE-2023-0191 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds access may lead to denial of service or data tampering. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-0191 |
CVE-2023-30630 | Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-30630 |
CVE-2023-2460 | Insufficient validation of untrusted input in Extensions in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to bypass file access checks via a crafted HTML page. (Chromium security severity: Medium) | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-2460 |
CVE-2023-3141 | A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-3141 |
CVE-2023-3567 | A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-3567 |
CVE-2021-29390 | libjpeg-turbo version 2.0.90 has a heap-based buffer over-read (2 bytes) in decompress_smooth_data in jdcoefct.c. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-29390 |
CVE-2023-40452 | The issue was addressed with improved bounds checks. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to overwrite arbitrary files. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-40452 |
CVE-2023-40454 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to delete files for which it does not have permission. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-40454 |
CVE-2023-43124 | \nBIG-IP APM clients may send IP traffic outside of the VPN tunnel. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-43124 |
CVE-2023-3922 | An issue has been discovered in GitLab affecting all versions starting from 8.15 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible to hijack some links and buttons on the GitLab UI to a malicious page. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-3922 |
CVE-2014-9940 | The regulator_ena_gpio_free function in drivers/regulator/core.c in the Linux kernel before 3.19 allows local users to gain privileges or cause a denial of service (use-after-free) via a crafted application. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2014-9940 |
CVE-2022-34674 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where a helper function maps more physical pages than were requested, which may lead to undefined behavior or an information leak. | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-34674 |
CVE-2023-4003 | \nOne Identity Password Manager version 5.9.7.1 - An unauthenticated attacker with physical access to a workstation may upgrade privileges to SYSTEM through an unspecified method. CWE-250: Execution with Unnecessary Privileges. \n\n | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4003 |
CVE-2022-27635 | Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-27635 |
CVE-2022-40964 | Improper access control for some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-40964 |
CVE-2022-46329 | Protection mechanism failure for some Intel(R) PROSet/Wireless WiFi software may allow a privileged user to potentially enable escalation of privilege via local access. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-46329 |
CVE-2023-34043 | VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-34043 |
CVE-2023-32821 | In video, there is a possible out of bounds write due to a permissions bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08013430; Issue ID: ALPS08013433. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-32821 |
CVE-2023-32822 | In ftm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07994229; Issue ID: ALPS07994229. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-32822 |
CVE-2023-32823 | In rpmb , there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07912966; Issue ID: ALPS07912966. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-32823 |
CVE-2023-32824 | In rpmb , there is a possible double free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07912966; Issue ID: ALPS07912961. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-32824 |
CVE-2023-32826 | In camera middleware, there is a possible out of bounds write due to a missing input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07993539; Issue ID: ALPS07993544. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-32826 |
CVE-2023-32827 | In camera middleware, there is a possible out of bounds write due to a missing input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07993539; Issue ID: ALPS07993539. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-32827 |
CVE-2023-32828 | In vpu, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767817; Issue ID: ALPS07767817. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-32828 |
CVE-2023-32829 | In apusys, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07713478; Issue ID: ALPS07713478. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-32829 |
CVE-2023-32830 | In TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03802522; Issue ID: DTV03802522. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-32830 |
CVE-2023-37941 | If an attacker gains write access to the Apache Superset metadata database, they could persist a specifically crafted Python object that may lead to remote code execution on Superset's web backend.\n\nThe Superset metadata db is an 'internal' component that is typically \nonly accessible directly by the system administrator and the superset \nprocess itself. Gaining access to that database should\n be difficult and require significant privileges.\n\nThis vulnerability impacts Apache Superset versions 1.5.0 up to and including 2.1.0. Users are recommended to upgrade to version 2.1.1 or later.\n\n | 6.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-37941 |
CVE-2018-12207 | Improper invalidation for page table updates by a virtual guest operating system for multiple Intel(R) Processors may allow an authenticated user to potentially enable denial of service of the host system via local access. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-12207 |
CVE-2020-8894 | An issue was discovered in MISP before 2.4.121. ACLs for discussion threads were mishandled in app/Controller/ThreadsController.php and app/Model/Thread.php. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-8894 |
CVE-2021-1304 | Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information that they are not authorized to access. For more information about these vulnerabilities, see the Details section of this advisory. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-1304 |
CVE-2020-28463 | All versions of package reportlab are vulnerable to Server-side Request Forgery (SSRF) via img tags. In order to reduce risk, use trustedSchemes & trustedHosts (see in Reportlab's documentation) Steps to reproduce by Karan Bamal: 1. Download and install the latest package of reportlab 2. Go to demos -> odyssey -> dodyssey 3. In the text file odyssey.txt that needs to be converted to pdf inject <img src="http://127.0.0.1:5000" valign="top"/> 4. Create a nc listener nc -lp 5000 5. Run python3 dodyssey.py 6. You will get a hit on your nc showing we have successfully proceded to send a server side request 7. dodyssey.py will show error since there is no img file on the url, but we are able to do SSRF | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-28463 |
CVE-2021-27847 | Division-By-Zero vulnerability in Libvips 8.10.5 in the function vips_eye_point, eye.c#L83, and function vips_mask_point, mask.c#L85. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-27847 |
CVE-2022-36087 | OAuthLib is an implementation of the OAuth request-signing logic for Python 3.6+. In OAuthLib versions 3.1.1 until 3.2.1, an attacker providing malicious redirect uri can cause denial of service. An attacker can also leverage usage of `uri_validate` functions depending where it is used. OAuthLib applications using OAuth2.0 provider support or use directly `uri_validate` are affected by this issue. Version 3.2.1 contains a patch. There are no known workarounds. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-36087 |
CVE-2022-26047 | Improper input validation for some Intel(R) PROSet/Wireless WiFi, Intel vPro(R) CSME WiFi and Killer(TM) WiFi products may allow unauthenticated user to potentially enable denial of service via local access. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-26047 |
CVE-2022-34665 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34665 |
CVE-2023-0697 | Inappropriate implementation in Full screen mode in Google Chrome on Android prior to 110.0.5481.77 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: High) | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0697 |
CVE-2023-0700 | Inappropriate implementation in Download in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to potentially spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0700 |
CVE-2023-0704 | Insufficient policy enforcement in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to bypass same origin policy and proxy settings via a crafted HTML page. (Chromium security severity: Low) | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0704 |
CVE-2023-1813 | Inappropriate implementation in Extensions in Google Chrome prior to 112.0.5615.49 allowed an attacker who convinced a user to install a malicious extension to bypass file access restrictions via a crafted HTML page. (Chromium security severity: Medium) | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-1813 |
CVE-2023-1814 | Insufficient validation of untrusted input in Safe Browsing in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass download checking via a crafted HTML page. (Chromium security severity: Medium) | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-1814 |
CVE-2023-1816 | Incorrect security UI in Picture In Picture in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially perform navigation spoofing via a crafted HTML page. (Chromium security severity: Medium) | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-1816 |
CVE-2023-1817 | Insufficient policy enforcement in Intents in Google Chrome on Android prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-1817 |
CVE-2023-1819 | Out of bounds read in Accessibility in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-1819 |
CVE-2023-1821 | Inappropriate implementation in WebShare in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to potentially hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Low) | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-1821 |
CVE-2023-1822 | Incorrect security UI in Navigation in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low) | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-1822 |
CVE-2023-1823 | Inappropriate implementation in FedCM in Google Chrome prior to 112.0.5615.49 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-1823 |
CVE-2023-2459 | Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to bypass permission restrictions via a crafted HTML page. (Chromium security severity: Medium) | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2459 |
CVE-2023-1972 | A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of availability. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-1972 |
CVE-2023-3396 | A vulnerability was found in Campcodes Retro Cellphone Online Store 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/index.php. The manipulation of the argument username/password leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-232351. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-3396 |
CVE-2022-36351 | Improper input validation in some Intel(R) PROSet/Wireless WiFi and Killer(TM) WiFi software may allow an unauthenticated user to potentially enable denial of service via adjacent access. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-36351 |
CVE-2020-36023 | An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::cvtGlyph function. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-36023 |
CVE-2020-19189 | Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-19189 |
CVE-2022-48564 | read_ints in plistlib.py in Python through 3.9.1 is vulnerable to a potential DoS attack via CPU and RAM exhaustion when processing malformed Apple Property List files in binary format. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-48564 |
CVE-2023-41040 | GitPython is a python library used to interact with Git repositories. In order to resolve some git references, GitPython reads files from the `.git` directory, in some places the name of the file being read is provided by the user, GitPython doesn't check if this file is located outside the `.git` directory. This allows an attacker to make GitPython read any file from the system. This vulnerability is present in https://github.com/gitpython-developers/GitPython/blob/1c8310d7cae144f74a671cbe17e51f63a830adbf/git/refs/symbolic.py#L174-L175. That code joins the base directory with a user given string without checking if the final path is located outside the base directory. This vulnerability cannot be used to read the contents of files but could in theory be used to trigger a denial of service for the program. This issue has not yet been addressed. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-41040 |
CVE-2023-4874 | Null pointer dereference when viewing a specially crafted email in Mutt >1.5.2 <2.2.12 | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-4874 |
CVE-2023-43256 | A path traversal in Gladys Assistant v4.26.1 and below allows authenticated attackers to extract sensitive files in the host machine by exploiting a non-sanitized user input. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43256 |
CVE-2023-23958 | Symantec Protection Engine, prior to 9.1.0, may be susceptible to a Hash Leak vulnerability.\n\n | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-23958 |
CVE-2023-39233 | The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may disclose sensitive information. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-39233 |
CVE-2023-39376 | \nSiberianCMS - CWE-284 Improper Access Control Authorized user may disable a security feature over the network\n\n | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-39376 |
CVE-2023-40048 | \n\n\nIn WS_FTP Server version prior to 8.8.2,\n\n the WS_FTP Server Manager interface was missing cross-site request forgery (CSRF) protection on a POST transaction corresponding to a WS_FTP Server administrative function. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40048 |
CVE-2023-40403 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may disclose sensitive information. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40403 |
CVE-2023-40420 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to a denial-of-service. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40420 |
CVE-2023-40441 | A resource exhaustion issue was addressed with improved input validation. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to a denial-of-service. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40441 |
CVE-2023-41321 | GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An API user can enumerate sensitive fields values on resources on which he has read access. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-41321 |
CVE-2023-44160 | Sensitive information manipulation due to cross-site request forgery. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-44160 |
CVE-2023-44161 | Sensitive information manipulation due to cross-site request forgery. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-44161 |
CVE-2023-4506 | The Active Directory Integration / LDAP Integration plugin for WordPress is vulnerable to LDAP Passback in versions up to, and including, 4.1.10. This is due to insufficient validation when changing the LDAP server. This makes it possible for authenticated attackers, with administrative access and above, to change the LDAP server and retrieve the credentials for the original LDAP server. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-4506 |
CVE-2023-5169 | A compromised content process could have provided malicious data in a `PathRecording` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5169 |
CVE-2023-5171 | During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5171 |
CVE-2023-5192 | Excessive Data Query Operations in a Large Data Table in GitHub repository pimcore/demo prior to 10.3.0. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5192 |
CVE-2023-42822 | xrdp is an open source remote desktop protocol server. Access to the font glyphs in xrdp_painter.c is not bounds-checked . Since some of this data is controllable by the user, this can result in an out-of-bounds read within the xrdp executable. The vulnerability allows an out-of-bounds read within a potentially privileged process. On non-Debian platforms, xrdp tends to run as root. Potentially an out-of-bounds write can follow the out-of-bounds read. There is no denial-of-service impact, providing xrdp is running in forking mode. This issue has been addressed in release 0.9.23.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-42822 |
CVE-2023-38873 | The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer is vulnerable to Clickjacking. Clickjacking, also known as a "UI redress attack", is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to click on the top-level page. Thus, the attacker is "hijacking" clicks meant for their page and routing them to another page, most likely owned by another application, domain, or both. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-38873 |
CVE-2023-43323 | mooSocial 3.1.8 is vulnerable to external service interaction on post function. When executed, the server sends a HTTP and DNS request to external server. The Parameters effected are multiple - messageText, data[wall_photo], data[userShareVideo] and data[userShareLink]. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43323 |
CVE-2023-5196 | Mattermost fails to enforce character limits in all possible notification props allowing an attacker to send a really long value for a notification_prop resulting in the server consuming an abnormal quantity of computing resources and possibly becoming temporarily unavailable for its users. \n\n\n\n | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5196 |
CVE-2023-5293 | A vulnerability, which was classified as critical, was found in ECshop 4.1.5. Affected is an unknown function of the file /admin/leancloud.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240924. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5293 |
CVE-2023-5232 | The Font Awesome More Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'icon' shortcode in versions up to, and including, 3.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 6.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5232 |
CVE-2023-5233 | The Font Awesome Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'fawesome' shortcode in versions up to, and including, 5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 6.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5233 |
CVE-2023-5295 | The Blog Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'vivafbcomment' shortcode in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 6.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5295 |
CVE-2023-5334 | The WP Responsive header image slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'sp_responsiveslider' shortcode in versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 6.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5334 |
CVE-2023-44121 | The vulnerability is an intent redirection in LG ThinQ Service ("com.lge.lms2") in the "com/lge/lms/things/ui/notification/NotificationManager.java" file. This vulnerability could be exploited by a third-party app installed on an LG device by sending a broadcast with the action "com.lge.lms.things.notification.ACTION". Additionally, this vulnerability is very dangerous because LG ThinQ Service is a system app (having android:sharedUserId="android.uid.system" setting). Intent redirection in this app leads to accessing arbitrary not exported activities of absolutely all apps. | 6.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-44121 |
CVE-2018-11245 | app/webroot/js/misp.js in MISP 2.4.91 has a DOM based XSS with cortex type attributes. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2018-11245 |
CVE-2020-9405 | IBL Online Weather before 4.3.5a allows unauthenticated reflected XSS via the redirect page. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-9405 |
CVE-2020-29239 | Online Birth Certificate System Project V 1.0 is affected by cross-site scripting (XSS). This vulnerability can result in an attacker injecting the XSS payload in the User Registration section. When an admin visits the View Detail of Application section from the admin panel, the attacker can able to steal the cookie according to the crafted payload. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-29239 |
CVE-2021-1094 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape where an out of bounds array access may lead to denial of service or information disclosure. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-1094 |
CVE-2021-44726 | KNIME Server before 4.13.4 allows XSS via the old WebPortal login page. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2021-44726 |
CVE-2022-25317 | An issue was discovered in Cerebrate through 1.4. genericForm allows reflected XSS in form descriptions via a user-controlled description. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-25317 |
CVE-2022-1822 | The Zephyr Project Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘project’ parameter in versions up to, and including, 3.2.40 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-1822 |
CVE-2023-1688 | A vulnerability classified as problematic has been found in SourceCodester Earnings and Expense Tracker App 1.0. This affects an unknown part of the file Master.php?a=save_expense. The manipulation of the argument name leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-224307. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-1688 |
CVE-2022-27665 | Reflected XSS (via AngularJS sandbox escape expressions) exists in Progress Ipswitch WS_FTP Server 8.6.0. This can lead to execution of malicious code and commands on the client due to improper handling of user-provided input. By inputting malicious payloads in the subdirectory searchbar or Add folder filename boxes, it is possible to execute client-side commands. For example, there is Client-Side Template Injection via subFolderPath to the ThinClient/WtmApiService.asmx/GetFileSubTree URI. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-27665 |
CVE-2023-0199 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds write can lead to denial of service and data tampering. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-0199 |
CVE-2023-28286 | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-28286 |
CVE-2023-2624 | The KiviCare WordPress plugin before 3.2.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as administrator | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-2624 |
CVE-2023-3660 | A vulnerability was found in Campcodes Retro Cellphone Online Store 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/add_user_modal.php. The manipulation of the argument un leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-234014 is the identifier assigned to this vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-3660 |
CVE-2023-37988 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Creative Solutions Contact Form Generator plugin <= 2.5.5 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-37988 |
CVE-2023-40755 | There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Callback Widget v1.0. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-40755 |
CVE-2022-4137 | A reflected cross-site scripting (XSS) vulnerability was found in the 'oob' OAuth endpoint due to incorrect null-byte handling. This issue allows a malicious link to insert an arbitrary URI into a Keycloak error page. This flaw requires a user or administrator to interact with a link in order to be vulnerable. This may compromise user details, allowing it to be changed or collected by an attacker. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-4137 |
CVE-2023-43326 | A reflected cross-site scripting (XSS) vulnerability exisits in multiple url of mooSocial v3.1.8 allows attackers to steal user's session cookies and impersonate their account via a crafted URL. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-43326 |
CVE-2023-27616 | Unauth. Stored Cross-Site Scripting (XSS) vulnerability in David F. Carr RSVPMaker plugin <= 10.6.6 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-27616 |
CVE-2023-28490 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Estatik Estatik Mortgage Calculator plugin <= 2.0.7 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-28490 |
CVE-2023-30471 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cornel Raiu WP Search Analytics plugin <= 1.4.7 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-30471 |
CVE-2023-30472 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in MyThemeShop URL Shortener by MyThemeShop plugin <= 1.0.17 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-30472 |
CVE-2023-30493 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Themefic Ultimate Addons for Contact Form 7 plugin <= 3.2.0 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-30493 |
CVE-2023-30961 | Palantir Gotham was found to be vulnerable to a bug where under certain circumstances, the frontend could have applied an incorrect classification to a newly created property or link. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-30961 |
CVE-2023-40045 | \n\n\nIn WS_FTP Server versions prior to 8.7.4 and 8.8.2,\n\n a reflected cross-site scripting (XSS) vulnerability exists in WS_FTP Server's Ad Hoc Transfer module. An attacker could leverage this vulnerability to target WS_FTP Server users with a specialized payload which results in the execution of malicious JavaScript within the context of the victims browser.\n\n | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-40045 |
CVE-2023-40330 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Milan Petrovic GD Security Headers plugin <= 1.6.1 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-40330 |
CVE-2023-40333 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Qode Interactive Bridge Core plugin <= 3.0.9 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-40333 |
CVE-2023-40663 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Rextheme WP VR plugin <= 8.3.4 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-40663 |
CVE-2023-40664 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in RedNao Donations Made Easy – Smart Donations plugin <= 4.0.12 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-40664 |
CVE-2023-40667 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Lasso Simple URLs plugin <= 117 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-40667 |
CVE-2023-41233 | Cross-site scripting vulnerability in Item List page registration process of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-41233 |
CVE-2023-41235 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest Themes Everest News Pro theme <= 1.1.7 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-41235 |
CVE-2023-41236 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Happy addons Happy Elementor Addons Pro plugin <= 2.8.0 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-41236 |
CVE-2023-41237 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Everest Themes Arya Multipurpose Pro theme <= 1.0.8 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-41237 |
CVE-2023-41238 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in UltimatelySocial Social Media Share Buttons & Social Sharing Icons plugin <= 2.8.3 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-41238 |
CVE-2023-41653 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Beplus Sermon'e – Sermons Online plugin <= 1.0.0 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-41653 |
CVE-2023-41860 | Unauth. Cross-Site Scripting (XSS) vulnerability in TravelMap plugin <= 1.0.1 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-41860 |
CVE-2023-41861 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Restrict plugin <= 2.2.4 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-41861 |
CVE-2023-41962 | Cross-site scripting vulnerability in Credit Card Payment Setup page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script in the page. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-41962 |
CVE-2023-43263 | A Cross-site scripting (XSS) vulnerability in Froala Editor v.4.1.1 allows attackers to execute arbitrary code via the Markdown component. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-43263 |
CVE-2023-43484 | Cross-site scripting vulnerability in Item List page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-43484 |
CVE-2023-43614 | Cross-site scripting vulnerability in Order Data Edit page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a remote unauthenticated attacker to inject an arbitrary script. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-43614 |
CVE-2023-44043 | A reflected cross-site scripting (XSS) vulnerability in /install/index.php of Black Cat CMS 1.4.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website title parameter. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-44043 |
CVE-2023-4523 | \nReal Time Automation 460 Series products with versions prior to v8.9.8 are vulnerable to cross-site scripting, which could allow an attacker to run any JavaScript reference from the URL string. If this were to occur, the gateway's HTTP interface would redirect to the main page, which is index.htm.\n\n | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-4523 |
CVE-2023-41445 | Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the index.php component. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-41445 |
CVE-2023-41448 | Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the ID parameter in the index.php component. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-41448 |
CVE-2023-41451 | Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the txt parameter in the index.php component. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-41451 |
CVE-2023-41453 | Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the cmd parameter in the index.php component. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-41453 |
CVE-2023-43233 | A stored cross-site scripting (XSS) vulnerability in the cms/content/edit component of YZNCMS v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-43233 |
CVE-2023-5244 | Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 2.0. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-5244 |
CVE-2023-41446 | Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted script to the title parameter in the index.php component. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-41446 |
CVE-2023-41447 | Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the subcmd parameter in the index.php component. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-41447 |
CVE-2023-26149 | Versions of the package quill-mention before 4.0.0 are vulnerable to Cross-site Scripting (XSS) due to improper user-input sanitization, via the renderList function. \r\r**Note:**\r\rIf the mentions list is sourced from unsafe (user-sourced) data, this might allow an injection attack when a Quill user hits @. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-26149 |
CVE-2022-47187 | There is a file upload XSS vulnerability in Generex CS141 below 2.06 version. The web application allows file uploading, making it possible to upload a file with HTML content. When HTML files are allowed, XSS payload can be injected into the uploaded file.\n\n | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-47187 |
CVE-2023-43657 | discourse-encrypt is a plugin that provides a secure communication channel through Discourse. Improper escaping of encrypted topic titles could lead to a cross site scripting (XSS) issue when a site has content security policy (CSP) headers disabled. Having CSP disabled is a non-default configuration, and having it disabled with discourse-encrypt installed will result in a warning in the Discourse admin dashboard. This has been fixed in commit `9c75810af9` which is included in the latest version of the discourse-encrypt plugin. Users are advised to upgrade. Users unable to upgrade should ensure that CSP headers are enabled and properly configured. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-43657 |
CVE-2023-26146 | All versions of the package ithewei/libhv are vulnerable to Cross-site Scripting (XSS) such that when a file with a name containing a malicious payload is served by the application, the filename is displayed without proper sanitization when it is rendered. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-26146 |
CVE-2023-26147 | All versions of the package ithewei/libhv are vulnerable to HTTP Response Splitting when untrusted user input is used to build headers values. An attacker can add the \\r\\n (carriage return line feeds) characters to end the HTTP response headers and inject malicious content, like for example additional headers or new response body, leading to a potential XSS vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-26147 |
CVE-2023-39308 | Unauth. Stored Cross-Site Scripting (XSS) vulnerability in UserFeedback Team User Feedback plugin <= 1.0.7 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-39308 |
CVE-2023-41658 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Photo Gallery Slideshow & Masonry Tiled Gallery plugin <= 1.0.13 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-41658 |
CVE-2023-41662 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ulf Benjaminsson WP-dTree plugin <= 4.4.5 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-41662 |
CVE-2023-41663 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Giovambattista Fazioli WP Bannerize Pro plugin <= 1.6.9 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-41663 |
CVE-2023-41691 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Pensopay WooCommerce PensoPay plugin <= 6.3.1 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-41691 |
CVE-2023-5316 | Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-5316 |
CVE-2023-5320 | Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-5320 |
CVE-2023-5303 | A vulnerability, which was classified as problematic, was found in Online Banquet Booking System 1.0. Affected is an unknown function of the file /view-booking-detail.php of the component Account Detail Handler. The manipulation of the argument username leads to cross site scripting. It is possible to launch the attack remotely. VDB-240942 is the identifier assigned to this vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-5303 |
CVE-2023-5304 | A vulnerability has been found in Online Banquet Booking System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /book-services.php of the component Service Booking. The manipulation of the argument message leads to cross site scripting. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-240943. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-5304 |
CVE-2023-5305 | A vulnerability was found in Online Banquet Booking System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /mail.php of the component Contact Us Page. The manipulation of the argument message leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-240944. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-5305 |
CVE-2023-5323 | Cross-site Scripting (XSS) - Generic in GitHub repository dolibarr/dolibarr prior to 18.0. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-5323 |
CVE-2023-41692 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Hennessey Digital Attorney theme <= 3 theme. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-41692 |
CVE-2016-7420 | Crypto++ (aka cryptopp) through 5.6.4 does not document the requirement for a compile-time NDEBUG definition disabling the many assert calls that are unintended in production use, which might allow context-dependent attackers to obtain sensitive information by leveraging access to process memory after an assertion failure, as demonstrated by reading a core dump. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2016-7420 |
CVE-2023-4806 | A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-4806 |
CVE-2023-43645 | OpenFGA is an authorization/permission engine built for developers and inspired by Google Zanzibar. OpenFGA is vulnerable to a denial of service attack when certain Check calls are executed against authorization models that contain circular relationship definitions. When the call is made, it's possible for the server to exhaust resources and die. Users are advised to upgrade to v1.3.2 and update any offending models. There are no known workarounds for this vulnerability. Note that for models which contained cycles or a relation definition that has the relation itself in its evaluation path, checks and queries that require evaluation will no longer be evaluated on v1.3.2+ and will return errors instead. Users who do not have cyclic models are unaffected. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-43645 |
CVE-2023-28261 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | 5.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-28261 |
CVE-2023-1206 | A hash collision flaw was found in the IPv6 connection lookup table in the Linux kernel’s IPv6 functionality when a user makes a new kind of SYN flood attack. A user located in the local network or with a high bandwidth connection can increase the CPU usage of the server that accepts IPV6 connections up to 95%. | 5.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-1206 |
CVE-2023-4875 | Null pointer dereference when composing from a specially crafted draft message in Mutt >1.5.2 <2.2.12 | 5.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-4875 |
CVE-2023-0989 | An information disclosure issue in GitLab CE/EE affecting all versions starting from 13.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows an attacker to extract non-protected CI/CD variables by tricking a user to visit a fork with a malicious CI/CD configuration. | 5.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-0989 |
CVE-2017-11877 | Microsoft Excel 2007 Service Pack 3, Microsoft Excel 2010 Service Pack 2, Microsoft Excel 2013 Service Pack 1, Microsoft Excel 2013 RT Service Pack 1, Microsoft Excel 2016, Microsoft Office Compatibility Pack Service Pack 3, Microsoft Excel Viewer 2007 Service Pack 3, and Microsoft Excel 2016 for Mac allow a security feature bypass by not enforcing macro settings on an Excel document, aka "Microsoft Excel Security Feature Bypass Vulnerability". | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2017-11877 |
CVE-2018-16878 | A flaw was found in pacemaker up to and including version 2.0.1. An insufficient verification inflicted preference of uncontrolled processes can lead to DoS | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2018-16878 |
CVE-2021-1053 | NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape or IOCTL in which improper validation of a user pointer may lead to denial of service. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-1053 |
CVE-2021-1077 | NVIDIA GPU Display Driver for Windows and Linux, R450 and R460 driver branch, contains a vulnerability where the software uses a reference count to manage a resource that is incorrectly updated, which may lead to denial of service. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-1077 |
CVE-2021-1093 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in firmware where the driver contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary, and may lead to denial of service or system crash. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-1093 |
CVE-2021-1095 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handlers for all control calls with embedded parameters where dereferencing an untrusted pointer may lead to denial of service. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-1095 |
CVE-2021-45097 | KNIME Server before 4.12.6 and 4.13.x before 4.13.4 (when installed in unattended mode) keeps the administrator's password in a file without appropriate file access controls, allowing all local users to read its content. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-45097 |
CVE-2022-20796 | On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus (ClamAV) versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2 could allow an authenticated, local attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-20796 |
CVE-2022-38533 | In GNU Binutils before 2.40, there is a heap-buffer-overflow in the error function bfd_getl32 when called from the strip_main function in strip-new via a crafted file. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-38533 |
CVE-2022-34666 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34666 |
CVE-2022-31615 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-31615 |
CVE-2022-4269 | A flaw was found in the Linux kernel Traffic Control (TC) subsystem. Using a specific networking configuration (redirecting egress packets to ingress using TC action "mirred") a local unprivileged user could trigger a CPU soft lockup (ABBA deadlock) when the transport protocol in use (TCP or SCTP) does a retransmission, resulting in a denial of service condition. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-4269 |
CVE-2022-34678 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged user can cause a null-pointer dereference, which may lead to denial of service. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34678 |
CVE-2022-34679 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an unhandled return value can lead to a null-pointer dereference, which may lead to denial of service. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34679 |
CVE-2022-34680 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an integer truncation can lead to an out-of-bounds read, which may lead to denial of service. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34680 |
CVE-2022-34682 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user can cause a null-pointer dereference, which may lead to denial of service. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34682 |
CVE-2022-42259 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where an integer overflow may lead to denial of service. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-42259 |
CVE-2022-4285 | An illegal memory access flaw was found in the binutils package. Parsing an ELF file containing corrupt symbol version information may result in a denial of service. This issue is the result of an incomplete fix for CVE-2020-16599. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-4285 |
CVE-2023-0187 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds read can lead to denial of service. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0187 |
CVE-2023-0188 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer handler, where an unprivileged user can cause improper restriction of operations within the bounds of a memory buffer cause an out-of-bounds read, which may lead to denial of service. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0188 |
CVE-2023-0190 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where a NULL pointer dereference may lead to denial of service. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0190 |
CVE-2023-31081 | An issue was discovered in drivers/media/test-drivers/vidtv/vidtv_bridge.c in the Linux kernel 6.2. There is a NULL pointer dereference in vidtv_mux_stop_thread. In vidtv_stop_streaming, after dvb->mux=NULL occurs, it executes vidtv_mux_stop_thread(dvb->mux). | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-31081 |
CVE-2023-31082 | An issue was discovered in drivers/tty/n_gsm.c in the Linux kernel 6.2. There is a sleeping function called from an invalid context in gsmld_write, which will block the kernel. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-31082 |
CVE-2023-31084 | An issue was discovered in drivers/media/dvb-core/dvb_frontend.c in the Linux kernel 6.2. There is a blocking operation when a task is in !TASK_RUNNING. In dvb_frontend_get_event, wait_event_interruptible is called; the condition is dvb_frontend_test_event(fepriv,events). In dvb_frontend_test_event, down(&fepriv->sem) is called. However, wait_event_interruptible would put the process to sleep, and down(&fepriv->sem) may block the process. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-31084 |
CVE-2023-31085 | An issue was discovered in drivers/mtd/ubi/cdev.c in the Linux kernel 6.2. There is a divide-by-zero error in do_div(sz,mtd->erasesize), used indirectly by ctrl_cdev_ioctl, when mtd->erasesize is 0. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-31085 |
CVE-2023-2878 | Kubernetes secrets-store-csi-driver in versions before 1.3.3 discloses service account tokens in logs.\n | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2878 |
CVE-2023-32360 | An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.7.7, macOS Monterey 12.6.6, macOS Ventura 13.4. An unauthenticated user may be able to access recently printed documents. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-32360 |
CVE-2023-20588 | \nA division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. \n\n\n\n\n\n\n\n | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-20588 |
CVE-2020-21490 | An issue was discovered in GNU Binutils 2.34. It is a memory leak when process microblaze-dis.c. This one will consume memory on each insn disassembled. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-21490 |
CVE-2022-48064 | GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-48064 |
CVE-2023-4508 | A user able to control file input to Gerbv, between versions 2.4.0 and 2.10.0, can cause a crash and cause denial-of-service with a specially crafted Gerber RS-274X file. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-4508 |
CVE-2023-39742 | giflib v5.2.1 was discovered to contain a segmentation fault via the component getarg.c. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-39742 |
CVE-2023-41991 | A certificate validation issue was addressed. This issue is fixed in macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. A malicious app may be able to bypass signature validation. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.7. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-41991 |
CVE-2023-42811 | aes-gcm is a pure Rust implementation of the AES-GCM. Starting in version 0.10.0 and prior to version 0.10.3, in the AES GCM implementation of decrypt_in_place_detached, the decrypted ciphertext (i.e. the correct plaintext) is exposed even if tag verification fails. If a program using the `aes-gcm` crate's `decrypt_in_place*` APIs accesses the buffer after decryption failure, it will contain a decryption of an unauthenticated input. Depending on the specific nature of the program this may enable Chosen Ciphertext Attacks (CCAs) which can cause a catastrophic breakage of the cipher including full plaintext recovery. Version 0.10.3 contains a fix for this issue. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-42811 |
CVE-2023-0833 | A flaw was found in Red Hat's AMQ-Streams, which ships a version of the OKHttp component with an information disclosure flaw via an exception triggered by a header containing an illegal value. This issue could allow an authenticated attacker to access information outside of their regular permissions. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0833 |
CVE-2023-23495 | A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-23495 |
CVE-2023-32361 | The issue was addressed with improved handling of caches. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access user-sensitive data. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-32361 |
CVE-2023-32421 | A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14. An app may be able to observe unprotected user data. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-32421 |
CVE-2023-38596 | The issue was addressed with improved handling of protocols. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may fail to enforce App Transport Security. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-38596 |
CVE-2023-40391 | The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14, Xcode 15. An app may be able to disclose kernel memory. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40391 |
CVE-2023-40399 | The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to disclose kernel memory. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40399 |
CVE-2023-40402 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40402 |
CVE-2023-40406 | The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, macOS Ventura 13.6, macOS Sonoma 14. An app may be able to read arbitrary files. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40406 |
CVE-2023-40410 | An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to disclose kernel memory. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40410 |
CVE-2023-40418 | An authentication issue was addressed with improved state management. This issue is fixed in watchOS 10. An Apple Watch Ultra may not lock when using the Depth app. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40418 |
CVE-2023-40422 | The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14. An app may be able to cause a denial-of-service. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40422 |
CVE-2023-40424 | The issue was addressed with improved checks. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access user-sensitive data. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40424 |
CVE-2023-40426 | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14. An app may be able to bypass certain Privacy preferences. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40426 |
CVE-2023-40428 | The issue was addressed with improved handling of caches. This issue is fixed in iOS 17 and iPadOS 17. An app may be able to access sensitive user data. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40428 |
CVE-2023-40429 | A permissions issue was addressed with improved validation. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access sensitive user data. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40429 |
CVE-2023-40435 | This issue was addressed by enabling hardened runtime. This issue is fixed in Xcode 15. An app may be able to access App Store credentials. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40435 |
CVE-2023-40450 | The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may bypass Gatekeeper checks. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40450 |
CVE-2023-40541 | This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sonoma 14. A shortcut may output sensitive user data without consent. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40541 |
CVE-2023-41066 | An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14. An app may be able to unexpectedly leak a user's credentials from secure text fields. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-41066 |
CVE-2023-41067 | A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. An app may bypass Gatekeeper checks. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-41067 |
CVE-2023-41070 | A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access sensitive data logged when a user shares a link. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-41070 |
CVE-2023-41073 | An authorization issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access protected user data. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-41073 |
CVE-2023-41078 | An authorization issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14. An app may be able to bypass certain Privacy preferences. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-41078 |
CVE-2023-41079 | The issue was addressed with improved permissions logic. This issue is fixed in macOS Sonoma 14. An app may be able to bypass Privacy preferences. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-41079 |
CVE-2023-41232 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.7, iOS 17 and iPadOS 17, macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. An app may be able to disclose kernel memory. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-41232 |
CVE-2023-41968 | This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read arbitrary files. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-41968 |
CVE-2023-41980 | A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to bypass Privacy preferences. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-41980 |
CVE-2023-41986 | The issue was addressed with improved checks. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to modify protected parts of the file system. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-41986 |
CVE-2023-41996 | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6. Apps that fail verification checks may still launch. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-41996 |
CVE-2023-44126 | The vulnerability is that the Call management ("com.android.server.telecom") app patched by LG sends a lot of LG-owned implicit broadcasts that disclose sensitive data to all third-party apps installed on the same device. Those intents include data such as call states, durations, called numbers, contacts info, etc. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-44126 |
CVE-2023-44127 | he vulnerability is that the Call management ("com.android.server.telecom") app patched by LG launches implicit intents that disclose sensitive data to all third-party apps installed on the same device. Those intents include data such as contact details and phone numbers. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-44127 |
CVE-2023-4065 | A flaw was found in Red Hat AMQ Broker Operator, where it displayed a password defined in ActiveMQArtemisAddress CR, shown in plain text in the Operator Log. This flaw allows an authenticated local attacker to access information outside of their permissions. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-4065 |
CVE-2023-20253 | A vulnerability in the command line interface (cli) management interface of Cisco SD-WAN vManage could allow an authenticated, local attacker to bypass authorization and allow the attacker to roll back the configuration on vManage controllers and edge router device.\r\n\r This vulnerability is due to improper access control in the cli-management interface of an affected system. An attacker with low-privilege (read only) access to the cli could exploit this vulnerability by sending a request to roll back the configuration on for other controller and devices managed by an affected system. A successful exploit could allow the attacker to to roll back the configuration on for other controller and devices managed by an affected system. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-20253 |
CVE-2023-4066 | A flaw was found in Red Hat's AMQ Broker, which stores certain passwords in a secret security-properties-prop-module, defined in ActivemqArtemisSecurity CR; however, they are shown in plaintext in the StatefulSet details yaml of AMQ Broker. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-4066 |
CVE-2023-41911 | Samsung Mobile Processor Exynos 2200 allows a GPU Double Free (issue 1 of 2). | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-41911 |
CVE-2023-5321 | Missing Authorization in GitHub repository hamza417/inure prior to build94. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5321 |
CVE-2023-42132 | FD Application Apr. 2022 Edition (Version 9.01) and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-42132 |
CVE-2021-37742 | app/View/Elements/GalaxyClusters/view_relation_tree.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster relationships. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-37742 |
CVE-2022-45033 | A cross-site scripting (XSS) vulnerability in Expense Tracker 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Chat text field. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-45033 |
CVE-2023-0379 | The Spotlight Social Feeds WordPress plugin before 1.4.3 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-0379 |
CVE-2023-29206 | XWiki Commons are technical libraries common to several other top level XWiki projects. There was no check in the author of a JavaScript xobject or StyleSheet xobject added in a XWiki document, so until now it was possible for a user having only Edit Right to create such object and to craft a script allowing to perform some operations when executing by a user with appropriate rights. This has been patched in XWiki 14.9-rc-1 by only executing the script if the author of it has Script rights. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-29206 |
CVE-2023-2349 | A vulnerability classified as problematic has been found in SourceCodester Service Provider Management System 1.0. Affected is an unknown function of the file /admin/index.php. The manipulation of the argument page leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-227592. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-2349 |
CVE-2023-2350 | A vulnerability classified as problematic was found in SourceCodester Service Provider Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Users.php. The manipulation of the argument id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227593 was assigned to this vulnerability. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-2350 |
CVE-2023-20115 | A vulnerability in the SFTP server implementation for Cisco Nexus 3000 Series Switches and 9000 Series Switches in standalone NX-OS mode could allow an authenticated, remote attacker to download or overwrite files from the underlying operating system of an affected device. \r\n\r This vulnerability is due to a logic error when verifying the user role when an SFTP connection is opened to an affected device. An attacker could exploit this vulnerability by connecting and authenticating via SFTP as a valid, non-administrator user. A successful exploit could allow the attacker to read or overwrite files from the underlying operating system with the privileges of the authenticated user.\r\n\r There are workarounds that address this vulnerability. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-20115 |
CVE-2023-43376 | A cross-site scripting (XSS) vulnerability in /hoteldruid/clienti.php of Hoteldruid v3.0.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the nometipotariffa1 parameter. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43376 |
CVE-2023-27628 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Webvitaly Sitekit plugin <= 1.3 versions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-27628 |
CVE-2023-30959 | In Apollo change requests, comments added by users could contain a javascript URI link that when rendered will result in an XSS that require user interaction. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-30959 |
CVE-2023-40417 | A window management issue was addressed with improved state management. This issue is fixed in Safari 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. Visiting a website that frames malicious content may lead to UI spoofing. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-40417 |
CVE-2023-40605 | Auth. (contributor) Cross-Site Scripting (XSS) vulnerability in 93digital Typing Effect plugin <= 1.3.6 versions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-40605 |
CVE-2023-40669 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in twinpictures, baden03 Collapse-O-Matic plugin <= 1.8.5.5 versions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-40669 |
CVE-2023-41888 | GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. The lack of path filtering on the GLPI URL may allow an attacker to transmit a malicious URL of login page that can be used to attempt a phishing attack on user credentials. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-41888 |
CVE-2023-41904 | Zoho ManageEngine ADManager Plus before 7203 allows 2FA bypass (for AuthToken generation) in REST APIs. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-41904 |
CVE-2023-43232 | A stored cross-site scripting (XSS) vulnerability in the Website column management function of DedeBIZ v6.2.11 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43232 |
CVE-2023-43331 | A cross-site scripting (XSS) vulnerability in the Add User function of Small CRM v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43331 |
CVE-2023-43828 | A Cross-site scripting (XSS) vulnerability in /panel/languages/ of Subrion v4.2.1 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into 'Title' parameter. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43828 |
CVE-2023-43830 | A Cross-site scripting (XSS) vulnerability in /panel/configuration/financial/ of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into several fields: 'Minimum deposit', 'Maximum deposit' and/or 'Maximum balance'. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43830 |
CVE-2023-43857 | Dreamer CMS v4.1.3 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component /admin/u/toIndex. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43857 |
CVE-2023-44042 | A stored cross-site scripting (XSS) vulnerability in /settings/index.php of Black Cat CMS 1.4.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website header parameter. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-44042 |
CVE-2023-44207 | Stored cross-site scripting (XSS) vulnerability in protection plan name. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-44207 |
CVE-2023-5135 | The Simple Cloudflare Turnstile plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'gravity-simple-turnstile' shortcode in versions up to, and including, 1.23.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5135 |
CVE-2023-5161 | The Modal Window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 5.3.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5161 |
CVE-2023-5162 | The Options for Twenty Seventeen plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'social-links' shortcode in versions up to, and including, 2.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5162 |
CVE-2023-44048 | Sourcecodester Expense Tracker App v1 is vulnerable to Cross Site Scripting (XSS) via add category. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-44048 |
CVE-2023-43191 | JFinalCMS foreground message can be embedded malicious code saved in the database. When users browse the comments, these malicious codes embedded in the HTML will be executed, and the user's browser will be controlled by the attacker, so as to achieve the special purpose of the attacker, such as cookie theft | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43191 |
CVE-2023-44275 | OPNsense before 23.7.5 allows XSS via the index.php column_count parameter to the Lobby Dashboard. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-44275 |
CVE-2023-44276 | OPNsense before 23.7.5 allows XSS via the index.php sequence parameter to the Lobby Dashboard. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-44276 |
CVE-2023-5230 | The TM WooCommerce Compare & Wishlist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'tm_woo_wishlist_table' shortcode in versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5230 |
CVE-2023-43871 | A File upload vulnerability in WBCE v.1.6.1 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS). | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43871 |
CVE-2023-43872 | A File upload vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS). | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43872 |
CVE-2023-43873 | A Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Name filed in the Manage Menu. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43873 |
CVE-2023-43874 | Multiple Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Copyright and Author fields in the Meta & Custom Tags Menu. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43874 |
CVE-2023-43876 | A Cross-Site Scripting (XSS) vulnerability in installation of October v.3.4.16 allows an attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost field. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43876 |
CVE-2023-43878 | Rite CMS 3.0 has Multiple Cross-Site scripting (XSS) vulnerabilities that allow attackers to execute arbitrary code via a crafted payload into the Main Menu Items in the Administration Menu. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43878 |
CVE-2023-43884 | A Cross-site scripting (XSS) vulnerability in Reference ID from the panel Transactions, of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into 'Reference ID' parameter. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43884 |
CVE-2023-44173 | Online Movie Ticket Booking System v1.0 is vulnerable to\n\nan authenticated Reflected Cross-Site Scripting vulnerability.\n\n\n\n | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-44173 |
CVE-2023-44174 | Online Movie Ticket Booking System v1.0 is vulnerable to\n\nan authenticated Stored Cross-Site Scripting vulnerability.\n\n\n\n | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-44174 |
CVE-2023-5195 | Mattermost fails to properly validate the permissions when soft deleting a team allowing a team member to soft delete other teams that they are not part of\n\n | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5195 |
CVE-2023-43944 | A Stored Cross Site Scripting (XSS) vulnerability was found in SourceCodester Task Management System 1.0. It allows attackers to execute arbitrary code via parameter field in index.php?page=project_list. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43944 |
CVE-2023-41666 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Stockdio Stock Quotes List plugin <= 2.9.9 versions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-41666 |
CVE-2023-41687 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Irina Sokolovskaya Goods Catalog plugin <= 2.4.1 versions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-41687 |
CVE-2023-5273 | A vulnerability classified as problematic was found in SourceCodester Best Courier Management System 1.0. This vulnerability affects unknown code of the file manage_parcel_status.php. The manipulation of the argument id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-240886 is the identifier assigned to this vulnerability. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5273 |
CVE-2023-5286 | A vulnerability, which was classified as problematic, has been found in SourceCodester Expense Tracker App v1. Affected by this issue is some unknown functionality of the file add_category.php of the component Category Handler. The manipulation of the argument category_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-240914 is the identifier assigned to this vulnerability. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5286 |
CVE-2023-5317 | Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5317 |
CVE-2023-5319 | Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5319 |
CVE-2023-43702 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the "tracking_number" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43702 |
CVE-2023-43703 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the "product_info[][name]" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43703 |
CVE-2023-43704 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the "title" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43704 |
CVE-2023-43705 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the "translation_value[1]" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43705 |
CVE-2023-43706 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the "email_templates_key" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43706 |
CVE-2023-43707 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the "CatalogsPageDescriptionForm[1][name]\n" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43707 |
CVE-2023-43708 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the "configuration_title[1](MODULE_PAYMENT_SAGE_PAY_SERVER_TEXT_TITLE)" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43708 |
CVE-2023-43709 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the "configuration_title[1](MODULE)" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43709 |
CVE-2023-43710 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the "configuration_title[1][MODULE_SHIPPING_PERCENT_TEXT_TITLE]" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43710 |
CVE-2023-43711 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the "admin_firstname" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43711 |
CVE-2023-5302 | A vulnerability, which was classified as problematic, has been found in SourceCodester Best Courier Management System 1.0. This issue affects some unknown processing of the component Manage Account Page. The manipulation of the argument First Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240941 was assigned to this vulnerability. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5302 |
CVE-2023-43712 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the "access_levels_name" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43712 |
CVE-2023-43713 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability,\nwhich allows attackers to inject JS via the "title" parameter, in the "/admin/admin-menu/add-submit"\nendpoint, which can lead to unauthorized execution of scripts in a user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43713 |
CVE-2023-43714 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the "SKIP_CART_PAGE_TITLE[1]" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43714 |
CVE-2023-43715 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the "ENTRY_FIRST_NAME_MIN_LENGTH_TITLE[1]" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43715 |
CVE-2023-43716 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the "MAX_DISPLAY_NEW_PRODUCTS_TITLE[1]" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43716 |
CVE-2023-43717 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the "MSEARCH_HIGHLIGHT_ENABLE_TITLE[1]" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43717 |
CVE-2023-43718 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the "MSEARCH_ENABLE_TITLE[1]" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43718 |
CVE-2023-43719 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the "SHIPPING_GENDER_TITLE[1]" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43719 |
CVE-2023-43720 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the "BILLING_GENDER_TITLE[1]" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43720 |
CVE-2023-43721 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the "PACKING_SLIPS_SUMMARY_TITLE[1]" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43721 |
CVE-2023-43722 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the "orders_status_groups_name[1]" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43722 |
CVE-2023-43723 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the "orders_status_name[1]" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43723 |
CVE-2023-43724 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the "derb6zmklgtjuhh2cn5chn2qjbm2stgmfa4.oastify.comscription[1][name]" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43724 |
CVE-2023-43725 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the "orders_products_status_name_long[1]" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43725 |
CVE-2023-43726 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the "orders_products_status_manual_name_long[1]" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43726 |
CVE-2023-43727 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the "stock_indication_text[1]" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43727 |
CVE-2023-43728 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the "stock_delivery_terms_text[1]" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43728 |
CVE-2023-43729 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the "xsell_type_name[1]" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43729 |
CVE-2023-43730 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the "countries_name[1]" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43730 |
CVE-2023-43731 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the "zone_name" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43731 |
CVE-2023-43732 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the "tax_class_title" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43732 |
CVE-2023-43733 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the "company_address" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43733 |
CVE-2023-43734 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the "name" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43734 |
CVE-2023-43735 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the "formats_titles[7]" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43735 |
CVE-2023-5111 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the "featured_type_name[1]" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5111 |
CVE-2023-5112 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.\nThis vulnerability allows attackers to inject JS through the "specials_type_name[1]" parameter,\npotentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5112 |
CVE-2023-41728 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Rescue Themes Rescue Shortcodes plugin <= 2.5 versions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-41728 |
CVE-2023-41797 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Gold Plugins Locations plugin <= 4.0 versions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-41797 |
CVE-2023-44477 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Boxy Studio Cooked plugin <= 1.7.13 versions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-44477 |
CVE-2023-44242 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in 2J Slideshow Team Slideshow, Image Slider by 2J plugin <= 1.3.54 versions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-44242 |
CVE-2023-44264 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Arrow Plugins The Awesome Feed – Custom Feed plugin <= 2.2.5 versions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-44264 |
CVE-2019-6976 | libvips before 8.7.4 generates output images from uninitialized memory locations when processing corrupted input image data because iofuncs/memory.c does not zero out allocated memory. This can result in leaking raw process memory contents through the output image. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-6976 |
CVE-2020-9407 | IBL Online Weather before 4.3.5a allows attackers to obtain sensitive information by reading the IWEBSERVICE_JSONRPC_COOKIE cookie. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-9407 |
CVE-2020-20739 | im_vips2dz in /libvips/libvips/deprecated/im_vips2dz.c in libvips before 8.8.2 has an uninitialized variable which may cause the leakage of remote server path or stack address. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-20739 |
CVE-2021-30004 | In wpa_supplicant and hostapd 2.9, forging attacks may occur because AlgorithmIdentifier parameters are mishandled in tls/pkcs1.c and tls/x509v3.c. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-30004 |
CVE-2021-34434 | In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the ability for a client to make subscriptions on a topic is revoked when a durable client is offline, then existing subscriptions for that client are not revoked. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-34434 |
CVE-2021-40171 | The absence of notifications regarding an ongoing RF jamming attack in the SecuritasHome home alarm system, version HPGW-G 0.0.2.23F BG_U-ITR-F1-BD_BL.A30.20181117, allows an attacker to block legitimate traffic while not alerting the owner of the system. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-40171 |
CVE-2023-21720 | Microsoft Edge (Chromium-based) Tampering Vulnerability | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-21720 |
CVE-2023-20052 | On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed:\r\n\r \r A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on an affected device.\r\n\r \r This vulnerability is due to enabling XML entity substitution that may result in XML external entity injection. An attacker could exploit this vulnerability by submitting a crafted DMG file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to leak bytes from any file that may be read by the ClamAV scanning process. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-20052 |
CVE-2023-28486 | Sudo before 1.9.13 does not escape control characters in log messages. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-28486 |
CVE-2023-28487 | Sudo before 1.9.13 does not escape control characters in sudoreplay output. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-28487 |
CVE-2023-0466 | The function X509_VERIFY_PARAM_add0_policy() is documented to\nimplicitly enable the certificate policy check when doing certificate\nverification. However the implementation of the function does not\nenable the check which allows certificates with invalid or incorrect\npolicies to pass the certificate verification.\n\nAs suddenly enabling the policy check could break existing deployments it was\ndecided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy()\nfunction.\n\nInstead the applications that require OpenSSL to perform certificate\npolicy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly\nenable the policy check by calling X509_VERIFY_PARAM_set_flags() with\nthe X509_V_FLAG_POLICY_CHECK flag argument.\n\nCertificate policy checks are disabled by default in OpenSSL and are not\ncommonly used by applications. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-0466 |
CVE-2023-26048 | Jetty is a java based web server and servlet engine. In affected versions servlets with multipart support (e.g. annotated with `@MultipartConfig`) that call `HttpServletRequest.getParameter()` or `HttpServletRequest.getParts()` may cause `OutOfMemoryError` when the client sends a multipart request with a part that has a name but no filename and very large content. This happens even with the default settings of `fileSizeThreshold=0` which should stream the whole part content to disk. An attacker client may send a large multipart request and cause the server to throw `OutOfMemoryError`. However, the server may be able to recover after the `OutOfMemoryError` and continue its service -- although it may take some time. This issue has been patched in versions 9.4.51, 10.0.14, and 11.0.14. Users are advised to upgrade. Users unable to upgrade may set the multipart parameter `maxRequestSize` which must be set to a non-negative value, so the whole multipart content is limited (although still read into memory). | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-26048 |
CVE-2023-26049 | Jetty is a java based web server and servlet engine. Nonstandard cookie parsing in Jetty may allow an attacker to smuggle cookies within other cookies, or otherwise perform unintended behavior by tampering with the cookie parsing mechanism. If Jetty sees a cookie VALUE that starts with `"` (double quote), it will continue to read the cookie string until it sees a closing quote -- even if a semicolon is encountered. So, a cookie header such as: `DISPLAY_LANGUAGE="b; JSESSIONID=1337; c=d"` will be parsed as one cookie, with the name DISPLAY_LANGUAGE and a value of b; JSESSIONID=1337; c=d instead of 3 separate cookies. This has security implications because if, say, JSESSIONID is an HttpOnly cookie, and the DISPLAY_LANGUAGE cookie value is rendered on the page, an attacker can smuggle the JSESSIONID cookie into the DISPLAY_LANGUAGE cookie and thereby exfiltrate it. This is significant when an intermediary is enacting some policy based on cookies, so a smuggled cookie can bypass that policy yet still be seen by the Jetty server or its logging system. This issue has been addressed in versions 9.4.51, 10.0.14, 11.0.14, and 12.0.0.beta0 and users are advised to upgrade. There are no known workarounds for this issue. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-26049 |
CVE-2023-3431 | Improper Access Control in GitHub repository plantuml/plantuml prior to 1.2023.9. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-3431 |
CVE-2023-3446 | Issue summary: Checking excessively long DH keys or parameters may be very slow.\n\nImpact summary: Applications that use the functions DH_check(), DH_check_ex()\nor EVP_PKEY_param_check() to check a DH key or DH parameters may experience long\ndelays. Where the key or parameters that are being checked have been obtained\nfrom an untrusted source this may lead to a Denial of Service.\n\nThe function DH_check() performs various checks on DH parameters. One of those\nchecks confirms that the modulus ('p' parameter) is not too large. Trying to use\na very large modulus is slow and OpenSSL will not normally use a modulus which\nis over 10,000 bits in length.\n\nHowever the DH_check() function checks numerous aspects of the key or parameters\nthat have been supplied. Some of those checks use the supplied modulus value\neven if it has already been found to be too large.\n\nAn application that calls DH_check() and supplies a key or parameters obtained\nfrom an untrusted source could be vulernable to a Denial of Service attack.\n\nThe function DH_check() is itself called by a number of other OpenSSL functions.\nAn application calling any of those other functions may similarly be affected.\nThe other functions affected by this are DH_check_ex() and\nEVP_PKEY_param_check().\n\nAlso vulnerable are the OpenSSL dhparam and pkeyparam command line applications\nwhen using the '-check' option.\n\nThe OpenSSL SSL/TLS implementation is not affected by this issue.\nThe OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-3446 |
CVE-2021-25786 | An issue was discovered in QPDF version 10.0.4, allows remote attackers to execute arbitrary code via crafted .pdf file to Pl_ASCII85Decoder::write parameter in libqpdf. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-25786 |
CVE-2023-36844 | A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to control certain, important environment variables.\n\nUsing a crafted request an attacker is able to modify \n\ncertain PHP environment variables leading to partial loss of integrity, which may allow chaining to other vulnerabilities.\nThis issue affects Juniper Networks Junos OS on EX Series:\n\n\n\n * All versions prior to 20.4R3-S9;\n * 21.1 versions 21.1R1 and later;\n * 21.2 versions prior to 21.2R3-S7;\n * 21.3 versions \n\nprior to \n\n 21.3R3-S5;\n * 21.4 versions \n\nprior to \n\n21.4R3-S5;\n * 22.1 versions \n\nprior to \n\n22.1R3-S4;\n * 22.2 versions \n\nprior to \n\n22.2R3-S2;\n * 22.3 versions \n\nprior to 22.3R3-S1;\n * 22.4 versions \n\nprior to \n\n22.4R2-S2, 22.4R3;\n * 23.2 versions prior to \n\n23.2R1-S1, 23.2R2.\n\n\n\n\n | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-36844 |
CVE-2023-40167 | Jetty is a Java based web server and servlet engine. Prior to versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1, Jetty accepts the `+` character proceeding the content-length value in a HTTP/1 header field. This is more permissive than allowed by the RFC and other servers routinely reject such requests with 400 responses. There is no known exploit scenario, but it is conceivable that request smuggling could result if jetty is used in combination with a server that does not close the connection after sending such a 400 response. Versions 9.4.52, 10.0.16, 11.0.16, and 12.0.1 contain a patch for this issue. There is no workaround as there is no known exploit scenario. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-40167 |
CVE-2023-43617 | An issue was discovered in Croc through 9.6.5. When a custom shared secret is used, the sender and receiver may divulge parts of this secret to an untrusted Relay, as part of composing a room name. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-43617 |
CVE-2023-36851 | A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.\n\n\n\nWith a specific request to \n\nwebauth_operation.php\n\nthat doesn't require authentication, an attacker is able to upload arbitrary files via J-Web, leading to a loss of \n\nintegrity\n\nfor a certain part of the file system, which may allow chaining to other vulnerabilities.\n\n\nThis issue affects Juniper Networks Junos OS on SRX Series:\n\n\n\n * 22.4 versions prior to 22,4R2-S2, 22.4R3;\n * 23.2 versions prior to 23.2R2.\n\n\n\n\n | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-36851 |
CVE-2023-40049 | \n\n\nIn WS_FTP Server version prior to 8.8.2,\n\n an unauthenticated user could enumerate files under the 'WebServiceHost' directory listing. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-40049 |
CVE-2023-41311 | Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause an app to be activated automatically. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-41311 |
CVE-2023-41312 | Permission control vulnerability in the audio module. Successful exploitation of this vulnerability may cause several apps to be activated automatically. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-41312 |
CVE-2023-41323 | GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. An unauthenticated user can enumerate users logins. Users are advised to upgrade to version 10.0.10. There are no known workarounds for this vulnerability. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-41323 |
CVE-2023-43775 | Denial-of-service vulnerability in the web server of the Eaton SMP Gateway allows \n\nattacker to potentially force an unexpected restart of the automation platform, impacting the availability of the product. In rare situations, the issue could cause\nthe SMP device to restart in Safe Mode or Max Safe Mode. When in Max Safe Mode, the product is\nnot vulnerable anymore.\n | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-43775 |
CVE-2023-44205 | Sensitive information disclosure due to improper authorization. The following products are affected: Acronis Cyber Protect 15 (Linux, Windows) before build 35979. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-44205 |
CVE-2023-4565 | Broadcast permission control vulnerability in the framework module. Successful exploitation of this vulnerability may cause the hotspot feature to be unavailable. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-4565 |
CVE-2023-38871 | The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer has a user enumeration vulnerability in the login and forgot password functionalities. The app reacts differently when a user or email address is valid, and when it's not. This may allow an attacker to determine whether a user or email address is valid, or brute force valid usernames and email addresses. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-38871 |
CVE-2023-26148 | All versions of the package ithewei/libhv are vulnerable to CRLF Injection when untrusted user input is used to set request headers. An attacker can add the \\r\\n (carriage return line feeds) characters and inject additional headers in the request sent. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-26148 |
CVE-2023-3914 | A business logic error in GitLab EE affecting all versions prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows access to internal projects. A service account is not deleted when a namespace is deleted, allowing access to internal projects. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-3914 |
CVE-2023-2358 | \nHitachi Vantara Pentaho Business Analytics Server prior to versions 9.5.0.0 and 9.3.0.4, including 8.3.x.x, saves passwords of the Hadoop Copy Files step in plaintext. \n\n | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-2358 |
CVE-2023-43493 | SQL injection vulnerability in Item List page of Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with author or higher privilege to obtain sensitive information. | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-43493 |
CVE-2023-4505 | The Staff / Employee Business Directory for Active Directory plugin for WordPress is vulnerable to LDAP Passback in versions up to, and including, 1.2.3. This is due to insufficient validation when changing the LDAP server. This makes it possible for authenticated attackers, with administrative access and above, to change the LDAP server and retrieve the credentials for the original LDAP server. | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-4505 |
CVE-2023-3775 | A Vault Enterprise Sentinel Role Governing Policy created by an operator to restrict access to resources in one namespace can be applied to requests outside in another non-descendant namespace, potentially resulting in denial of service. Fixed in Vault Enterprise 1.15.0, 1.14.4, 1.13.8. | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-3775 |
CVE-2023-5259 | A vulnerability classified as problematic was found in ForU CMS. This vulnerability affects unknown code of the file /admin/cms_admin.php. The manipulation of the argument del leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The identifier of this vulnerability is VDB-240868. | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-5259 |
CVE-2023-25483 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ankit Agarwal, Priyanshu Mittal Easy Coming Soon plugin <= 2.3 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25483 |
CVE-2023-27617 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in David F. Carr RSVPMaker plugin <= 10.6.6 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27617 |
CVE-2023-27622 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Abel Ruiz GuruWalk Affiliates plugin <= 1.0.0 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27622 |
CVE-2023-28790 | Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in Brett Shumaker Simple Staff List plugin <= 2.2.3 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28790 |
CVE-2023-40047 | \n\n\nIn WS_FTP Server version prior to 8.8.2, a stored cross-site scripting (XSS) vulnerability exists in WS_FTP Server's Management module. An attacker with administrative privileges could import a SSL certificate with malicious attributes containing cross-site scripting payloads. Once the cross-site scripting payload is successfully stored, an attacker could leverage this vulnerability to target WS_FTP Server admins with a specialized payload which results in the execution of malicious JavaScript within the context of the victims browser.\n\n\n\n\n\n | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40047 |
CVE-2023-40604 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jes Madsen Cookies by JM plugin <= 1.0 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40604 |
CVE-2023-40665 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pdfcrowd Save as Image plugin by Pdfcrowd plugin <= 2.16.0 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40665 |
CVE-2023-40668 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Pdfcrowd Save as PDF plugin by Pdfcrowd plugin <= 2.16.0 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40668 |
CVE-2023-40675 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PluginOps Landing Page Builder plugin <= 1.5.1.2 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40675 |
CVE-2023-40676 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jason Crouse, VeronaLabs Slimstat Analytics plugin <= 5.0.8 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40676 |
CVE-2023-40677 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Vertical marquee plugin <= 7.1 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40677 |
CVE-2023-41241 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SureCart WordPress Ecommerce For Creating Fast Online Stores plugin <= 2.5.0 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41241 |
CVE-2023-41242 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Hassan Ali Snap Pixel plugin <= 1.5.7 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41242 |
CVE-2023-4423 | The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.1.37.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4423 |
CVE-2023-43879 | Rite CMS 3.0 has a Cross-Site scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload into the Global Content Blocks in the Administration Menu. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43879 |
CVE-2023-41655 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Andreas Heigl authLdap plugin <= 2.5.9 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41655 |
CVE-2023-41657 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Groundhogg Inc. HollerBox plugin <= 2.3.2 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41657 |
CVE-2023-41661 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PressPage Entertainment Inc. Smarty for WordPress plugin <= 3.1.35 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41661 |
CVE-2023-41729 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SendPress Newsletters plugin <= 1.22.3.31 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41729 |
CVE-2023-41731 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution WordPress publish post email notification plugin <= 1.0.2.2 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41731 |
CVE-2023-41733 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in YYDevelopment Back To The Top Button plugin <= 2.1.5 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41733 |
CVE-2023-41734 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nigauri Insert Estimated Reading Time plugin <= 1.2 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41734 |
CVE-2023-41736 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Email posts to subscribers plugin <= 6.2 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41736 |
CVE-2023-41737 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPGens Swifty Bar, sticky bar by WPGens plugin <= 1.2.10 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41737 |
CVE-2023-44265 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Popup contact form plugin <= 7.1 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44265 |
CVE-2023-44266 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jewel Theme WP Adminify plugin <= 3.1.6 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44266 |
CVE-2023-31083 | An issue was discovered in drivers/bluetooth/hci_ldisc.c in the Linux kernel 6.2. In hci_uart_tty_ioctl, there is a race condition between HCIUARTSETPROTO and HCIUARTGETPROTO. HCI_UART_PROTO_SET is set before hu->proto is set. A NULL pointer dereference may occur. | 4.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-31083 |
CVE-2023-29354 | Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | 4.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-29354 |
CVE-2023-2898 | There is a null-pointer-dereference flaw found in f2fs_write_end_io in fs/f2fs/data.c in the Linux kernel. This flaw allows a local privileged user to cause a denial of service problem. | 4.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-2898 |
CVE-2023-41051 | In a typical Virtual Machine Monitor (VMM) there are several components, such as boot loader, virtual device drivers, virtio backend drivers and vhost drivers, that need to access the VM physical memory. The vm-memory rust crate provides a set of traits to decouple VM memory consumers from VM memory providers. An issue was discovered in the default implementations of the `VolatileMemory::{get_atomic_ref, aligned_as_ref, aligned_as_mut, get_ref, get_array_ref}` trait functions, which allows out-of-bounds memory access if the `VolatileMemory::get_slice` function returns a `VolatileSlice` whose length is less than the function’s `count` argument. No implementations of `get_slice` provided in `vm_memory` are affected. Users of custom `VolatileMemory` implementations may be impacted if the custom implementation does not adhere to `get_slice`'s documentation. The issue started in version 0.1.0 but was fixed in version 0.12.2 by inserting a check that verifies that the `VolatileSlice` returned by `get_slice` is of the correct length. Users are advised to upgrade. There are no known workarounds for this issue.\n | 4.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-41051 |
CVE-2023-41979 | A race condition was addressed with improved locking. This issue is fixed in macOS Sonoma 14. An app may be able to modify protected parts of the file system. | 4.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-41979 |
CVE-2023-42756 | A flaw was found in the Netfilter subsystem of the Linux kernel. A race condition between IPSET_CMD_ADD and IPSET_CMD_SWAP can lead to a kernel panic due to the invocation of `__ip_set_put` on a wrong `set`. This issue may allow a local user to crash the system. | 4.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-42756 |
CVE-2023-0194 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer driver, where an invalid display configuration may lead to denial of service. | 4.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-0194 |
CVE-2021-1233 | A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information on an affected device. The vulnerability is due to insufficient input validation of requests that are sent to the iperf tool. An attacker could exploit this vulnerability by sending a crafted request to the iperf tool, which is included in Cisco SD-WAN Software. A successful exploit could allow the attacker to obtain any file from the filesystem of an affected device. | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-1233 |
CVE-2023-2269 | A denial of service problem was found, due to a possible recursive locking scenario, resulting in a deadlock in table_clear in drivers/md/dm-ioctl.c in the Linux Kernel Device Mapper-Multipathing sub-component. | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-2269 |
CVE-2023-3212 | A NULL pointer dereference issue was found in the gfs2 file system in the Linux kernel. It occurs on corrupt gfs2 file systems when the evict code tries to reference the journal descriptor structure after it has been freed and set to NULL. A privileged local user could use this flaw to cause a kernel panic. | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-3212 |
CVE-2023-41981 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations. | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-41981 |
CVE-2023-32819 | In display, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07993705; Issue ID: ALPS08014138. | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-32819 |
CVE-2021-33683 | SAP Web Dispatcher and Internet Communication Manager (ICM), versions - KRNL32NUC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, KRNL64NUC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, 7.53, 7.73, WEBDISP 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, KERNEL 7.21, 7.22, 7.49, 7.53, 7.73, 7.77, 7.81, 7.82, 7.83, process invalid HTTP header. The incorrect handling of the invalid Transfer-Encoding header in a particular manner leads to a possibility of HTTP Request Smuggling attack. An attacker could exploit this vulnerability to bypass web application firewall protection, divert sensitive data such as customer requests, session credentials, etc. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-33683 |
CVE-2021-45096 | KNIME Analytics Platform before 4.5.0 is vulnerable to XXE (external XML entity injection) via a crafted workflow file (.knwf), aka AP-17730. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-45096 |
CVE-2022-3661 | Insufficient data validation in Extensions in Google Chrome prior to 107.0.5304.62 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted Chrome extension. (Chromium security severity: Low) | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-3661 |
CVE-2023-21794 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-21794 |
CVE-2023-29334 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-29334 |
CVE-2023-2462 | Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to obfuscate main origin data via a crafted HTML page. (Chromium security severity: Medium) | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-2462 |
CVE-2023-2463 | Inappropriate implementation in Full Screen Mode in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to hide the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-2463 |
CVE-2023-2464 | Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed an attacker who convinced a user to install a malicious extension to perform an origin spoof in the security UI via a crafted HTML page. (Chromium security severity: Medium) | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-2464 |
CVE-2023-2465 | Inappropriate implementation in CORS in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-2465 |
CVE-2023-2466 | Inappropriate implementation in Prompts in Google Chrome prior to 113.0.5672.63 allowed a remote attacker to spoof the contents of the security UI via a crafted HTML page. (Chromium security severity: Low) | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-2466 |
CVE-2023-2467 | Inappropriate implementation in Prompts in Google Chrome on Android prior to 113.0.5672.63 allowed a remote attacker to bypass permissions restrictions via a crafted HTML page. (Chromium security severity: Low) | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-2467 |
CVE-2023-2468 | Inappropriate implementation in PictureInPicture in Google Chrome prior to 113.0.5672.63 allowed a remote attacker who had compromised the renderer process to obfuscate the security UI via a crafted HTML page. (Chromium security severity: Low) | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-2468 |
CVE-2023-4900 | Inappropriate implementation in Custom Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate a permission prompt via a crafted HTML page. (Chromium security severity: Medium) | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-4900 |
CVE-2023-4901 | Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium) | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-4901 |
CVE-2023-4902 | Inappropriate implementation in Input in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-4902 |
CVE-2023-4903 | Inappropriate implementation in Custom Mobile Tabs in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-4903 |
CVE-2023-4904 | Insufficient policy enforcement in Downloads in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Enterprise policy restrictions via a crafted download. (Chromium security severity: Medium) | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-4904 |
CVE-2023-4905 | Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-4905 |
CVE-2023-4906 | Insufficient policy enforcement in Autofill in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low) | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-4906 |
CVE-2023-4907 | Inappropriate implementation in Intents in Google Chrome on Android prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low) | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-4907 |
CVE-2023-4908 | Inappropriate implementation in Picture in Picture in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low) | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-4908 |
CVE-2023-4909 | Inappropriate implementation in Interstitials in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to obfuscate security UI via a crafted HTML page. (Chromium security severity: Low) | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-4909 |
CVE-2023-36479 | Eclipse Jetty Canonical Repository is the canonical repository for the Jetty project. Users of the CgiServlet with a very specific command structure may have the wrong command executed. If a user sends a request to a org.eclipse.jetty.servlets.CGI Servlet for a binary with a space in its name, the servlet will escape the command by wrapping it in quotation marks. This wrapped command, plus an optional command prefix, will then be executed through a call to Runtime.exec. If the original binary name provided by the user contains a quotation mark followed by a space, the resulting command line will contain multiple tokens instead of one. This issue was patched in version 9.4.52, 10.0.16, 11.0.16 and 12.0.0-beta2.\n | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-36479 |
CVE-2023-41900 | Jetty is a Java based web server and servlet engine. Versions 9.4.21 through 9.4.51, 10.0.15, and 11.0.15 are vulnerable to weak authentication. If a Jetty `OpenIdAuthenticator` uses the optional nested `LoginService`, and that `LoginService` decides to revoke an already authenticated user, then the current request will still treat the user as authenticated. The authentication is then cleared from the session and subsequent requests will not be treated as authenticated. So a request on a previously authenticated session could be allowed to bypass authentication after it had been rejected by the `LoginService`. This impacts usages of the jetty-openid which have configured a nested `LoginService` and where that `LoginService` will is capable of rejecting previously authenticated users. Versions 9.4.52, 10.0.16, and 11.0.16 have a patch for this issue. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-41900 |
CVE-2022-4245 | A flaw was found in codehaus-plexus. The org.codehaus.plexus.util.xml.XmlWriterUtil#writeComment fails to sanitize comments for a --> sequence. This issue means that text contained in the command string could be interpreted as XML and allow for XML injection. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-4245 |
CVE-2023-35984 | The issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An attacker in physical proximity can cause a limited out of bounds write. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-35984 |
CVE-2023-40388 | A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14. Safari may save photos to an unprotected location. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-40388 |
CVE-2023-40532 | Path traversal vulnerability in Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with author or higher privilege to obtain partial information of the files on the web server. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-40532 |
CVE-2023-42453 | Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Users were able to forge read receipts for any event (if they knew the room ID and event ID). Note that the users were not able to view the events, but simply mark it as read. This could be confusing as clients will show the event as read by the user, even if they are not in the room. This issue has been patched in version 1.93.0. Users are advised to upgrade. There are no known workarounds for this issue. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-42453 |
CVE-2023-40026 | Argo CD is a declarative continuous deployment framework for Kubernetes. In Argo CD versions prior to 2.3 (starting at least in v0.1.0, but likely in any version using Helm before 2.3), using a specifically-crafted Helm file could reference external Helm charts handled by the same repo-server to leak values, or files from the referenced Helm Chart. This was possible because Helm paths were predictable. The vulnerability worked by adding a Helm chart that referenced Helm resources from predictable paths. Because the paths of Helm charts were predictable and available on an instance of repo-server, it was possible to reference and then render the values and resources from other existing Helm charts regardless of permissions. While generally, secrets are not stored in these files, it was nevertheless possible to reference any values from these charts. This issue was fixed in Argo CD 2.3 and subsequent versions by randomizing Helm paths. User's still using Argo CD 2.3 or below are advised to update to a supported version. If this is not possible, disabling Helm chart rendering, or using an additional repo-server for each Helm chart would prevent possible exploitation. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-40026 |
CVE-2023-43663 | PrestaShop is an Open Source e-commerce web application. In affected versions any module can be disabled or uninstalled from back office, even with low user right. This allows low privileged users to disable portions of a shops functionality. Commit `ce1f6708` addresses this issue and is included in version 8.1.2. Users are advised to upgrade. There are no known workarounds for this issue. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-43663 |
CVE-2023-43664 | PrestaShop is an Open Source e-commerce web application. In the Prestashop Back office interface, an employee can list all modules without any access rights: method `ajaxProcessGetPossibleHookingListForModule` doesn't check access rights. This issue has been addressed in commit `15bd281c` which is included in version 8.1.2. Users are advised to upgrade. There are no known workaround for this issue. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-43664 |
CVE-2023-2233 | An improper authorization issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16.2.8, all versions starting from 16.3 before 16.3.5 and all versions starting from 16.4 before 16.4.1. It allows a project reporter to leak the owner's Sentry instance projects. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-2233 |
CVE-2023-3115 | An issue has been discovered in GitLab EE affecting all versions affecting all versions from 11.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. Single Sign On restrictions were not correctly enforced for indirect project members accessing public members-only project repositories. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-3115 |
CVE-2023-3920 | An issue has been discovered in GitLab affecting all versions starting from 11.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that a maintainer to create a fork relationship between existing projects contrary to the documentation. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-3920 |
CVE-2023-3979 | An issue has been discovered in GitLab affecting all versions starting from 10.6 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that upstream members to collaborate with you on your branch get permission to write to the merge request’s source branch. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-3979 |
CVE-2023-44469 | A Server-Side Request Forgery issue in the OpenID Connect Issuer in LemonLDAP::NG before 2.17.1 allows authenticated remote attackers to send GET requests to arbitrary URLs through the request_uri authorization parameter. This is similar to CVE-2020-10770. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-44469 |
CVE-2023-4532 | An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. Users were capable of linking CI/CD jobs of private projects which they are not a member of. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-4532 |
CVE-2023-5198 | An issue has been discovered in GitLab affecting all versions prior to 16.2.7, all versions starting from 16.3 before 16.3.5, and all versions starting from 16.4 before 16.4.1. It was possible for a removed project member to write to protected branches using deploy keys. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-5198 |
CVE-2023-5194 | Mattermost fails to properly validate permissions when demoting and deactivating a user allowing for a system/user manager to demote / deactivate another manager\n\n | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-5194 |
CVE-2023-41306 | Vulnerability of mutex management in the bone voice ID trusted application (TA) module. Successful exploitation of this vulnerability may cause the bone voice ID feature to be unavailable. | 3.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-41306 |
CVE-2023-41335 | Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. When users update their passwords, the new credentials may be briefly held in the server database. While this doesn't grant the server any added capabilities—it already learns the users' passwords as part of the authentication process—it does disrupt the expectation that passwords won't be stored in the database. As a result, these passwords could inadvertently be captured in database backups for a longer duration. These temporarily stored passwords are automatically erased after a 48-hour window. This issue has been addressed in version 1.93.0. Users are advised to upgrade. There are no known workarounds for this issue. | 3.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-41335 |
CVE-2023-38872 | An Insecure Direct Object Reference (IDOR) vulnerability in gugoan Economizzer commit 3730880 (April 2023) and v.0.9-beta1 allows any unauthenticated attacker to access cash book entry attachments of any other user, if they know the Id of the attachment. | 3.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-38872 |
CVE-2023-5313 | A vulnerability classified as problematic was found in phpkobo Ajax Poll Script 3.18. Affected by this vulnerability is an unknown functionality of the file ajax-poll.php of the component Poll Handler. The manipulation leads to improper enforcement of a single, unique action. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240949 was assigned to this vulnerability. | 3.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-5313 |
CVE-2023-44128 | he vulnerability is to delete arbitrary files in LGInstallService ("com.lge.lginstallservies") app. The app contains the exported "com.lge.lginstallservies.InstallService" service that exposes an AIDL interface. All its "installPackage*" methods are finally calling the "installPackageVerify()" method that performs signature validation after the delete file method. An attacker can control conditions so this security check is never performed and an attacker-controlled file is deleted. | 3.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-44128 |
CVE-2023-41332 | Cilium is a networking, observability, and security solution with an eBPF-based dataplane. In Cilium clusters where Cilium's Layer 7 proxy has been disabled, creating workloads with `policy.cilium.io/proxy-visibility` annotations (in Cilium >= v1.13) or `io.cilium.proxy-visibility` annotations (in Cilium <= v1.12) causes the Cilium agent to segfault on the node to which the workload is assigned. Existing traffic on the affected node will continue to flow, but the Cilium agent on the node will not able to process changes to workloads running on the node. This will also prevent workloads from being able to start on the affected node. The denial of service will be limited to the node on which the workload is scheduled, however an attacker may be able to schedule workloads on the node of their choosing, which could lead to targeted attacks. This issue has been resolved in Cilium versions 1.14.2, 1.13.7, and 1.12.14. Users unable to upgrade can avoid this denial of service attack by enabling the Layer 7 proxy.\n\n | 3.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-41332 |
CVE-2023-3906 | An input validation issue in the asset proxy in GitLab EE, affecting all versions from 12.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1, allowed an authenticated attacker to craft image urls which bypass the asset proxy. | 3.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-3906 |
CVE-2021-31498 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-12744. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-31498 |
CVE-2021-31501 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenText Brava! Desktop 16.6.3.84. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-13310. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-31501 |
CVE-2021-31506 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-13674. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2021-31506 |
CVE-2023-29497 | A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14. An app may be able to access calendar data saved to a temporary directory. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-29497 |
CVE-2023-35990 | The issue was addressed with improved checks. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, iOS 16.7 and iPadOS 16.7, macOS Sonoma 14. An app may be able to identify what other apps a user has installed. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-35990 |
CVE-2023-37448 | A lock screen issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14. A user may be able to view restricted content from the lock screen. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-37448 |
CVE-2023-40384 | A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-40384 |
CVE-2023-40386 | A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14. An app may be able to access Notes attachments. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-40386 |
CVE-2023-40395 | The issue was addressed with improved handling of caches. This issue is fixed in tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access contacts. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-40395 |
CVE-2023-40427 | The issue was addressed with improved handling of caches. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read sensitive location information. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-40427 |
CVE-2023-40434 | A configuration issue was addressed with additional restrictions. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to access a user's Photos Library. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-40434 |
CVE-2023-40456 | The issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10. An app may be able to access edited photos saved to a temporary directory. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-40456 |
CVE-2023-40520 | The issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10. An app may be able to access edited photos saved to a temporary directory. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-40520 |
CVE-2023-41065 | A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to read sensitive location information. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-41065 |
CVE-2023-41310 | Keep-alive vulnerability in the sticky broadcast mechanism. Successful exploitation of this vulnerability may cause malicious apps to run continuously in the background. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-41310 |
CVE-2023-44124 | The vulnerability is to theft of arbitrary files with system privilege in the Screen recording ("com.lge.gametools.gamerecorder") app in the "com/lge/gametools/gamerecorder/settings/ProfilePreferenceFragment.java" file. The main problem is that the app launches implicit intents that can be intercepted by third-party apps installed on the same device. They also can return arbitrary data that will be passed to the "onActivityResult()" method. The Screen recording app saves contents of arbitrary URIs to SD card which is a world-readable storage. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-44124 |
CVE-2023-44129 | The vulnerability is that the Messaging ("com.android.mms") app patched by LG forwards attacker-controlled intents back to the attacker in the exported "com.android.mms.ui.QClipIntentReceiverActivity" activity. The attacker can abuse this functionality by launching this activity and then sending a broadcast with the "com.lge.message.action.QCLIP" action. The attacker can send, e.g., their own data/clipdata and set Intent.FLAG_GRANT_* flags. After the attacker received that intent in the "onActivityResult()" method, they would have access to arbitrary content providers that have the `android:grantUriPermissions="true"` flag set. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-44129 |
CVE-2021-24371 | The Import feature of the RSVPMaker WordPress plugin before 8.7.3 (/wp-admin/tools.php?page=rsvpmaker_export_screen) takes an URL input and calls curl on it, without first validating it to ensure it's a remote one. As a result, a high privilege user could use that feature to scan the internal network via a SSRF attack. | 2.7 | https://nvd.nist.gov/vuln/detail/CVE-2021-24371 |
CVE-2023-5159 | Mattermost fails to properly verify the permissions when managing/updating a bot allowing a User Manager role with user edit permissions to manage/update bots.\n\n | 2.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-5159 |
CVE-2023-5193 | Mattermost fails to properly check permissions when retrieving a post allowing for a System Role with the permission to manage channels to read the posts of a DM conversation.\n\n | 2.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-5193 |
CVE-2023-0195 | NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer driver nvlddmkm.sys, where an can cause CWE-1284,\nwhich may lead to hypothetical Information leak of unimportant data such as local variable data of the driver | 2.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-0195 |
CVE-2010-1623 | Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket. | – | https://nvd.nist.gov/vuln/detail/CVE-2010-1623 |
CVE-2013-1315 | Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013; Office Web Apps 2010; Excel 2003 SP3, 2007 SP3, 2010 SP1 and SP2, 2013, and 2013 RT; Office for Mac 2011; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability." | – | https://nvd.nist.gov/vuln/detail/CVE-2013-1315 |
CVE-2014-1737 | The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device. | – | https://nvd.nist.gov/vuln/detail/CVE-2014-1737 |
CVE-2014-3153 | The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification. | – | https://nvd.nist.gov/vuln/detail/CVE-2014-3153 |
CVE-2014-3534 | arch/s390/kernel/ptrace.c in the Linux kernel before 3.15.8 on the s390 platform does not properly restrict address-space control operations in PTRACE_POKEUSR_AREA requests, which allows local users to obtain read and write access to kernel memory locations, and consequently gain privileges, via a crafted application that makes a ptrace system call. | – | https://nvd.nist.gov/vuln/detail/CVE-2014-3534 |
CVE-2014-2648 | Unspecified vulnerability in HP Operations Manager 9.10 and 9.11 on UNIX allows remote attackers to execute arbitrary code via unknown vectors. | – | https://nvd.nist.gov/vuln/detail/CVE-2014-2648 |
CVE-2014-8587 | SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) signatures via unspecified vectors. | – | https://nvd.nist.gov/vuln/detail/CVE-2014-8587 |
CVE-2015-0063 | Microsoft Excel 2007 SP3; the proofing tools in Office 2010 SP2; Excel 2010 SP2; Excel 2013 Gold, SP1, and RT; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Excel Remote Code Execution Vulnerability." | – | https://nvd.nist.gov/vuln/detail/CVE-2015-0063 |
CVE-2022-21813 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel driver, where improper handling of insufficient permissions or privileges may allow an unprivileged local user limited write access to protected memory, which can lead to denial of service. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-21813 |
CVE-2022-21814 | NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel driver package, where improper handling of insufficient permissions or privileges may allow an unprivileged local user limited write access to protected memory, which can lead to denial of service. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-21814 |
CVE-2022-28181 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where an unprivileged regular user on the network can cause an out-of-bounds write through a specially crafted shader, which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. The scope of the impact may extend to other components. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-28181 |
CVE-2023-36845 | A PHP External Variable Modification vulnerability in J-Web of Juniper Networks Junos OS on EX Series \n\nand SRX Series \n\nallows an unauthenticated, network-based attacker to remotely execute code.\n\nUsing a crafted request which sets the variable PHPRC an attacker is able to modify the PHP execution environment allowing the injection und execution of code.\n\n\nThis issue affects Juniper Networks Junos OS on EX Series\n\n\nand \n\n\nSRX Series:\n\n\n\n * All versions prior to \n\n20.4R3-S9;\n * 21.1 versions 21.1R1 and later;\n * 21.2 versions prior to 21.2R3-S7;\n * 21.3 versions prior to 21.3R3-S5;\n * 21.4 versions prior to 21.4R3-S5;\n * 22.1 versions \n\nprior to \n\n22.1R3-S4;\n * 22.2 versions \n\nprior to \n\n22.2R3-S2;\n * 22.3 versions \n\nprior to \n\n22.3R2-S2, 22.3R3-S1;\n * 22.4 versions \n\nprior to \n\n22.4R2-S1, 22.4R3;\n * 23.2 versions prior to 23.2R1-S1, 23.2R2.\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-36845 |
CVE-2023-36846 | A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.\n\n\n\nWith a specific request to user.php that doesn't require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of \n\nintegrity\n\nfor a certain \n\npart of the file system, which may allow chaining to other vulnerabilities.\n\n\nThis issue affects Juniper Networks Junos OS on SRX Series:\n\n\n\n * All versions prior to 20.4R3-S8;\n * 21.1 versions 21.1R1 and later;\n * 21.2 versions prior to 21.2R3-S6;\n * 21.3 versions \n\nprior to \n\n 21.3R3-S5;\n * 21.4 versions \n\nprior to \n\n21.4R3-S5;\n * 22.1 versions \n\nprior to \n\n22.1R3-S3;\n * 22.2 versions \n\nprior to \n\n22.2R3-S2;\n * 22.3 versions \n\nprior to \n\n22.3R2-S2, 22.3R3;\n * 22.4 versions \n\nprior to \n\n22.4R2-S1, 22.4R3.\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-36846 |
CVE-2023-36847 | A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on EX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity.\n\n\n\n\n\nWith a specific request to installAppPackage.php that doesn't require authentication an attacker is able to upload arbitrary files via J-Web, leading to a loss of \n\nintegrity\n\nfor a certain \n\npart of the file system, which may allow chaining to other vulnerabilities.\n\n\nThis issue affects Juniper Networks Junos OS on EX Series:\n\n\n\n * All versions prior to 20.4R3-S8;\n * 21.1 versions 21.1R1 and later;\n * 21.2 versions prior to 21.2R3-S6;\n * 21.3 versions \n\nprior to \n\n 21.3R3-S5;\n * 21.4 versions \n\nprior to \n\n21.4R3-S4;\n * 22.1 versions \n\nprior to \n\n22.1R3-S3;\n * 22.2 versions \n\nprior to \n\n22.2R3-S1;\n * 22.3 versions \n\nprior to \n\n22.3R2-S2, 22.3R3;\n * 22.4 versions \n\nprior to \n\n22.4R2-S1, 22.4R3.\n\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-36847 |
CVE-2023-44216 | PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification, aka a GPU.zip issue. For example, attackers can sometimes accurately determine text contained on a web page from one origin if they control a resource from a different origin. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44216 |
CVE-2023-5221 | A vulnerability classified as critical has been found in ForU CMS. This affects an unknown part of the file /install/index.php. The manipulation of the argument db_name leads to code injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-240363. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5221 |
CVE-2023-5222 | A vulnerability classified as critical was found in Viessmann Vitogate 300 up to 2.1.3.0. This vulnerability affects the function isValidUser of the file /cgi-bin/vitogate.cgi of the component Web Management Interface. The manipulation leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240364. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5222 |
CVE-2023-20109 | A vulnerability in the Cisco Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute arbitrary code on an affected device or cause the device to crash.\r\n\r This vulnerability is due to insufficient validation of attributes in the Group Domain of Interpretation (GDOI) and G-IKEv2 protocols of the GET VPN feature. An attacker could exploit this vulnerability by either compromising an installed key server or modifying the configuration of a group member to point to a key server that is controlled by the attacker. A successful exploit could allow the attacker to execute arbitrary code and gain full control of the affected system or cause the affected system to reload, resulting in a denial of service (DoS) condition. For more information, see the Details ["#details"] section of this advisory. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20109 |
CVE-2023-20179 | A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to inject HTML content.\r\n\r This vulnerability is due to improper validation of user-supplied data in element fields. An attacker could exploit this vulnerability by submitting malicious content within requests and persuading a user to view a page that contains injected content. A successful exploit could allow the attacker to modify pages within the web-based management interface, possibly leading to further browser-based attacks against users of the application. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20179 |
CVE-2023-20186 | A vulnerability in the Authentication, Authorization, and Accounting (AAA) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to bypass command authorization and copy files to or from the file system of an affected device using the Secure Copy Protocol (SCP).\r\n\r This vulnerability is due to incorrect processing of SCP commands in AAA command authorization checks. An attacker with valid credentials and level 15 privileges could exploit this vulnerability by using SCP to connect to an affected device from an external machine. A successful exploit could allow the attacker to obtain or change the configuration of the affected device and put files on or retrieve files from the affected device. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20186 |
CVE-2023-20187 | A vulnerability in the Multicast Leaf Recycle Elimination (mLRE) feature of Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. \r\n\r This vulnerability is due to incorrect handling of certain IPv6 multicast packets when they are fanned out more than seven times on an affected device. An attacker could exploit this vulnerability by sending a specific IPv6 multicast or IPv6 multicast VPN (MVPNv6) packet through the affected device. A successful exploit could allow the attacker to cause a reload of the affected device, resulting in a DoS condition. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20187 |
CVE-2023-20202 | A vulnerability in the Wireless Network Control daemon (wncd) of Cisco IOS XE Software for Wireless LAN Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition.\r\n\r This vulnerability is due to improper memory management. An attacker could exploit this vulnerability by sending a series of network requests to an affected device. A successful exploit could allow the attacker to cause the wncd process to consume available memory and eventually cause the device to reload, resulting in a DoS condition. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20202 |
CVE-2023-20226 | A vulnerability in Application Quality of Experience (AppQoE) and Unified Threat Defense (UTD) on Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition.\r\n\r This vulnerability is due to the mishandling of a crafted packet stream through the AppQoE or UTD application. An attacker could exploit this vulnerability by sending a crafted packet stream through an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20226 |
CVE-2023-20227 | A vulnerability in the Layer 2 Tunneling Protocol (L2TP) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r This vulnerability is due to improper handling of certain L2TP packets. An attacker could exploit this vulnerability by sending crafted L2TP packets to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition.\r\n\r Note: Only traffic directed to the affected system can be used to exploit this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20227 |
CVE-2023-20231 | A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device.\r\n\r This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to execute arbitrary Cisco IOS XE Software CLI commands with level 15 privileges.\r\n\r Note: This vulnerability is exploitable only if the attacker obtains the credentials for a Lobby Ambassador account. This account is not configured by default. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20231 |
CVE-2023-20251 | A vulnerability in the memory buffer of Cisco Wireless LAN Controller (WLC) AireOS Software could allow an unauthenticated, adjacent attacker to cause memory leaks that could eventually lead to a device reboot.\r\n\r This vulnerability is due to memory leaks caused by multiple clients connecting under specific conditions. An attacker could exploit this vulnerability by causing multiple wireless clients to attempt to connect to an access point (AP) on an affected device. A successful exploit could allow the attacker to cause the affected device to reboot after a significant amount of time, resulting in a denial of service (DoS) condition. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20251 |
CVE-2023-20252 | A vulnerability in the Security Assertion Markup Language (SAML) APIs of Cisco Catalyst SD-WAN Manager Software could allow an unauthenticated, remote attacker to gain unauthorized access to the application as an arbitrary user.\r\n\r This vulnerability is due to improper authentication checks for SAML APIs. An attacker could exploit this vulnerability by sending requests directly to the SAML API. A successful exploit could allow the attacker to generate an authorization token sufficient to gain access to the application. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20252 |
CVE-2023-20268 | A vulnerability in the packet processing functionality of Cisco access point (AP) software could allow an unauthenticated, adjacent attacker to exhaust resources on an affected device.\r\n\r This vulnerability is due to insufficient management of resources when handling certain types of traffic. An attacker could exploit this vulnerability by sending a series of specific wireless packets to an affected device. A successful exploit could allow the attacker to consume resources on an affected device. A sustained attack could lead to the disruption of the Control and Provisioning of Wireless Access Points (CAPWAP) tunnel and intermittent loss of wireless client traffic. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20268 |
CVE-2023-43656 | matrix-hookshot is a Matrix bot for connecting to external services like GitHub, GitLab, JIRA, and more. Instances that have enabled transformation functions (those that have `generic.allowJsTransformationFunctions` in their config), may be vulnerable to an attack where it is possible to break out of the `vm2` sandbox and as a result Hookshot will be vulnerable to this. This problem is only likely to affect users who have allowed untrusted users to apply their own transformation functions. If you have only enabled a limited set of trusted users, this threat is reduced (though not eliminated). Version 4.5.0 and above of hookshot include a new sandbox library which should better protect users. Users are advised to upgrade. Users unable to upgrade should disable `generic.allowJsTransformationFunctions` in the config. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43656 |
CVE-2023-43320 | An issue in Proxmox Server Solutions GmbH Proxmox VE v.5.4 thru v.8.0, Proxmox Backup Server v.1.1 thru v.3.0, and Proxmox Mail Gateway v.7.1 thru v.8.0 allows a remote authenticated attacker to escalate privileges via bypassing the two-factor authentication component. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43320 |
CVE-2023-5215 | A flaw was found in libnbd. A server can reply with a block size larger than 2^63 (the NBD spec states the size is a 64-bit unsigned value). This issue could lead to an application crash or other unintended behavior for NBD clients that doesn't treat the return value of the nbd_get_size() function correctly. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5215 |
CVE-2023-5256 | In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation.\n\nThis vulnerability only affects sites with the JSON:API module enabled, and can be mitigated by uninstalling JSON:API.\n\nThe core REST and contributed GraphQL modules are not affected.\n\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5256 |
CVE-2023-43662 | ShokoServer is a media server which specializes in organizing anime. In affected versions the `/api/Image/WithPath` endpoint is accessible without authentication and is supposed to return default server images. The endpoint accepts the parameter `serverImagePath`, which is not sanitized in any way before being passed to `System.IO.File.OpenRead`, which results in an arbitrary file read. This issue may lead to an arbitrary file read which is exacerbated in the windows installer which installs the ShokoServer as administrator. Any unauthenticated attacker may be able to access sensitive information and read files stored on the server. The `/api/Image/WithPath` endpoint has been removed in commit `6c57ba0f0` which will be included in subsequent releases. Users should limit access to the `/api/Image/WithPath` endpoint or manually patch their installations until a patched release is made. This issue was discovered by the GitHub Security lab and is also indexed as GHSL-2023-191. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43662 |
CVE-2023-5257 | A vulnerability was found in WhiteHSBG JNDIExploit 1.4 on Windows. It has been rated as problematic. Affected by this issue is the function handleFileRequest of the file src/main/java/com/feihong/ldap/HTTPServer.java. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. VDB-240866 is the identifier assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5257 |
CVE-2023-5258 | A vulnerability classified as critical has been found in OpenRapid RapidCMS 1.3.1. This affects an unknown part of the file /resource/addgood.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240867. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5258 |
CVE-2023-5262 | A vulnerability has been found in OpenRapid RapidCMS 1.3.1 and classified as critical. Affected by this vulnerability is the function isImg of the file /admin/config/uploadicon.php. The manipulation of the argument fileName leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240871. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5262 |
CVE-2023-5263 | A vulnerability was found in ZZZCMS 2.1.7 and classified as critical. Affected by this issue is the function restore of the file /admin/save.php of the component Database Backup File Handler. The manipulation leads to permission issues. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240872. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5263 |
CVE-2023-5264 | A vulnerability classified as critical was found in huakecms 3.0. Affected by this vulnerability is an unknown functionality of the file /admin/cms_content.php. The manipulation of the argument cid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240877 was assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5264 |
CVE-2023-5266 | A vulnerability, which was classified as critical, was found in DedeBIZ 6.2. This affects an unknown part of the file /src/admin/tags_main.php. The manipulation of the argument ids leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240879. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5266 |
CVE-2023-5268 | A vulnerability was found in DedeBIZ 6.2 and classified as critical. This issue affects some unknown processing of the file /src/admin/makehtml_taglist_action.php. The manipulation of the argument mktime leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240881 was assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5268 |
CVE-2023-3024 | Forcing the Bluetooth LE stack to segment 'prepare write response' packets can lead to an out-of-bounds memory access. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-3024 |
CVE-2023-26218 | The Web Client component of TIBCO Software Inc.'s TIBCO Nimbus contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker to social engineer a legitimate user with network access to execute scripts targeting the affected system or the victim's local system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Nimbus: versions 10.6.0 and below.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26218 |
CVE-2023-43655 | Composer is a dependency manager for PHP. Users publishing a composer.phar to a public web-accessible server where the composer.phar can be executed as a php file may be subject to a remote code execution vulnerability if PHP also has `register_argc_argv` enabled in php.ini. Versions 2.6.4, 2.2.22 and 1.10.27 patch this vulnerability. Users are advised to upgrade. Users unable to upgrade should make sure `register_argc_argv` is disabled in php.ini, and avoid publishing composer.phar to the web as this is not best practice.\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43655 |
CVE-2022-35908 | Cambium Enterprise Wi-Fi System Software before 6.4.2 does not sanitize the ping host argument in device-agent. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-35908 |
CVE-2023-44270 | An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets (CSS). There may be \\r discrepancies, as demonstrated by @font-face{ font:(\\r/*);} in a rule. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44270 |
CVE-2023-5296 | A vulnerability was found in Xinhu RockOA 1.1/2.3.2/15.X3amdi and classified as problematic. Affected by this issue is some unknown functionality of the file api.php?m=reimplat&a=index of the component Password Handler. The manipulation leads to weak password recovery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-240926 is the identifier assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5296 |
CVE-2023-5297 | A vulnerability was found in Xinhu RockOA 2.3.2. It has been classified as problematic. This affects the function start of the file task.php?m=sys|runt&a=beifen. The manipulation leads to exposure of backup file to an unauthorized control sphere. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240927. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5297 |
CVE-2023-5207 | A vulnerability was discovered in GitLab CE and EE affecting all versions starting 16.0 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. An authenticated attacker could perform arbitrary pipeline execution under the context of another user. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5207 |
CVE-2023-4211 | A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-4211 |
CVE-2023-5324 | A vulnerability has been found in eeroOS up to 6.16.4-11 and classified as critical. This vulnerability affects unknown code of the component Ethernet Interface. The manipulation leads to denial of service. The attack needs to be approached within the local network. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-241024. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5324 |
CVE-2023-5326 | A vulnerability was found in SATO CL4NX-J Plus 1.13.2-u455_r2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component WebConfig. The manipulation leads to improper authentication. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-241027. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5326 |
CVE-2023-5327 | A vulnerability was found in SATO CL4NX-J Plus 1.13.2-u455_r2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /rest/dir/. The manipulation of the argument full leads to path traversal. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-241028. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5327 |
CVE-2023-5328 | A vulnerability classified as critical has been found in SATO CL4NX-J Plus 1.13.2-u455_r2. This affects an unknown part of the component Cookie Handler. The manipulation with the input auth=user,level1,settings; web=true leads to improper authentication. Access to the local network is required for this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-241029 was assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5328 |
CVE-2023-41800 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in UniConsent UniConsent CMP for GDPR CPRA GPP TCF plugin <= 1.4.2 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-41800 |
CVE-2023-41847 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WEN Solutions Notice Bar plugin <= 3.1.0 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-41847 |
CVE-2023-41855 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Regpacks Regpack plugin <= 0.1 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-41855 |
CVE-2023-41856 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ClickToTweet.Com Click To Tweet plugin <= 2.0.14 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-41856 |
CVE-2023-41859 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ashok Rane Order Delivery Date for WP e-Commerce plugin <= 1.2 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-41859 |
CVE-2023-44244 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FooPlugins FooGallery plugin <= 2.2.44 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44244 |
CVE-2023-44474 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in MD Jakir Hosen Tiger Forms – Drag and Drop Form Builder plugin <= 2.0.0 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44474 |
CVE-2023-44479 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jim Krill WP Jump Menu plugin <= 3.6.4 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44479 |
CVE-2023-44144 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Dreamfox Payment gateway per Product for WooCommerce plugin <= 3.2.7 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44144 |
CVE-2023-44145 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in jesweb.Dev Anchor Episodes Index (Spotify for Podcasters) plugin <= 2.1.7 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44145 |
CVE-2023-44239 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jobin Jose WWM Social Share On Image Hover plugin <= 2.2 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44239 |
CVE-2023-44245 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Leap Contractor Contact Form Website to Workflow Tool plugin <= 4.0.0 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44245 |
CVE-2023-44262 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Renzo Johnson Blocks plugin <= 1.6.41 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44262 |
CVE-2023-44263 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Riyaz Social Metrics plugin <= 2.2 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44263 |
CVE-2023-3768 | Incorrect data input validation vulnerability, which could allow an attacker with access to the network to implement fuzzing techniques that would allow him to gain knowledge about specially crafted packets that would create a DoS condition through the MMS protocol when initiating communication, achieving a complete system reboot of the device and its services. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-3768 |
CVE-2023-44228 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Onclick show popup plugin <= 8.1 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44228 |
CVE-2023-44230 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Popup contact form plugin <= 7.1 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44230 |
CVE-2023-5160 | Mattermost fails to check the Show Full Name option at the /api/v4/teams/TEAM_ID/top/team_members endpoint allowing a member to get the full name of another user even if the Show Full Name option was disabled\n\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5160 |
CVE-2023-5106 | An issue has been discovered in Ultimate-licensed GitLab EE affecting all versions starting 13.12 prior to 16.2.8, 16.3.0 prior to 16.3.5, and 16.4.0 prior to 16.4.1 that could allow an attacker to impersonate users in CI pipelines through direct transfer group imports. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5106 |
CVE-2023-41580 | Phpipam before v1.5.2 was discovered to contain a LDAP injection vulnerability via the dname parameter at /users/ad-search-result.php. This vulnerability allows attackers to enumerate arbitrary fields in the LDAP server and access sensitive data via a crafted POST request. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-41580 |
CVE-2015-10124 | A vulnerability was found in Most Popular Posts Widget Plugin up to 0.8 on WordPress. It has been classified as critical. Affected is the function add_views/show_views of the file functions.php. The manipulation leads to sql injection. It is possible to launch the attack remotely. Upgrading to version 0.9 is able to address this issue. The patch is identified as a99667d11ac8d320006909387b100e9a8b5c12e1. It is recommended to upgrade the affected component. VDB-241026 is the identifier assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2015-10124 |
CVE-2023-3744 | Server-Side Request Forgery vulnerability in SLims version 9.6.0. This vulnerability could allow an authenticated attacker to send requests to internal services or upload the contents of relevant files via the "scrape_image.php" file in the imageURL parameter. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-3744 |
CVE-2023-3769 | Incorrect data input validation vulnerability, which could allow an attacker with access to the network to implement fuzzing techniques that would allow him to gain knowledge about specially crafted packets that would create a DoS condition through the MMS protocol when initiating communication, achieving a complete system reboot of the device and its services. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-3769 |
CVE-2023-3770 | \n Incorrect validation vulnerability of the data entered, allowing an attacker with access to the network on which the affected device is located to use the discovery port protocol (1925/UDP) to obtain device-specific information without the need for authentication.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-3770 |
CVE-2023-4659 | Cross-Site Request Forgery vulnerability, whose exploitation could allow an attacker to perform different actions on the platform as an administrator, simply by changing the token value to "admin". It is also possible to perform POST, GET and DELETE requests without any token value. Therefore, an unprivileged remote user is able to create, delete and modify users within theapplication. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-4659 |
CVE-2023-0809 | In Mosquitto before 2.0.16, excessive memory is allocated based on malicious initial packets that are not CONNECT packets. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0809 |
CVE-2023-37605 | Buffer Overflow vulnerability in baramundi software GmbH EMM Agent 23.1.50 and before allows an attacker to cause a denial of service via a crafted request to the password parameter. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-37605 |
CVE-2023-3592 | In Mosquitto before 2.0.16, a memory leak occurs when clients send v5 CONNECT packets with a will message that contains invalid property types.\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-3592 |
CVE-2023-43835 | Super Store Finder 3.7 and below is vulnerable to authenticated Arbitrary PHP Code Injection that could lead to Remote Code Execution when settings overwrite config.inc.php content. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43835 |
CVE-2023-43890 | Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the diagnostic tools page. This vulnerability is exploited via a crafted HTTP request. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43890 |
CVE-2023-44463 | An issue was discovered in pretix before 2023.7.1. Incorrect parsing of configuration files causes the application to trust unchecked X-Forwarded-For headers even though it has not been configured to do so. This can lead to IP address spoofing by users of the application. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44463 |
CVE-2023-5344 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5344 |
CVE-2023-43267 | A cross-site scripting (XSS) vulnerability in the publish article function of emlog pro v2.1.14 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title field. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43267 |
CVE-2023-43268 | Deyue Remote Vehicle Management System v1.1 was discovered to contain a deserialization vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43268 |
CVE-2023-43297 | An issue in animal-art-lab v13.6.1 allows attackers to send crafted notifications via leakage of the channel access token. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43297 |
CVE-2023-43361 | Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local attacker to execute arbitrary code and cause a denial of service during the conversion of wav files to ogg files. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43361 |
CVE-2023-43836 | There is a SQL injection vulnerability in the Jizhicms 2.4.9 backend, which users can use to obtain database information | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43836 |
CVE-2023-44008 | File Upload vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the File Manager function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44008 |
CVE-2023-44009 | File Upload vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the Skin Management function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44009 |
CVE-2023-43891 | Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the Changing Username and Password function. This vulnerability is exploited via a crafted payload. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43891 |
CVE-2023-43892 | Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the Hostname parameter within the WAN settings. This vulnerability is exploited via a crafted payload. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43892 |
CVE-2023-43893 | Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the wakeup_mac parameter in the Wake-On-LAN (WoL) function. This vulnerability is exploited via a crafted payload. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43893 |
CVE-2023-44011 | An issue in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the layout.master skin file at the Skin management component. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44011 |
CVE-2023-44012 | Cross Site Scripting vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the helpkey parameter in the Help.aspx component. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44012 |
CVE-2023-28372 | A flaw exists in FlashBlade Purity (OE) Version 4.1.0 whereby a user with privileges to extend an object’s retention period can affect the availability of the object lock.\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28372 |
CVE-2023-31042 | A flaw exists in FlashBlade Purity whereby an authenticated user with access to FlashBlade’s object store protocol can impact the availability of the system’s data access and replication protocols. \n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31042 |
CVE-2023-36627 | A flaw exists in FlashBlade Purity whereby a user with access to an administrative account on a FlashBlade that is configured with timezone-dependent snapshot schedules can configure a timezone to prevent the schedule from functioning properly. \n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-36627 |
CVE-2023-43980 | Presto Changeo testsitecreator up to v1.1.1 was discovered to contain a SQL injection vulnerability via the component disable_json.php. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43980 |
CVE-2023-28373 | A flaw exists in FlashArray Purity whereby an array administrator by configuring an external key manager can affect the availability of data on the system including snapshots protected by SafeMode. \n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28373 |
CVE-2023-32572 | A flaw exists in FlashArray Purity wherein under limited circumstances, an array administrator can alter the retention lock of a pgroup and disable pgroup SafeMode protection. \n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-32572 |
CVE-2023-36628 | A flaw exists in VASA which allows users with access to a vSphere/ESXi VMware admin on a FlashArray to gain root access through privilege escalation.\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-36628 |
CVE-2023-39222 | OS command injection vulnerability in FURUNO SYSTEMS wireless LAN access point devices allows an authenticated user to execute an arbitrary OS command that is not intended to be executed from the web interface by sending a specially crafted request. Affected products and versions are as follows: ACERA 1320 firmware ver.01.26 and earlier, ACERA 1310 firmware ver.01.26 and earlier, ACERA 1210 firmware ver.02.36 and earlier, ACERA 1150i firmware ver.01.35 and earlier, ACERA 1150w firmware ver.01.35 and earlier, ACERA 1110 firmware ver.01.76 and earlier, ACERA 1020 firmware ver.01.86 and earlier, ACERA 1010 firmware ver.01.86 and earlier, ACERA 950 firmware ver.01.60 and earlier, ACERA 850F firmware ver.01.60 and earlier, ACERA 900 firmware ver.02.54 and earlier, ACERA 850M firmware ver.02.06 and earlier, ACERA 810 firmware ver.03.74 and earlier, and ACERA 800ST firmware ver.07.35 and earlier. They are affected when running in ST(Standalone) mode. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-39222 |
CVE-2023-39429 | Cross-site scripting vulnerability in FURUNO SYSTEMS wireless LAN access point devices allows an authenticated user to inject an arbitrary script via a crafted configuration. Affected products and versions are as follows: ACERA 1210 firmware ver.02.36 and earlier, ACERA 1150i firmware ver.01.35 and earlier, ACERA 1150w firmware ver.01.35 and earlier, ACERA 1110 firmware ver.01.76 and earlier, ACERA 1020 firmware ver.01.86 and earlier, ACERA 1010 firmware ver.01.86 and earlier, ACERA 950 firmware ver.01.60 and earlier, ACERA 850F firmware ver.01.60 and earlier, ACERA 900 firmware ver.02.54 and earlier, ACERA 850M firmware ver.02.06 and earlier, ACERA 810 firmware ver.03.74 and earlier, and ACERA 800ST firmware ver.07.35 and earlier. They are affected when running in ST(Standalone) mode. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-39429 |
CVE-2023-41086 | Cross-site request forgery (CSRF) vulnerability exists in FURUNO SYSTEMS wireless LAN access point devices. If a user views a malicious page while logged in, unintended operations may be performed. Affected products and versions are as follows: ACERA 1210 firmware ver.02.36 and earlier, ACERA 1150i firmware ver.01.35 and earlier, ACERA 1150w firmware ver.01.35 and earlier, ACERA 1110 firmware ver.01.76 and earlier, ACERA 1020 firmware ver.01.86 and earlier, ACERA 1010 firmware ver.01.86 and earlier, ACERA 950 firmware ver.01.60 and earlier, ACERA 850F firmware ver.01.60 and earlier, ACERA 900 firmware ver.02.54 and earlier, ACERA 850M firmware ver.02.06 and earlier, ACERA 810 firmware ver.03.74 and earlier, and ACERA 800ST firmware ver.07.35 and earlier. They are affected when running in ST(Standalone) mode. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-41086 |
CVE-2023-42771 | Authentication bypass vulnerability in ACERA 1320 firmware ver.01.26 and earlier, and ACERA 1310 firmware ver.01.26 and earlier allows a network-adjacent unauthenticated attacker who can access the affected product to download configuration files and/or log files, and upload configuration files and/or firmware. They are affected when running in ST(Standalone) mode. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42771 |
CVE-2023-43627 | Path traversal vulnerability in ACERA 1320 firmware ver.01.26 and earlier, and ACERA 1310 firmware ver.01.26 and earlier allows a network-adjacent authenticated attacker to alter critical information such as system files by sending a specially crafted request. They are affected when running in ST(Standalone) mode. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43627 |
CVE-2023-3335 | Insertion of Sensitive Information into Log File vulnerability in Hitachi Ops Center Administrator on Linux allows local users to gain sensive information.This issue affects Hitachi Ops Center Administrator: before 10.9.3-00.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-3335 |
CVE-2023-3440 | Incorrect Default Permissions vulnerability in Hitachi JP1/Performance Management on Windows allows File Manipulation.This issue affects JP1/Performance Management - Manager: from 09-00 before 12-50-07; JP1/Performance Management - Base: from 09-00 through 10-50-*; JP1/Performance Management - Agent Option for Application Server: from 11-00 before 11-50-16; JP1/Performance Management - Agent Option for Enterprise Applications: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for HiRDB: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for IBM Lotus Domino: from 10-00 before 11-50-16; JP1/Performance Management - Agent Option for Microsoft(R) Exchange Server: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for Microsoft(R) Internet Information Server: from 09-00 before 12-00-14; JP1/Performance Management - Agent Option for Microsoft(R) SQL Server: from 09-00 before 12-50-07; JP1/Performance Management - Agent Option for Oracle: from 09-00 before 12-10-08; JP1/Performance Management - Agent Option for Platform: from 09-00 before 12-50-07; JP1/Performance Management - Agent Option for Service Response: from 09-00 before 11-50-16; JP1/Performance Management - Agent Option for Transaction System: from 11-00 before 12-00-14; JP1/Performance Management - Remote Monitor for Microsoft(R) SQL Server: from 09-00 before 12-50-07; JP1/Performance Management - Remote Monitor for Oracle: from 09-00 before 12-10-08; JP1/Performance Management - Remote Monitor for Platform: from 09-00 before 12-10-08; JP1/Performance Management - Remote Monitor for Virtual Machine: from 10-00 before 12-50-07; JP1/Performance Management - Agent Option for Domino: from 09-00 through 09-00-*; JP1/Performance Management - Agent Option for IBM WebSphere Application Server: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for IBM WebSphere MQ: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for JP1/AJS3: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for OpenTP1: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for Oracle WebLogic Server: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for uCosminexus Application Server: from 09-00 through 10-00-*; JP1/Performance Management - Agent Option for Virtual Machine: from 09-00 through 09-01-*.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-3440 |
CVE-2023-3967 | Allocation of Resources Without Limits or Throttling vulnerability in Hitachi Ops Center Common Services on Linux allows DoS.This issue affects Hitachi Ops Center Common Services: before 10.9.3-00.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-3967 |
CVE-2023-5345 | A use-after-free vulnerability in the Linux kernel's fs/smb/client component can be exploited to achieve local privilege escalation.\n\nIn case of an error in smb3_fs_context_parse_param, ctx->password was freed but the field was not set to NULL which could lead to double free.\n\nWe recommend upgrading past commit e6e43b8aa7cd3c3af686caf0c2e11819a886d705.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5345 |
CVE-2023-26150 | Versions of the package asyncua before 0.9.96 are vulnerable to Improper Authentication such that it is possible to access Address Space without encryption and authentication.\r\r**Note:**\r\rThis issue is a result of missing checks for services that require an active session. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26150 |
CVE-2023-26151 | Versions of the package asyncua before 0.9.96 are vulnerable to Denial of Service (DoS) such that an attacker can send a malformed packet and as a result, the server will enter into an infinite loop and consume excessive memory. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26151 |
CVE-2023-26152 | All versions of the package static-server are vulnerable to Directory Traversal due to improper input sanitization passed via the validPath function of server.js. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26152 |
CVE-2023-21673 | Improper Access to the VM resource manager can lead to Memory Corruption. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21673 |
CVE-2023-22382 | Weak configuration in Automotive while VM is processing a listener request from TEE. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22382 |
CVE-2023-22384 | Memory Corruption in VR Service while sending data using Fast Message Queue (FMQ). | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22384 |
CVE-2023-22385 | Memory Corruption in Data Modem while making a MO call or MT VOLTE call. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-22385 |
CVE-2023-24843 | Transient DOS in Modem while triggering a camping on an 5G cell. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24843 |
CVE-2023-24844 | Memory Corruption in Core while invoking a call to Access Control core library with hardware protected address range. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24844 |
CVE-2023-24847 | Transient DOS in Modem while allocating DSM items. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24847 |
CVE-2023-24848 | Information Disclosure in Data Modem while performing a VoLTE call with an undefined RTCP FB line value. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24848 |
CVE-2023-24849 | Information Disclosure in data Modem while parsing an FMTP line in an SDP message. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24849 |
CVE-2023-24850 | Memory Corruption in HLOS while importing a cryptographic key into KeyMaster Trusted Application. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24850 |
CVE-2023-24853 | Memory Corruption in HLOS while registering for key provisioning notify. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24853 |
CVE-2023-24855 | Memory corruption in Modem while processing security related configuration before AS Security Exchange. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24855 |
CVE-2023-28539 | Memory corruption in WLAN Host when the firmware invokes multiple WMI Service Available command. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28539 |
CVE-2023-28540 | Cryptographic issue in Data Modem due to improper authentication during TLS handshake. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28540 |
CVE-2023-28571 | Information disclosure in WLAN HOST while processing the WLAN scan descriptor list during roaming scan. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-28571 |
CVE-2023-33026 | Transient DOS in WLAN Firmware while parsing a NAN management frame. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-33026 |
CVE-2023-33027 | Transient DOS in WLAN Firmware while parsing rsn ies. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-33027 |
CVE-2023-33028 | Memory corruption in WLAN Firmware while doing a memory copy of pmk cache. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-33028 |
CVE-2023-33029 | Memory corruption in DSP Service during a remote call from HLOS to DSP. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-33029 |
CVE-2023-33034 | Memory corruption while parsing the ADSP response command. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-33034 |
CVE-2023-33035 | Memory corruption while invoking callback function of AFE from ADSP. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-33035 |
CVE-2023-33039 | Memory corruption in Automotive Display while destroying the image handle created using connected display driver. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-33039 |
CVE-2023-3655 | cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to 03.A06rks 2023.02.37 are affected by a dangerous methods, that allows to leak the database (system settings, user accounts,...). This vulnerability can be triggered by an HTTP endpoint exposed to the network.\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-3655 |
CVE-2023-3656 | cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to 03.A06rks 2023.02.37 are affected by an unauthenticated remote code execution vulnerability. This vulnerability can be triggered by an HTTP endpoint exposed to the network. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-3656 |
CVE-2023-44217 | \nA local privilege escalation vulnerability in SonicWall Net Extender MSI client for Windows 10.2.336 and earlier versions allows a local low-privileged user to gain system privileges through running repair functionality.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44217 |
CVE-2023-44218 | \nA flaw within the SonicWall NetExtender Pre-Logon feature enables an unauthorized user to gain access to the host Windows operating system with 'SYSTEM' level privileges, leading to a local privilege escalation (LPE) vulnerability.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44218 |
CVE-2023-3654 | cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to 03.A06rks 2023.02.37 are affected by a origin bypass via the host header in an HTTP request. This vulnerability can be triggered by an HTTP endpoint exposed to the network.\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-3654 |
CVE-2023-37891 | Cross-Site Request Forgery (CSRF) vulnerability in OptiMonk OptiMonk: Popups, Personalization & A/B Testing plugin <= 2.0.4 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-37891 |
CVE-2023-37991 | Cross-Site Request Forgery (CSRF) vulnerability in Monchito.Net WP Emoji One plugin <= 0.6.0 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-37991 |
CVE-2023-37992 | Cross-Site Request Forgery (CSRF) vulnerability in PressPage Entertainment Inc. Smarty for WordPress plugin <= 3.1.35 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-37992 |
CVE-2023-37996 | Cross-Site Request Forgery (CSRF) vulnerability in GTmetrix GTmetrix for WordPress plugin <= 0.4.7 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-37996 |
CVE-2023-37998 | Cross-Site Request Forgery (CSRF) vulnerability in Saas Disabler plugin <= 3.0.3 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-37998 |
CVE-2023-38381 | Cross-Site Request Forgery (CSRF) vulnerability in Cyle Conoly WP-FlyBox plugin <= 6.46 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-38381 |
CVE-2022-46841 | Cross-Site Request Forgery (CSRF) vulnerability in Soflyy Oxygen Builder plugin <= 4.4 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-46841 |
CVE-2023-0828 | Cross-site Scripting (XSS) vulnerability in Syslog Section of Pandora FMS allows attacker to cause that users cookie value will be transferred to the attackers users server. This issue affects Pandora FMS v767 version and prior versions on all platforms. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0828 |
CVE-2023-24518 | A Cross-site Request Forgery (CSRF) vulnerability in Pandora FMS allows an attacker to force authenticated users to send a request to a web application they are currently authenticated against. This issue affects Pandora FMS version 767 and earlier versions on all platforms. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-24518 |
CVE-2023-25463 | Cross-Site Request Forgery (CSRF) vulnerability in Gopi Ramasamy WP tell a friend popup form plugin <= 7.1 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25463 |
CVE-2023-37990 | Cross-Site Request Forgery (CSRF) vulnerability in Mike Perelink Pro plugin <= 2.1.4 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-37990 |
CVE-2023-38390 | Cross-Site Request Forgery (CSRF) vulnerability in Anshul Labs Mobile Address Bar Changer plugin <= 3.0 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-38390 |
CVE-2023-38396 | Cross-Site Request Forgery (CSRF) vulnerability in Alain Gonzalez plugin <= 3.1.2 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-38396 |
CVE-2023-38398 | Cross-Site Request Forgery (CSRF) vulnerability in Taboola plugin <= 2.0.1 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-38398 |
CVE-2023-4097 | The file upload functionality is not implemented correctly and allows uploading of any type of file. As a prerequisite, it is necessary for the attacker to log into the application with a valid username. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-4097 |
CVE-2022-47891 | All versions of NetMan 204 allow an attacker that knows the MAC and serial number of the device to reset the administrator password via the legitimate recovery function. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-47891 |
CVE-2022-47892 | All versions of NetMan 204 could allow an unauthenticated remote attacker to read a file (config.cgi) containing sensitive information, like credentials. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-47892 |
CVE-2022-47893 | There is a remote code execution vulnerability that affects all versions of NetMan 204. A remote attacker could upload a firmware file containing a webshell, that could allow him to execute arbitrary code as root. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-47893 |
CVE-2023-25989 | Cross-Site Request Forgery (CSRF) vulnerability in Meks Video Importer, Meks Time Ago, Meks ThemeForest Smart Widget, Meks Smart Author Widget, Meks Audio Player, Meks Easy Maps, Meks Easy Photo Feed Widget, Meks Simple Flickr Widget, Meks Easy Ads Widget, Meks Smart Social Widget plugins leading to dismiss or the popup. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25989 |
CVE-2023-2830 | Cross-Site Request Forgery (CSRF) vulnerability in Trustindex.Io WP Testimonials plugin <= 1.4.2 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2830 |
CVE-2023-39165 | Cross-Site Request Forgery (CSRF) vulnerability in Fetch Designs Sign-up Sheets plugin <= 2.2.8 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-39165 |
CVE-2023-39917 | Cross-Site Request Forgery (CSRF) vulnerability in Photo Gallery Team Photo Gallery by Ays – Responsive Image Gallery plugin <= 5.2.6 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-39917 |
CVE-2023-39923 | Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme The Post Grid plugin <= 7.2.7 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-39923 |
CVE-2023-39989 | Cross-Site Request Forgery (CSRF) vulnerability in 99robots Header Footer Code Manager plugin <= 1.1.34 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-39989 |
CVE-2023-40210 | Cross-Site Request Forgery (CSRF) vulnerability in Sean Barton (Tortoise IT) SB Child List plugin <= 4.5 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40210 |
CVE-2023-4098 | It has been identified that the web application does not correctly filter input parameters, allowing SQL injections, DoS or information disclosure. As a prerequisite, it is necessary to log into the application. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-4098 |
CVE-2023-4099 | The QSige Monitor application does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so. As a prerequisite, it is necessary to log into the application. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-4099 |
CVE-2023-4100 | Allows an attacker to perform XSS attacks stored on certain resources. Exploiting this vulnerability can lead to a DoS condition, among other actions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-4100 |
CVE-2023-4101 | The QSige login SSO does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so. As a prerequisite, it is necessary to log into the application. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-4101 |
CVE-2023-4102 | QSige login SSO does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so. As a prerequisite, it is necessary to log into the application. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-4102 |
CVE-2023-4103 | QSige statistics are affected by a remote SQLi vulnerability. It has been identified that the web application does not correctly filter input parameters, allowing SQL injections, DoS or information disclosure. As a prerequisite, it is necessary to log into the application. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-4103 |
CVE-2023-5350 | SQL Injection in GitHub repository salesagility/suitecrm prior to 7.14.1. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5350 |
CVE-2023-5351 | Cross-site Scripting (XSS) - Stored in GitHub repository salesagility/suitecrm prior to 7.14.1. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5351 |
CVE-2023-2681 | An SQL Injection vulnerability has been found on Jorani version 1.0.0. This vulnerability allows an authenticated remote user, with low privileges, to send queries with malicious SQL code on the "/leaves/validate" path and the “id” parameter, managing to extract arbritary information from the database. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2681 |
CVE-2023-32669 | Authorization bypass vulnerability in BuddyBoss 2.2.9 version, the exploitation of which could allow an authenticated user to access and rename other users' albums. This vulnerability can be exploited by changing the album identification (id). | – | https://nvd.nist.gov/vuln/detail/CVE-2023-32669 |
CVE-2023-32670 | Cross-Site Scripting vulnerability \n\nin BuddyBoss 2.2.9 version\n\n, which could allow a local attacker with basic privileges to execute a malicious payload through the "[name]=image.jpg" parameter, allowing to assign a persistent javascript payload that would be triggered when the associated image is loaded.\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-32670 |
CVE-2023-32671 | A stored XSS vulnerability has been found on BuddyBoss Platform affecting version 2.2.9. This vulnerability allows an attacker to store a malicious javascript payload via POST request when sending an invitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-32671 |
CVE-2023-32790 | Cross-Site Scripting (XSS) vulnerability in NXLog Manager 5.6.5633 version. This vulnerability allows an attacker to inject a malicious JavaScript payload into the 'Full Name' field during a user edit, due to improper sanitization of the input parameter. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-32790 |
CVE-2023-32791 | Cross-Site Request Forgery (CSRF) vulnerability in NXLog Manager 5.6.5633 version. This vulnerability allows an attacker to manipulate and delete user accounts within the platform by sending a specifically crafted query to the server. The vulnerability is based on the lack of proper validation of the origin of incoming requests. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-32791 |
CVE-2023-32792 | Cross-Site Request Forgery (CSRF) vulnerability in NXLog Manager 5.6.5633 version. This vulnerability allows an attacker to eliminate roles within the platform by sending a specifically crafted query to the server. The vulnerability is based on the absence of proper validation of the origin of incoming requests. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-32792 |
CVE-2023-39159 | Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Fraud Prevention For Woocommerce plugin <= 2.1.5 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-39159 |
CVE-2023-40009 | Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Pipes plugin <= 1.4.0 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40009 |
CVE-2023-40198 | Cross-Site Request Forgery (CSRF) vulnerability in Antsanchez Easy Cookie Law plugin <= 3.1 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40198 |
CVE-2023-40199 | Cross-Site Request Forgery (CSRF) vulnerability in CRUDLab WP Like Button plugin <= 1.7.0 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40199 |
CVE-2023-40201 | Cross-Site Request Forgery (CSRF) vulnerability in FuturioWP Futurio Extra plugin <= 1.8.4 versions leads to activation of arbitrary plugin. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40201 |
CVE-2023-40202 | Cross-Site Request Forgery (CSRF) vulnerability in Hannes Etzelstorfer // codemiq WP HTML Mail plugin <= 3.4.1 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40202 |
CVE-2023-40212 | Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Product Attachment for WooCommerce plugin <= 2.1.8 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40212 |
CVE-2023-42508 | JFrog Artifactory prior to version 7.66.0 is vulnerable to specific endpoint abuse with a specially crafted payload, which can lead to unauthenticated users being able to send emails with manipulated email body. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42508 |
CVE-2023-5353 | Improper Access Control in GitHub repository salesagility/suitecrm prior to 7.14.1. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5353 |
CVE-2023-0506 | The web service of ByDemes Group Airspace CCTV Web Service in its 2.616.BY00.11 version, contains a privilege escalation vulnerability, detected in the Camera Control Panel, whose exploitation could allow a low-privileged attacker to gain administrator access. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-0506 |
CVE-2023-27435 | Cross-Site Request Forgery (CSRF) vulnerability in Sami Ahmed Siddiqui HTTP Auth plugin <= 0.3.2 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-27435 |
CVE-2023-2544 | Authorization bypass vulnerability in UPV PEIX, affecting the component "pdf_curri_new.php". Through a POST request, an authenticated user could change the ID parameter to retrieve all the stored information of other registered users. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-2544 |
CVE-2023-32091 | Cross-Site Request Forgery (CSRF) vulnerability in POEditor plugin <= 0.9.4 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-32091 |
CVE-2023-39158 | Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Banner Management For WooCommerce plugin <= 2.4.2 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-39158 |
CVE-2023-3349 | Information exposure vulnerability in IBERMATICA RPS 2019, which exploitation could allow an unauthenticated user to retrieve sensitive information, such as usernames, IP addresses or SQL queries sent to the application. By accessing the URL /RPS2019Service/status.html, the application enables the logging mechanism by generating the log file, which can be downloaded. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-3349 |
CVE-2023-3350 | A Cryptographic Issue vulnerability has been found on IBERMATICA RPS, affecting version 2019. By firstly downloading the log file, an attacker could retrieve the SQL query sent to the application in plaint text. This log file contains the password hashes coded with AES-CBC-128 bits algorithm, which can be decrypted with a .NET function, obtaining the username's password in plain text. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-3350 |
CVE-2023-40558 | Cross-Site Request Forgery (CSRF) vulnerability in eMarket Design YouTube Video Gallery by YouTube Showcase plugin <= 3.3.5 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40558 |
CVE-2023-41244 | Cross-Site Request Forgery (CSRF) vulnerability in Buildfail Localize Remote Images plugin <= 1.0.9 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-41244 |
CVE-2023-41693 | Cross-Site Request Forgery (CSRF) vulnerability in edward_plainview MyCryptoCheckout plugin <= 2.125 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-41693 |
CVE-2023-4929 | All firmware versions of the NPort 5000 Series are affected by an improper validation of integrity check vulnerability. This vulnerability results from insufficient checks on firmware updates or upgrades, potentially allowing malicious users to manipulate the firmware and gain control of devices.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-4929 |
CVE-2023-4882 | DOS vulnerability that could allow an attacker to register a new VNF (Virtual Network Function) value. This action could trigger the args_assets() function defined in the arg-log.php file, which would then execute the args-abort.c file, causing the service to crash. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-4882 |
CVE-2023-4883 | Invalid pointer release vulnerability. Exploitation of this vulnerability could allow an attacker to interrupt the correct operation of the service by sending a specially crafted json string to the VNF (Virtual Network Function), and triggering the ogs_sbi_message_free function, which could cause a service outage. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-4883 |
CVE-2023-4884 | An attacker could send an HTTP request to an Open5GS endpoint and retrieve the information stored on the device due to the lack of Authentication. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-4884 |
CVE-2023-4885 | Man in the Middle vulnerability, which could allow an attacker to intercept VNF (Virtual Network Function) communications resulting in the exposure of sensitive information. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-4885 |
CVE-2023-4886 | A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and truststore, were found to be world readable. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-4886 |
CVE-2023-3196 | This vulnerability could allow an attacker to store a malicious JavaScript payload in the login footer and login page description parameters within the administration panel. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-3196 |
CVE-2023-4564 | This vulnerability could allow an attacker to store a malicious JavaScript payload in the broadcast message parameter within the admin panel. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-4564 |
CVE-2023-4817 | This vulnerability allows an authenticated attacker to upload malicious files by bypassing the restrictions of the upload functionality, compromising the entire device. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-4817 |
CVE-2023-33200 | A local non-privileged user can make improper GPU processing operations to exploit a software race condition. If the system’s memory is carefully prepared by the user, then this in turn could give them access to already freed memory.\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-33200 |
CVE-2023-34970 | A local non-privileged user can make improper GPU processing operations to access a limited amount outside of buffer bounds or to exploit a software race condition. If the system’s memory is carefully prepared by the user, then this in turn could give them access to already freed memory\n\n | – | https://nvd.nist.gov/vuln/detail/CVE-2023-34970 |
CVE-2023-4732 | A flaw was found in the Linux Kernel's memory management subsytem. A task exits and releases a 2MB page in a vma (vm_area_struct) and hits the BUG statement in pfn_swap_entry_to_page() referencing pmd_t x. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-4732 |
CVE-2023-4911 | A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-4911 |
CVE-2023-5255 | For certificates that utilize the auto-renew feature in Puppet Server, a flaw exists which prevents the certificates from being revoked. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5255 |
CVE-2023-43976 | An issue in CatoNetworks CatoClient before v.5.4.0 allows attackers to escalate privileges and winning the race condition (TOCTOU) via the PrivilegedHelperTool component. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43976 |
CVE-2023-40830 | Tenda AC6 v15.03.05.19 is vulnerable to Buffer Overflow as the Index parameter does not verify the length. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40830 |
CVE-2023-33268 | An issue was discovered in DTS Monitoring 3.57.0. The parameter port within the SSL Certificate check function is vulnerable to OS command injection (blind). | – | https://nvd.nist.gov/vuln/detail/CVE-2023-33268 |
CVE-2023-33269 | An issue was discovered in DTS Monitoring 3.57.0. The parameter options within the WGET check function is vulnerable to OS command injection (blind). | – | https://nvd.nist.gov/vuln/detail/CVE-2023-33269 |
CVE-2023-33270 | An issue was discovered in DTS Monitoring 3.57.0. The parameter url within the Curl check function is vulnerable to OS command injection (blind). | – | https://nvd.nist.gov/vuln/detail/CVE-2023-33270 |
CVE-2023-33271 | An issue was discovered in DTS Monitoring 3.57.0. The parameter common_name within the SSL Certificate check function is vulnerable to OS command injection (blind). | – | https://nvd.nist.gov/vuln/detail/CVE-2023-33271 |
CVE-2023-33272 | An issue was discovered in DTS Monitoring 3.57.0. The parameter ip within the Ping check function is vulnerable to OS command injection (blind). | – | https://nvd.nist.gov/vuln/detail/CVE-2023-33272 |
CVE-2023-33273 | An issue was discovered in DTS Monitoring 3.57.0. The parameter url within the WGET check function is vulnerable to OS command injection (blind). | – | https://nvd.nist.gov/vuln/detail/CVE-2023-33273 |
CVE-2023-39645 | Improper neutralization of SQL parameter in Theme Volty CMS Payment Icon module for PrestaShop. In the module “Theme Volty CMS Payment Icon” (tvcmspaymenticon) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-39645 |
CVE-2023-40519 | A cross-site scripting (XSS) vulnerability in the bpk-common/auth/login/index.html login portal in Broadpeak Centralized Accounts Management Auth Agent 01.01.00.19219575_ee9195b0, 01.01.01.30097902_fd999e76, and 00.12.01.9565588_1254b459 allows remote attackers to inject arbitrary web script or HTML via the disconnectMessage parameter. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40519 |
CVE-2023-43176 | A deserialization vulnerability in Afterlogic Aurora Files v9.7.3 allows attackers to execute arbitrary code via supplying a crafted .sabredav file. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43176 |
CVE-2023-43898 | Nothings stb 2.28 was discovered to contain a Null Pointer Dereference via the function stbi__convert_format. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted pic file. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43898 |
CVE-2023-43951 | SSCMS 7.2.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Column Management component. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43951 |
CVE-2023-43952 | SSCMS 7.2.2 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Material Management component. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43952 |
CVE-2023-43953 | SSCMS 7.2.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Content Management component. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43953 |
CVE-2023-44973 | An arbitrary file upload vulnerability in the component /content/templates/ of Emlog Pro v2.2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44973 |
CVE-2023-44974 | An arbitrary file upload vulnerability in the component /admin/plugin.php of Emlog Pro v2.2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44974 |
CVE-2023-39646 | Improper neutralization of SQL parameter in Theme Volty CMS Category Chain Slider module for PrestaShop. In the module “Theme Volty CMS Category Chain Slide"(tvcmscategorychainslider) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-39646 |
CVE-2023-39648 | Improper neutralization of SQL parameter in Theme Volty CMS Testimonial module for PrestaShop. In the module “Theme Volty CMS Testimonial” (tvcmstestimonial) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-39648 |
CVE-2023-39649 | Improper neutralization of SQL parameter in Theme Volty CMS Category Slider module for PrestaShop. In the module “Theme Volty CMS Category Slider” (tvcmscategoryslider) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-39649 |
CVE-2023-39651 | Improper neutralization of SQL parameter in Theme Volty CMS BrandList module for PrestaShop In the module “Theme Volty CMS BrandList” (tvcmsbrandlist) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-39651 |
CVE-2023-39647 | Improper neutralization of SQL parameter in Theme Volty CMS Category Product module for PrestaShop. In the module “Theme Volty CMS Category Product” (tvcmscategoryproduct) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-39647 |