Security Bulletin 11 Oct 2023

Published on 11 Oct 2023

SingCERT's Security Bulletin summarises the list of vulnerabilities collated from the National Institute of Standards and Technology (NIST)'s National Vulnerability Database (NVD) in the past week.

The vulnerabilities are tabled based on severity, in accordance to their CVSSv3 base scores:


Criticalvulnerabilities with a base score of 9.0 to 10.0
Highvulnerabilities with a base score of 7.0 to 8.9
Mediumvulnerabilities with a base score of 4.0 to 6.9
Lowvulnerabilities with a base score of 0.1 to 3.9
Nonevulnerabilities with a base score of 0.0

For those vulnerabilities without assigned CVSS scores, please visit NVD for the updated CVSS vulnerability entries.

CRITICAL VULNERABILITIES
CVE NumberDescriptionBase ScoreReference
CVE-2023-2564OS Command Injection in GitHub repository sbs20/scanservjs prior to v2.27.0. 10https://nvd.nist.gov/vuln/detail/CVE-2023-2564
CVE-2022-36648The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS.10https://nvd.nist.gov/vuln/detail/CVE-2022-36648
CVE-2023-41373A directory traversal vulnerability exists in the BIG-IP Configuration Utility that may allow an authenticated attacker to execute commands on the BIG-IP system. For BIG-IP system running in Appliance mode, a successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 9.9https://nvd.nist.gov/vuln/detail/CVE-2023-41373
CVE-2016-6354Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors involving num_to_read.9.8https://nvd.nist.gov/vuln/detail/CVE-2016-6354
CVE-2021-1300Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-1300
CVE-2021-1301Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.9.8https://nvd.nist.gov/vuln/detail/CVE-2021-1301
CVE-2020-36062Dairy Farm Shop Management System v1.0 was discovered to contain hardcoded credentials in the source code which allows attackers access to the control panel if compromised.9.8https://nvd.nist.gov/vuln/detail/CVE-2020-36062
CVE-2022-29528An issue was discovered in MISP before 2.4.158. PHAR deserialization can occur.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-29528
CVE-2022-29006Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Directory Management System v1.0 allows attackers to bypass authentication.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-29006
CVE-2022-29007Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Dairy Farm Shop Management System v1.0 allows attackers to bypass authentication.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-29007
CVE-2022-29009Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Cyber Cafe Management System Project v1.0 allows attackers to bypass authentication.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-29009
CVE-2022-31382Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter in search-dirctory.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-31382
CVE-2022-31383Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in view-directory.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-31383
CVE-2022-31384Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the fullname parameter in add-directory.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-31384
CVE-2022-41352An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also, pax is in the prerequisites of Zimbra on Ubuntu; however, pax is no longer part of a default Red Hat installation after RHEL 6 (or CentOS 6). Once pax is installed, amavis automatically prefers it over cpio.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-41352
CVE-2022-40944Dairy Farm Shop Management System 1.0 is vulnerable to SQL Injection via sales-report-ds.php file.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-40944
CVE-2022-40943Dairy Farm Shop Management System 1.0 is vulnerable to SQL Injection via bwdate-report-ds.php file.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-40943
CVE-2022-3671A vulnerability classified as critical was found in SourceCodester eLearning System 1.0. This vulnerability affects unknown code of the file /admin/students/manage.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-212014 is the identifier assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-3671
CVE-2022-44640Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC).9.8https://nvd.nist.gov/vuln/detail/CVE-2022-44640
CVE-2022-48328app/Controller/Component/IndexFilterComponent.php in MISP before 2.4.167 mishandles ordered_url_params and additional_delimiters.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-48328
CVE-2023-1283Code Injection in GitHub repository builderio/qwik prior to 0.21.0. 9.8https://nvd.nist.gov/vuln/detail/CVE-2023-1283
CVE-2023-1177Path Traversal: '\\..\\filename' in GitHub repository mlflow/mlflow prior to 2.2.1. 9.8https://nvd.nist.gov/vuln/detail/CVE-2023-1177
CVE-2022-46387ConEmu through 220807 and Cmder before 1.3.21 report the title of the terminal, including control characters, which allows an attacker to change the title and then execute it as commands.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-46387
CVE-2023-1826A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. This affects an unknown part of the file php-ocls\\admin\\system_info\\index.php. The manipulation of the argument img leads to unrestricted upload. It is possible to initiate the attack remotely. The identifier VDB-224841 was assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-1826
CVE-2023-1942A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/?page=user of the component Avatar Handler. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225319.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-1942
CVE-2023-1951A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. Affected by this issue is the function delete_brand of the file /admin/maintenance/brand.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-225338 is the identifier assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-1951
CVE-2023-1952A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been classified as critical. This affects an unknown part of the file /?p=products of the component Product Search. The manipulation of the argument search leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225339.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-1952
CVE-2023-1955A vulnerability classified as critical has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected is an unknown function of the file login.php of the component User Registration. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225342 is the identifier assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-1955
CVE-2023-1958A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. This affects an unknown part of the file /classes/Master.php?f=delete_sub_category. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225345 was assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-1958
CVE-2023-2658A vulnerability, which was classified as critical, has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this issue is some unknown functionality of the file products.php. The manipulation of the argument c leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228800.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-2658
CVE-2023-2659A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. This affects an unknown part of the file view_product.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228801 was assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-2659
CVE-2023-2660A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. This vulnerability affects unknown code of the file view_categories.php. The manipulation of the argument c leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-228802 is the identifier assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-2660
CVE-2023-2661A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. This issue affects some unknown processing of the file /classes/Master.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228803.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-2661
CVE-2023-31857Sourcecodester Online Computer and Laptop Store 1.0 allows unrestricted file upload and can lead to remote code execution. The vulnerability path is /classes/Users.php?f=save.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-31857
CVE-2023-31704Sourcecodester Online Computer and Laptop Store 1.0 is vulnerable to Incorrect Access Control, which allows remote attackers to elevate privileges to the administrator's role.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-31704
CVE-2023-38997A directory traversal vulnerability in the Captive Portal templates of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary system commands as root via a crafted ZIP archive.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-38997
CVE-2023-39001A command injection vulnerability in the component diag_backup.php of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary commands via a crafted backup configuration file.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-39001
CVE-2023-39004Insecure permissions in the configuration directory (/conf/) of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allow attackers to access sensitive information (e.g., hashed root password) which could lead to privilege escalation.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-39004
CVE-2023-39008A command injection vulnerability in the component /api/cron/settings/setJob/ of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary system commands.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-39008
CVE-2022-48565An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-48565
CVE-2023-39355FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Versions of FreeRDP on the 3.x release branch before beta3 are subject to a Use-After-Free in processing `RDPGFX_CMDID_RESETGRAPHICS` packets. If `context->maxPlaneSize` is 0, `context->planesBuffer` will be freed. However, without updating `context->planesBuffer`, this leads to a Use-After-Free exploit vector. In most environments this should only result in a crash. This issue has been addressed in version 3.0.0-beta3 and users of the beta 3.x releases are advised to upgrade. There are no known workarounds for this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-39355
CVE-2023-39352FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an invalid offset validation leading to Out Of Bound Write. This can be triggered when the values `rect->left` and `rect->top` are exactly equal to `surface->width` and `surface->height`. eg. `rect->left` == `surface->width` && `rect->top` == `surface->height`. In practice this should cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability. 9.8https://nvd.nist.gov/vuln/detail/CVE-2023-39352
CVE-2023-40186FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an IntegerOverflow leading to Out-Of-Bound Write Vulnerability in the `gdi_CreateSurface` function. This issue affects FreeRDP based clients only. FreeRDP proxies are not affected as image decoding is not done by a proxy. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-40186
CVE-2023-40567FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `clear_decompress_bands_data` function in which there is no offset validation. Abuse of this vulnerability may lead to an out of bounds write. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. there are no known workarounds for this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-40567
CVE-2023-40569FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `progressive_decompress` function. This issue is likely down to incorrect calculations of the `nXSrc` and `nYSrc` variables. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. there are no known workarounds for this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-40569
CVE-2023-39150ConEmu before commit 230724 does not sanitize title responses correctly for control characters, potentially leading to arbitrary code execution. This is related to an incomplete fix for CVE-2022-46387.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-39150
CVE-2023-42464A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. When parsing Spotlight RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the underlying protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a malicious actor may be able to fully control the value of the pointer and theoretically achieve Remote Code Execution on the host. This issue is similar to CVE-2023-34967.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-42464
CVE-2023-39453A use-after-free vulnerability exists in the tif_parse_sub_IFD functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to arbitrary code execution. An attacker can deliver this file to trigger this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-39453
CVE-2023-5168A compromised content process could have provided malicious data to `FilterNodeD2D1` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-5168
CVE-2023-5176Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-5176
CVE-2023-5221A vulnerability classified as critical has been found in ForU CMS. This affects an unknown part of the file /install/index.php. The manipulation of the argument db_name leads to code injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-240363. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-5221
CVE-2023-5222A vulnerability classified as critical was found in Viessmann Vitogate 300 up to 2.1.3.0. This vulnerability affects the function isValidUser of the file /cgi-bin/vitogate.cgi of the component Web Management Interface. The manipulation leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240364. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-5222
CVE-2023-20252A vulnerability in the Security Assertion Markup Language (SAML) APIs of Cisco Catalyst SD-WAN Manager Software could allow an unauthenticated, remote attacker to gain unauthorized access to the application as an arbitrary user. This vulnerability is due to improper authentication checks for SAML APIs. An attacker could exploit this vulnerability by sending requests directly to the SAML API. A successful exploit could allow the attacker to generate an authorization token sufficient to gain access to the application.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-20252
CVE-2023-5215A flaw was found in libnbd. A server can reply with a block size larger than 2^63 (the NBD spec states the size is a 64-bit unsigned value). This issue could lead to an application crash or other unintended behavior for NBD clients that doesn't treat the return value of the nbd_get_size() function correctly.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-5215
CVE-2023-5053Hospital management system version 378c157 allows to bypass authentication. This is possible because the application is vulnerable to SQLI. 9.8https://nvd.nist.gov/vuln/detail/CVE-2023-5053
CVE-2015-10124A vulnerability was found in Most Popular Posts Widget Plugin up to 0.8 on WordPress. It has been classified as critical. Affected is the function add_views/show_views of the file functions.php. The manipulation leads to sql injection. It is possible to launch the attack remotely. Upgrading to version 0.9 is able to address this issue. The patch is identified as a99667d11ac8d320006909387b100e9a8b5c12e1. It is recommended to upgrade the affected component. VDB-241026 is the identifier assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2015-10124
CVE-2023-4659Cross-Site Request Forgery vulnerability, whose exploitation could allow an attacker to perform different actions on the platform as an administrator, simply by changing the token value to "admin". It is also possible to perform POST, GET and DELETE requests without any token value. Therefore, an unprivileged remote user is able to create, delete and modify users within theapplication.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-4659
CVE-2023-44008File Upload vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the File Manager function.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-44008
CVE-2023-44009File Upload vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the Skin Management function.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-44009
CVE-2023-43891Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the Changing Username and Password function. This vulnerability is exploited via a crafted payload.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-43891
CVE-2023-43892Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the Hostname parameter within the WAN settings. This vulnerability is exploited via a crafted payload.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-43892
CVE-2023-43893Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the wakeup_mac parameter in the Wake-On-LAN (WoL) function. This vulnerability is exploited via a crafted payload.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-43893
CVE-2023-44011An issue in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the layout.master skin file at the Skin management component.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-44011
CVE-2023-43980Presto Changeo testsitecreator up to v1.1.1 was discovered to contain a SQL injection vulnerability via the component disable_json.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-43980
CVE-2023-22385Memory Corruption in Data Modem while making a MO call or MT VOLTE call.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-22385
CVE-2023-24855Memory corruption in Modem while processing security related configuration before AS Security Exchange.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-24855
CVE-2023-33028Memory corruption in WLAN Firmware while doing a memory copy of pmk cache.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-33028
CVE-2023-3656cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to 03.A06rks 2023.02.37 are affected by an unauthenticated remote code execution vulnerability. This vulnerability can be triggered by an HTTP endpoint exposed to the network.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-3656
CVE-2023-3654cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to 03.A06rks 2023.02.37 are affected by a origin bypass via the host header in an HTTP request. This vulnerability can be triggered by an HTTP endpoint exposed to the network. 9.8https://nvd.nist.gov/vuln/detail/CVE-2023-3654
CVE-2022-47893There is a remote code execution vulnerability that affects all versions of NetMan 204. A remote attacker could upload a firmware file containing a webshell, that could allow him to execute arbitrary code as root.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-47893
CVE-2023-40830Tenda AC6 v15.03.05.19 is vulnerable to Buffer Overflow as the Index parameter does not verify the length.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-40830
CVE-2023-33268An issue was discovered in DTS Monitoring 3.57.0. The parameter port within the SSL Certificate check function is vulnerable to OS command injection (blind).9.8https://nvd.nist.gov/vuln/detail/CVE-2023-33268
CVE-2023-33269An issue was discovered in DTS Monitoring 3.57.0. The parameter options within the WGET check function is vulnerable to OS command injection (blind).9.8https://nvd.nist.gov/vuln/detail/CVE-2023-33269
CVE-2023-33270An issue was discovered in DTS Monitoring 3.57.0. The parameter url within the Curl check function is vulnerable to OS command injection (blind).9.8https://nvd.nist.gov/vuln/detail/CVE-2023-33270
CVE-2023-33271An issue was discovered in DTS Monitoring 3.57.0. The parameter common_name within the SSL Certificate check function is vulnerable to OS command injection (blind).9.8https://nvd.nist.gov/vuln/detail/CVE-2023-33271
CVE-2023-33272An issue was discovered in DTS Monitoring 3.57.0. The parameter ip within the Ping check function is vulnerable to OS command injection (blind).9.8https://nvd.nist.gov/vuln/detail/CVE-2023-33272
CVE-2023-33273An issue was discovered in DTS Monitoring 3.57.0. The parameter url within the WGET check function is vulnerable to OS command injection (blind).9.8https://nvd.nist.gov/vuln/detail/CVE-2023-33273
CVE-2023-39645Improper neutralization of SQL parameter in Theme Volty CMS Payment Icon module for PrestaShop. In the module “Theme Volty CMS Payment Icon” (tvcmspaymenticon) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-39645
CVE-2023-44973An arbitrary file upload vulnerability in the component /content/templates/ of Emlog Pro v2.2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-44973
CVE-2023-44974An arbitrary file upload vulnerability in the component /admin/plugin.php of Emlog Pro v2.2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-44974
CVE-2023-39646Improper neutralization of SQL parameter in Theme Volty CMS Category Chain Slider module for PrestaShop. In the module “Theme Volty CMS Category Chain Slide"(tvcmscategorychainslider) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-39646
CVE-2023-39648Improper neutralization of SQL parameter in Theme Volty CMS Testimonial module for PrestaShop. In the module “Theme Volty CMS Testimonial” (tvcmstestimonial) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-39648
CVE-2023-39649Improper neutralization of SQL parameter in Theme Volty CMS Category Slider module for PrestaShop. In the module “Theme Volty CMS Category Slider” (tvcmscategoryslider) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-39649
CVE-2023-39651Improper neutralization of SQL parameter in Theme Volty CMS BrandList module for PrestaShop In the module “Theme Volty CMS BrandList” (tvcmsbrandlist) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-39651
CVE-2023-39647Improper neutralization of SQL parameter in Theme Volty CMS Category Product module for PrestaShop. In the module “Theme Volty CMS Category Product” (tvcmscategoryproduct) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-39647
CVE-2023-37404IBM Observability with Instana 1.0.243 through 1.0.254 could allow an attacker on the network to execute arbitrary code on the host after a successful DNS poisoning attack. IBM X-Force ID: 259789.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-37404
CVE-2023-30733Stack-based Buffer Overflow in vulnerability HDCP trustlet prior to SMR Oct-2023 Release 1 allows attacker to perform code execution.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-30733
CVE-2023-2809Plaintext credential usage vulnerability in Sage 200 Spain 2023.38.001 version, the exploitation of which could allow a remote attacker to extract SQL database credentials from the DLL application. This vulnerability could be linked to known techniques to obtain remote execution of MS SQL commands and escalate privileges on Windows systems because the credentials are stored in plaintext.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-2809
CVE-2023-4491Buffer overflow vulnerability in Easy Address Book Web Server 1.6 version. The exploitation of this vulnerability could allow an attacker to send a very long username string to /searchbook.ghp, asking for the name via a POST request, resulting in arbitrary code execution on the remote machine.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-4491
CVE-2023-4494Stack-based buffer overflow vulnerability in Easy Chat Server 3.1 version. An attacker could send an excessively long username string to the register.ghp file asking for the name via a GET request resulting in arbitrary code execution on the remote machine.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-4494
CVE-2023-5373A vulnerability classified as critical has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected is the function register of the file Master.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-241254 is the identifier assigned to this vulnerability.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-5373
CVE-2023-22515Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue. For more details, please review the linked advisory on this CVE.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-22515
CVE-2023-5374A vulnerability classified as critical was found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this vulnerability is an unknown functionality of the file products.php. The manipulation of the argument c leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-241255.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-5374
CVE-2022-36276TCMAN GIM v8.0.1 is vulnerable to a SQL injection via the 'SqlWhere' parameter inside the function 'BuscarESM'. The exploitation of this vulnerability might allow a remote attacker to directly interact with the database.9.8https://nvd.nist.gov/vuln/detail/CVE-2022-36276
CVE-2023-20101A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted. This vulnerability is due to the presence of static user credentials for the root account that are typically reserved for use during development. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-20101
CVE-2023-5391A?CWE-502:?Deserialization of untrusted data?vulnerability exists?that could allow an attacker to execute arbitrary code on the targeted system by sending a specifically crafted packet to the application. 9.8https://nvd.nist.gov/vuln/detail/CVE-2023-5391
CVE-2023-5399A?CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')?vulnerability exists?that could cause?a path traversal issue?when?using the File Command. 9.8https://nvd.nist.gov/vuln/detail/CVE-2023-5399
CVE-2023-36619Atos Unify OpenScape Session Border Controller through V10 R3.01.03 allows execution of administrative scripts by unauthenticated users.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-36619
CVE-2023-41094TouchLink packets processed after timeout or out of range due to Operation on a Resource after Expiration and Missing Release of Resource after Effective Lifetime may allow a device to be added outside of valid TouchLink range or pairing duration This issue affects Ember ZNet 7.1.x from 7.1.3 through 7.1.5; 7.2.x from 7.2.0 through 7.2.3; Version 7.3 and later are unaffected 9.8https://nvd.nist.gov/vuln/detail/CVE-2023-41094
CVE-2023-35803IQ Engine before 10.6r2 on Extreme Network AP devices has a Buffer Overflow.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-35803
CVE-2023-32485Dell SmartFabric Storage Software version 1.3 and lower contain an improper input validation vulnerability. A remote unauthenticated attacker may exploit this vulnerability and escalate privileges up to the highest administration level. This is a critical severity vulnerability affecting user authentication. Dell recommends customers to upgrade at the earliest opportunity. 9.8https://nvd.nist.gov/vuln/detail/CVE-2023-32485
CVE-2023-43981Presto Changeo testsitecreator up to 1.1.1 was discovered to contain a deserialization vulnerability via the component delete_excluded_folder.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-43981
CVE-2023-43983Presto Changeo attributegrid up to 2.0.3 was discovered to contain a SQL injection vulnerability via the component disable_json.php.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-43983
CVE-2023-44024SQL injection vulnerability in KnowBand Module One Page Checkout, Social Login & Mailchimp (supercheckout) v.8.0.3 and before allows a remote attacker to execute arbitrary code via a crafted request to the updateCheckoutBehaviour function in the supercheckout.php component.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-44024
CVE-2023-4530Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Turna Advertising Administration Panel allows SQL Injection.This issue affects Advertising Administration Panel: before 1.1. 9.8https://nvd.nist.gov/vuln/detail/CVE-2023-4530
CVE-2023-38703PJSIP is a free and open source multimedia communication library written in C with high level API in C, C++, Java, C#, and Python languages. SRTP is a higher level media transport which is stacked upon a lower level media transport such as UDP and ICE. Currently a higher level transport is not synchronized with its lower level transport that may introduce use-after-free issue. This vulnerability affects applications that have SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media transport other than UDP. This vulnerability’s impact may range from unexpected application termination to control flow hijack/memory corruption. The patch is available as a commit in the master branch. 9.8https://nvd.nist.gov/vuln/detail/CVE-2023-38703
CVE-2023-43058IBM Robotic Process Automation 23.0.9 is vulnerable to privilege escalation that affects ownership of projects. IBM X-Force ID: 247527.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-43058
CVE-2023-44807D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the cancelPing function.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-44807
CVE-2023-5214In Puppet Bolt versions prior to 3.27.4, a path to escalate privileges was identified. 9.8https://nvd.nist.gov/vuln/detail/CVE-2023-5214
CVE-2023-3725Potential buffer overflow vulnerability in the Zephyr CAN bus subsystem9.8https://nvd.nist.gov/vuln/detail/CVE-2023-3725
CVE-2023-36380A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.11 (only with activated debug support)), CP-8050 MASTER MODULE (All versions < CPCI85 V05.11 (only with activated debug support)). The affected devices contain a hard-coded ID in the SSH `authorized_keys` configuration file. An attacker with knowledge of the corresponding private key could login to the device via SSH. Only devices with activated debug support are affected.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-36380
CVE-2023-43625A vulnerability has been identified in Simcenter Amesim (All versions < V2021.1). The affected application contains a SOAP endpoint that could allow an unauthenticated remote attacker to perform DLL injection and execute arbitrary code in the context of the affected application process.9.8https://nvd.nist.gov/vuln/detail/CVE-2023-43625
CVE-2023-35349Microsoft Message Queuing Remote Code Execution Vulnerability9.8https://nvd.nist.gov/vuln/detail/CVE-2023-35349
CVE-2023-36434Windows IIS Server Elevation of Privilege Vulnerability9.8https://nvd.nist.gov/vuln/detail/CVE-2023-36434
CVE-2023-39007/ui/cron/item/open in the Cron component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows XSS via openAction in app/controllers/OPNsense/Cron/ItemController.php.9.6https://nvd.nist.gov/vuln/detail/CVE-2023-39007
CVE-2023-39353FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to a missing offset validation leading to Out Of Bound Read. In the `libfreerdp/codec/rfx.c` file there is no offset validation in `tile->quantIdxY`, `tile->quantIdxCb`, and `tile->quantIdxCr`. As a result crafted input can lead to an out of bounds read access which in turn will cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.9.1https://nvd.nist.gov/vuln/detail/CVE-2023-39353
CVE-2023-39356FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a missing offset validation may lead to an Out Of Bound Read in the function `gdi_multi_opaque_rect`. In particular there is no code to validate if the value `multi_opaque_rect->numRectangles` is less than 45. Looping through `multi_opaque_rect->`numRectangles without proper boundary checks can lead to Out-of-Bounds Read errors which will likely lead to a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability. 9.1https://nvd.nist.gov/vuln/detail/CVE-2023-39356
CVE-2023-40181FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Integer-Underflow leading to Out-Of-Bound Read in the `zgfx_decompress_segment` function. In the context of `CopyMemory`, it's possible to read data beyond the transmitted packet range and likely cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.9.1https://nvd.nist.gov/vuln/detail/CVE-2023-40181
CVE-2023-40188FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `general_LumaToYUV444` function. This Out-Of-Bounds Read occurs because processing is done on the `in` variable without checking if it contains data of sufficient length. Insufficient data for the `in` variable may cause errors or crashes. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.9.1https://nvd.nist.gov/vuln/detail/CVE-2023-40188
CVE-2023-20186A vulnerability in the Authentication, Authorization, and Accounting (AAA) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to bypass command authorization and copy files to or from the file system of an affected device using the Secure Copy Protocol (SCP). This vulnerability is due to incorrect processing of SCP commands in AAA command authorization checks. An attacker with valid credentials and level 15 privileges could exploit this vulnerability by using SCP to connect to an affected device from an external machine. A successful exploit could allow the attacker to obtain or change the configuration of the affected device and put files on or retrieve files from the affected device.9.1https://nvd.nist.gov/vuln/detail/CVE-2023-20186
CVE-2023-5350SQL Injection in GitHub repository salesagility/suitecrm prior to 7.14.1.9.1https://nvd.nist.gov/vuln/detail/CVE-2023-5350
CVE-2023-44208Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40713.9.1https://nvd.nist.gov/vuln/detail/CVE-2023-44208
CVE-2023-2306Qognify NiceVision versions 3.1 and prior are vulnerable to exposing sensitive information using hard-coded credentials. With these credentials an attacker can retrieve information about the cameras, user information, and modify database records. 9.1https://nvd.nist.gov/vuln/detail/CVE-2023-2306
CVE-2023-43656matrix-hookshot is a Matrix bot for connecting to external services like GitHub, GitLab, JIRA, and more. Instances that have enabled transformation functions (those that have `generic.allowJsTransformationFunctions` in their config), may be vulnerable to an attack where it is possible to break out of the `vm2` sandbox and as a result Hookshot will be vulnerable to this. This problem is only likely to affect users who have allowed untrusted users to apply their own transformation functions. If you have only enabled a limited set of trusted users, this threat is reduced (though not eliminated). Version 4.5.0 and above of hookshot include a new sandbox library which should better protect users. Users are advised to upgrade. Users unable to upgrade should disable `generic.allowJsTransformationFunctions` in the config.9https://nvd.nist.gov/vuln/detail/CVE-2023-43656
CVE-2023-26218The Web Client component of TIBCO Software Inc.'s TIBCO Nimbus contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker to social engineer a legitimate user with network access to execute scripts targeting the affected system or the victim's local system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Nimbus: versions 10.6.0 and below. 9https://nvd.nist.gov/vuln/detail/CVE-2023-26218

OTHER VULNERABILITIES
CVE NumberDescriptionBase ScoreReference
CVE-2019-5638Rapid7 Nexpose versions 6.5.50 and prior suffer from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. For example, if a user's password is changed by an administrator due to an otherwise unrelated credential leak, that user account's current session is still valid after the password change, potentially allowing the attacker who originally compromised the credential to remain logged in and able to cause further damage. 8.8https://nvd.nist.gov/vuln/detail/CVE-2019-5638
CVE-2021-1298Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-1298
CVE-2021-1299Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-1299
CVE-2021-1302Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information that they are not authorized to access. For more information about these vulnerabilities, see the Details section of this advisory.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-1302
CVE-2022-28992A Cross-Site Request Forgery (CSRF) in Online Banquet Booking System v1.0 allows attackers to change admin credentials via a crafted POST request.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-28992
CVE-2022-42898PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."8.8https://nvd.nist.gov/vuln/detail/CVE-2022-42898
CVE-2023-23492The Login with Phone Number WordPress Plugin, version < 1.4.2, is affected by an authenticated SQL injection vulnerability in the 'ID' parameter of its 'lwp_forgot_password' action.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-23492
CVE-2023-0493Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.7.5. 8.8https://nvd.nist.gov/vuln/detail/CVE-2023-0493
CVE-2023-1647Improper Access Control in GitHub repository calcom/cal.com prior to 2.7. 8.8https://nvd.nist.gov/vuln/detail/CVE-2023-1647
CVE-2023-1953A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/sales/index.php. The manipulation of the argument date_start/date_end leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225340.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-1953
CVE-2023-1954A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been rated as critical. This issue affects the function save_inventory of the file /admin/product/manage.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225341 was assigned to this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-1954
CVE-2023-1956A vulnerability classified as critical was found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=delete_img of the component Image Handler. The manipulation of the argument path leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225343.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-1956
CVE-2023-1957A vulnerability, which was classified as critical, has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this issue is some unknown functionality of the file /classes/Master.php?f=save_sub_category of the component Subcategory Handler. The manipulation of the argument sub_category leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225344.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-1957
CVE-2023-1959A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. This vulnerability affects unknown code of the file /classes/Master.php?f=save_category. The manipulation of the argument category leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-225346 is the identifier assigned to this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-1959
CVE-2023-1960A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. This issue affects some unknown processing of the file /classes/Master.php?f=delete_category. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225347.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-1960
CVE-2023-2242A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component GET Parameter Handler. The manipulation of the argument c/s leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227227.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-2242
CVE-2023-22648A Improper Privilege Management vulnerability in SUSE Rancher causes permission changes in Azure AD not to be reflected to users while they are logged in the Rancher UI. This would cause the users to retain their previous permissions in Rancher, even if they change groups on Azure AD, for example, to a lower privileged group, or are removed from a group, thus retaining their access to Rancher instead of losing it. This issue affects Rancher: from >= 2.6.7 before < 2.6.13, from >= 2.7.0 before < 2.7.4. 8.8https://nvd.nist.gov/vuln/detail/CVE-2023-22648
CVE-2023-32707In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform below version 9.0.2303.100, a low-privileged user who holds a role that has the ‘edit_user’ capability assigned to it can escalate their privileges to that of the admin user by providing specially crafted web requests.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-32707
CVE-2023-39417IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-39417
CVE-2023-4354Heap buffer overflow in Skia in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-4354
CVE-2023-4355Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-4355
CVE-2023-38836File Upload vulnerability in BoidCMS v.2.0.0 allows a remote attacker to execute arbitrary code by adding a GIF header to bypass MIME type checks.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-38836
CVE-2020-24292Buffer Overflow vulnerability in load function in PluginICO.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to run arbitrary code via opening of crafted ico file.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-24292
CVE-2020-24293Buffer Overflow vulnerability in psdThumbnail::Read in PSDParser.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to run arbitrary code via opening of crafted psd file.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-24293
CVE-2020-24295Buffer Overflow vulnerability in PSDParser.cpp::ReadImageLine() in FreeImage 3.19.0 [r1859] allows remote attackers to ru narbitrary code via use of crafted psd file.8.8https://nvd.nist.gov/vuln/detail/CVE-2020-24295
CVE-2021-40263A heap overflow vulnerability in FreeImage 1.18.0 via the ofLoad function in PluginTIFF.cpp.8.8https://nvd.nist.gov/vuln/detail/CVE-2021-40263
CVE-2020-24165An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS).8.8https://nvd.nist.gov/vuln/detail/CVE-2020-24165
CVE-2023-42331A file upload vulnerability in EliteCMS v1.01 allows a remote attacker to execute arbitrary code via the manage_uploads.php component.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-42331
CVE-2023-5002A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. Versions of pgAdmin prior to 7.6 failed to properly control the server code executed on this API, allowing an authenticated user to run arbitrary commands on the server.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-5002
CVE-2023-35074The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-35074
CVE-2023-40044In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system. 8.8https://nvd.nist.gov/vuln/detail/CVE-2023-40044
CVE-2023-40451This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 17. An attacker with JavaScript execution may be able to execute arbitrary code.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-40451
CVE-2023-20231A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to execute arbitrary Cisco IOS XE Software CLI commands with level 15 privileges. Note: This vulnerability is exploitable only if the attacker obtains the credentials for a Lobby Ambassador account. This account is not configured by default.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-20231
CVE-2023-43320An issue in Proxmox Server Solutions GmbH Proxmox VE v.5.4 thru v.8.0, Proxmox Backup Server v.1.1 thru v.3.0, and Proxmox Mail Gateway v.7.1 thru v.8.0 allows a remote authenticated attacker to escalate privileges via bypassing the two-factor authentication component.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-43320
CVE-2023-5217Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-5217
CVE-2023-43740Online Book Store Project v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'image' parameter of admin_edit.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application. 8.8https://nvd.nist.gov/vuln/detail/CVE-2023-43740
CVE-2023-5263A vulnerability was found in ZZZCMS 2.1.7 and classified as critical. Affected by this issue is the function restore of the file /admin/save.php of the component Database Backup File Handler. The manipulation leads to permission issues. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240872.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-5263
CVE-2023-43655Composer is a dependency manager for PHP. Users publishing a composer.phar to a public web-accessible server where the composer.phar can be executed as a php file may be subject to a remote code execution vulnerability if PHP also has `register_argc_argv` enabled in php.ini. Versions 2.6.4, 2.2.22 and 1.10.27 patch this vulnerability. Users are advised to upgrade. Users unable to upgrade should make sure `register_argc_argv` is disabled in php.ini, and avoid publishing composer.phar to the web as this is not best practice. 8.8https://nvd.nist.gov/vuln/detail/CVE-2023-43655
CVE-2022-35908Cambium Enterprise Wi-Fi System Software before 6.4.2 does not sanitize the ping host argument in device-agent.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-35908
CVE-2023-5207A vulnerability was discovered in GitLab CE and EE affecting all versions starting 16.0 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. An authenticated attacker could perform arbitrary pipeline execution under the context of another user.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-5207
CVE-2023-5326A vulnerability was found in SATO CL4NX-J Plus 1.13.2-u455_r2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component WebConfig. The manipulation leads to improper authentication. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-241027.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-5326
CVE-2023-5328A vulnerability classified as critical has been found in SATO CL4NX-J Plus 1.13.2-u455_r2. This affects an unknown part of the component Cookie Handler. The manipulation with the input auth=user,level1,settings; web=true leads to improper authentication. Access to the local network is required for this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-241029 was assigned to this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-5328
CVE-2023-3744Server-Side Request Forgery vulnerability in SLims version 9.6.0. This vulnerability could allow an authenticated attacker to send requests to internal services or upload the contents of relevant files via the "scrape_image.php" file in the imageURL parameter.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-3744
CVE-2023-43835Super Store Finder 3.7 and below is vulnerable to authenticated Arbitrary PHP Code Injection that could lead to Remote Code Execution when settings overwrite config.inc.php content.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-43835
CVE-2023-43890Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the diagnostic tools page. This vulnerability is exploited via a crafted HTTP request.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-43890
CVE-2023-43268Deyue Remote Vehicle Management System v1.1 was discovered to contain a deserialization vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-43268
CVE-2023-36628A flaw exists in VASA which allows users with access to a vSphere/ESXi VMware admin on a FlashArray to gain root access through privilege escalation. 8.8https://nvd.nist.gov/vuln/detail/CVE-2023-36628
CVE-2023-39222OS command injection vulnerability in FURUNO SYSTEMS wireless LAN access point devices allows an authenticated user to execute an arbitrary OS command that is not intended to be executed from the web interface by sending a specially crafted request. Affected products and versions are as follows: ACERA 1320 firmware ver.01.26 and earlier, ACERA 1310 firmware ver.01.26 and earlier, ACERA 1210 firmware ver.02.36 and earlier, ACERA 1150i firmware ver.01.35 and earlier, ACERA 1150w firmware ver.01.35 and earlier, ACERA 1110 firmware ver.01.76 and earlier, ACERA 1020 firmware ver.01.86 and earlier, ACERA 1010 firmware ver.01.86 and earlier, ACERA 950 firmware ver.01.60 and earlier, ACERA 850F firmware ver.01.60 and earlier, ACERA 900 firmware ver.02.54 and earlier, ACERA 850M firmware ver.02.06 and earlier, ACERA 810 firmware ver.03.74 and earlier, and ACERA 800ST firmware ver.07.35 and earlier. They are affected when running in ST(Standalone) mode.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-39222
CVE-2023-41086Cross-site request forgery (CSRF) vulnerability exists in FURUNO SYSTEMS wireless LAN access point devices. If a user views a malicious page while logged in, unintended operations may be performed. Affected products and versions are as follows: ACERA 1210 firmware ver.02.36 and earlier, ACERA 1150i firmware ver.01.35 and earlier, ACERA 1150w firmware ver.01.35 and earlier, ACERA 1110 firmware ver.01.76 and earlier, ACERA 1020 firmware ver.01.86 and earlier, ACERA 1010 firmware ver.01.86 and earlier, ACERA 950 firmware ver.01.60 and earlier, ACERA 850F firmware ver.01.60 and earlier, ACERA 900 firmware ver.02.54 and earlier, ACERA 850M firmware ver.02.06 and earlier, ACERA 810 firmware ver.03.74 and earlier, and ACERA 800ST firmware ver.07.35 and earlier. They are affected when running in ST(Standalone) mode.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-41086
CVE-2023-42771Authentication bypass vulnerability in ACERA 1320 firmware ver.01.26 and earlier, and ACERA 1310 firmware ver.01.26 and earlier allows a network-adjacent unauthenticated attacker who can access the affected product to download configuration files and/or log files, and upload configuration files and/or firmware. They are affected when running in ST(Standalone) mode.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-42771
CVE-2023-37891Cross-Site Request Forgery (CSRF) vulnerability in OptiMonk OptiMonk: Popups, Personalization & A/B Testing plugin <= 2.0.4 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-37891
CVE-2023-37991Cross-Site Request Forgery (CSRF) vulnerability in Monchito.Net WP Emoji One plugin <= 0.6.0 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-37991
CVE-2023-37992Cross-Site Request Forgery (CSRF) vulnerability in PressPage Entertainment Inc. Smarty for WordPress plugin <= 3.1.35 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-37992
CVE-2023-37996Cross-Site Request Forgery (CSRF) vulnerability in GTmetrix GTmetrix for WordPress plugin <= 0.4.7 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-37996
CVE-2023-37998Cross-Site Request Forgery (CSRF) vulnerability in Saas Disabler plugin <= 3.0.3 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-37998
CVE-2023-38381Cross-Site Request Forgery (CSRF) vulnerability in Cyle Conoly WP-FlyBox plugin <= 6.46 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-38381
CVE-2022-46841Cross-Site Request Forgery (CSRF) vulnerability in Soflyy Oxygen Builder plugin <= 4.4 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-46841
CVE-2023-25463Cross-Site Request Forgery (CSRF) vulnerability in Gopi Ramasamy WP tell a friend popup form plugin <= 7.1 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-25463
CVE-2023-37990Cross-Site Request Forgery (CSRF) vulnerability in Mike Perelink Pro plugin <= 2.1.4 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-37990
CVE-2023-38390Cross-Site Request Forgery (CSRF) vulnerability in Anshul Labs Mobile Address Bar Changer plugin <= 3.0 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-38390
CVE-2023-38396Cross-Site Request Forgery (CSRF) vulnerability in Alain Gonzalez plugin <= 3.1.2 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-38396
CVE-2023-38398Cross-Site Request Forgery (CSRF) vulnerability in Taboola plugin <= 2.0.1 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-38398
CVE-2023-4097The file upload functionality is not implemented correctly and allows uploading of any type of file. As a prerequisite, it is necessary for the attacker to log into the application with a valid username.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-4097
CVE-2022-47891All versions of NetMan 204 allow an attacker that knows the MAC and serial number of the device to reset the administrator password via the legitimate recovery function.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-47891
CVE-2023-2830Cross-Site Request Forgery (CSRF) vulnerability in Trustindex.Io WP Testimonials plugin <= 1.4.2 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-2830
CVE-2023-39165Cross-Site Request Forgery (CSRF) vulnerability in Fetch Designs Sign-up Sheets plugin <= 2.2.8 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-39165
CVE-2023-39917Cross-Site Request Forgery (CSRF) vulnerability in Photo Gallery Team Photo Gallery by Ays – Responsive Image Gallery plugin <= 5.2.6 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-39917
CVE-2023-39923Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme The Post Grid plugin <= 7.2.7 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-39923
CVE-2023-39989Cross-Site Request Forgery (CSRF) vulnerability in 99robots Header Footer Code Manager plugin <= 1.1.34 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-39989
CVE-2023-40210Cross-Site Request Forgery (CSRF) vulnerability in Sean Barton (Tortoise IT) SB Child List plugin <= 4.5 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-40210
CVE-2023-4098It has been identified that the web application does not correctly filter input parameters, allowing SQL injections, DoS or information disclosure. As a prerequisite, it is necessary to log into the application.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-4098
CVE-2023-4102QSige login SSO does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so. As a prerequisite, it is necessary to log into the application.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-4102
CVE-2023-4103QSige statistics are affected by a remote SQLi vulnerability. It has been identified that the web application does not correctly filter input parameters, allowing SQL injections, DoS or information disclosure. As a prerequisite, it is necessary to log into the application.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-4103
CVE-2023-2681An SQL Injection vulnerability has been found on Jorani version 1.0.0. This vulnerability allows an authenticated remote user, with low privileges, to send queries with malicious SQL code on the "/leaves/validate" path and the “id” parameter, managing to extract arbritary information from the database.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-2681
CVE-2023-40199Cross-Site Request Forgery (CSRF) vulnerability in CRUDLab WP Like Button plugin <= 1.7.0 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-40199
CVE-2023-40201Cross-Site Request Forgery (CSRF) vulnerability in FuturioWP Futurio Extra plugin <= 1.8.4 versions leads to activation of arbitrary plugin.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-40201
CVE-2023-40202Cross-Site Request Forgery (CSRF) vulnerability in Hannes Etzelstorfer // codemiq WP HTML Mail plugin <= 3.4.1 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-40202
CVE-2023-0506The web service of ByDemes Group Airspace CCTV Web Service in its 2.616.BY00.11 version, contains a privilege escalation vulnerability, detected in the Camera Control Panel, whose exploitation could allow a low-privileged attacker to gain administrator access.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-0506
CVE-2023-27435Cross-Site Request Forgery (CSRF) vulnerability in Sami Ahmed Siddiqui HTTP Auth plugin <= 0.3.2 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-27435
CVE-2023-32091Cross-Site Request Forgery (CSRF) vulnerability in POEditor plugin <= 0.9.4 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-32091
CVE-2023-40558Cross-Site Request Forgery (CSRF) vulnerability in eMarket Design YouTube Video Gallery by YouTube Showcase plugin <= 3.3.5 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-40558
CVE-2023-41244Cross-Site Request Forgery (CSRF) vulnerability in Buildfail Localize Remote Images plugin <= 1.0.9 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-41244
CVE-2023-41693Cross-Site Request Forgery (CSRF) vulnerability in edward_plainview MyCryptoCheckout plugin <= 2.125 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-41693
CVE-2023-4929All firmware versions of the NPort 5000 Series are affected by an improper validation of integrity check vulnerability. This vulnerability results from insufficient checks on firmware updates or upgrades, potentially allowing malicious users to manipulate the firmware and gain control of devices. 8.8https://nvd.nist.gov/vuln/detail/CVE-2023-4929
CVE-2023-4817This vulnerability allows an authenticated attacker to upload malicious files by bypassing the restrictions of the upload functionality, compromising the entire device.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-4817
CVE-2023-43176A deserialization vulnerability in Afterlogic Aurora Files v9.7.3 allows attackers to execute arbitrary code via supplying a crafted .sabredav file.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-43176
CVE-2023-25489Cross-Site Request Forgery (CSRF) vulnerability in Jeff Sherk Update Theme and Plugins from Zip File plugin <= 2.0.0 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-25489
CVE-2023-25788Cross-Site Request Forgery (CSRF) vulnerability in Saphali Saphali Woocommerce Lite plugin <= 1.8.13 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-25788
CVE-2023-25980Cross-Site Request Forgery (CSRF) vulnerability in CAGE Web Design | Rolf van Gelder Optimize Database after Deleting Revisions plugin <= 5.1 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-25980
CVE-2023-37995Cross-Site Request Forgery (CSRF) vulnerability in Chetan Gole WP-CopyProtect [Protect your blog posts] plugin <= 3.1.0 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-37995
CVE-2023-3701Aqua Drive, in its 2.4 version, is vulnerable to a relative path traversal vulnerability. By exploiting this vulnerability, an authenticated non privileged user could access/modify stored resources of other users. It could also be possible to access and modify the source and configuration files of the cloud disk platform, affecting the integrity and availability of the entire platform.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-3701
CVE-2023-4997Improper authorisation of regular users in ProIntegra Uptime DC software (versions below 2.0.0.33940) allows them to change passwords of all other users including administrators leading to a privilege escalation. 8.8https://nvd.nist.gov/vuln/detail/CVE-2023-4997
CVE-2023-25025Cross-Site Request Forgery (CSRF) vulnerability in Chetan Gole WP-CopyProtect [Protect your blog posts] plugin <= 3.1.0 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-25025
CVE-2023-27433Cross-Site Request Forgery (CSRF) vulnerability in YAS Global Team Make Paths Relative plugin <= 1.3.0 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-27433
CVE-2023-40561Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Enhanced Ecommerce Google Analytics for WooCommerce plugin <= 3.7.1 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-40561
CVE-2023-40559Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Dynamic Pricing and Discount Rules for WooCommerce plugin <= 2.4.0 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-40559
CVE-2023-42809Redisson is a Java Redis client that uses the Netty framework. Prior to version 3.22.0, some of the messages received from the Redis server contain Java objects that the client deserializes without further validation. Attackers that manage to trick clients into communicating with a malicious server can include especially crafted objects in its responses that, once deserialized by the client, force it to execute arbitrary code. This can be abused to take control of the machine the client is running in. Version 3.22.0 contains a patch for this issue. Some post-fix advice is available. Do NOT use `Kryo5Codec` as deserialization codec, as it is still vulnerable to arbitrary object deserialization due to the `setRegistrationRequired(false)` call. On the contrary, `KryoCodec` is safe to use. The fix applied to `SerializationCodec` only consists of adding an optional allowlist of class names, even though making this behavior the default is recommended. When instantiating `SerializationCodec` please use the `SerializationCodec(ClassLoader classLoader, Set<String> allowedClasses)` constructor to restrict the allowed classes for deserialization.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-42809
CVE-2023-36618Atos Unify OpenScape Session Border Controller through V10 R3.01.03 allows execution of OS commands as root user by low-privileged authenticated users.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-36618
CVE-2023-43321File Upload vulnerability in Digital China Networks DCFW-1800-SDC v.3.0 allows an authenticated attacker to execute arbitrary code via the wget function in the /sbin/cloudadmin.sh component.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-43321
CVE-2023-43068Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability in the restricted shell in SSH. An authenticated remote attacker could potentially exploit this vulnerability, leading to execute arbitrary commands. 8.8https://nvd.nist.gov/vuln/detail/CVE-2023-43068
CVE-2023-4401Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability in the CLI use of the ‘more’ command. A local or remote authenticated attacker could potentially exploit this vulnerability, leading to the ability to gain root-level access. 8.8https://nvd.nist.gov/vuln/detail/CVE-2023-4401
CVE-2023-5346Type confusion in V8 in Google Chrome prior to 117.0.5938.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)8.8https://nvd.nist.gov/vuln/detail/CVE-2023-5346
CVE-2023-43284An issue in D-Link Wireless MU-MIMO Gigabit AC1200 Router DIR-846 firmware version 100A53DBR-Retail allows a remote attacker to execute arbitrary code.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-43284
CVE-2022-47175Cross-Site Request Forgery (CSRF) vulnerability in P Royal Royal Elementor Addons and Templates plugin <= 1.3.75 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2022-47175
CVE-2023-25033Cross-Site Request Forgery (CSRF) vulnerability in Sumo Social Share Boost plugin <= 4.5 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-25033
CVE-2023-25480Cross-Site Request Forgery (CSRF) vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin <= 1.24.1 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-25480
CVE-2023-27448Cross-Site Request Forgery (CSRF) vulnerability in MakeStories Team MakeStories (for Google Web Stories) plugin <= 2.8.0 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-27448
CVE-2023-27615Cross-Site Request Forgery (CSRF) vulnerability in Dipak C. Gajjar WP Super Minify plugin <= 1.5.1 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-27615
CVE-2023-40008Cross-Site Request Forgery (CSRF) vulnerability in Gangesh Matta Simple Org Chart plugin <= 2.3.4 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-40008
CVE-2023-40671Cross-Site Request Forgery (CSRF) vulnerability in ??wp DX-auto-save-images plugin <= 1.4.0 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-40671
CVE-2023-28791Cross-Site Request Forgery (CSRF) vulnerability in Gangesh Matta Simple Org Chart plugin <= 2.3.4 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-28791
CVE-2023-29235Cross-Site Request Forgery (CSRF) vulnerability in Fugu Maintenance Switch plugin <= 1.5.2 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-29235
CVE-2023-40607Cross-Site Request Forgery (CSRF) vulnerability in CLUEVO CLUEVO LMS, E-Learning Platform plugin <= 1.10.0 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-40607
CVE-2023-41650Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Remove/hide Author, Date, Category Like Entry-Meta plugin <= 2.1 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-41650
CVE-2023-41654Cross-Site Request Forgery (CSRF) vulnerability in Andreas Heigl authLdap plugin <= 2.5.8 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-41654
CVE-2023-41732Cross-Site Request Forgery (CSRF) vulnerability in CodePeople CP Blocks plugin <= 1.0.20 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-41732
CVE-2023-41801Cross-Site Request Forgery (CSRF) vulnerability in AWP Classifieds Team Ad Directory & Listings by AWP Classifieds plugin <= 4.3 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-41801
CVE-2023-41950Cross-Site Request Forgery (CSRF) vulnerability in Laposta - Roel Bousardt Laposta Signup Basic plugin <= 1.4.1 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-41950
CVE-2023-44146Cross-Site Request Forgery (CSRF) vulnerability in Checkfront Inc. Checkfront Online Booking System plugin <= 3.6 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-44146
CVE-2023-39928A use-after-free vulnerability exists in the MediaRecorder API of Webkit WebKitGTK 2.40.5. A specially crafted web page can abuse this vulnerability to cause memory corruption and potentially arbitrary code execution. A user would need to to visit a malicious webpage to trigger this vulnerability.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-39928
CVE-2023-44233Cross-Site Request Forgery (CSRF) vulnerability in FooPlugins Best WordPress Gallery Plugin – FooGallery plugin <= 2.2.44 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-44233
CVE-2023-44243Cross-Site Request Forgery (CSRF) vulnerability in Dylan Blokhuis Instant CSS plugin <= 1.2.1 versions.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-44243
CVE-2023-44061File Upload vulnerability in Simple and Nice Shopping Cart Script v.1.0 allows a remote attacker to execute arbitrary code via the upload function in the edit profile component.8.8https://nvd.nist.gov/vuln/detail/CVE-2023-44061
CVE-2023-36414Azure Identity SDK Remote Code Execution Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2023-36414
CVE-2023-36415Azure Identity SDK Remote Code Execution Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2023-36415
CVE-2023-36419Azure HDInsight Apache Oozie Workflow Scheduler Elevation of Privilege Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2023-36419
CVE-2023-36577Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability8.8https://nvd.nist.gov/vuln/detail/CVE-2023-36577
CVE-2023-43746When running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing BIG-IP external monitor on a BIG-IP system. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.8.7https://nvd.nist.gov/vuln/detail/CVE-2023-43746
CVE-2021-1273Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.8.6https://nvd.nist.gov/vuln/detail/CVE-2021-1273
CVE-2021-1274Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.8.6https://nvd.nist.gov/vuln/detail/CVE-2021-1274
CVE-2021-1279Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.8.6https://nvd.nist.gov/vuln/detail/CVE-2021-1279
CVE-2023-4571In Splunk IT Service Intelligence (ITSI) versions below below 4.13.3, 4.15.3, or 4.17.1, a malicious actor can inject American National Standards Institute (ANSI) escape codes into Splunk ITSI log files that, when a vulnerable terminal application reads them, can run malicious code in the vulnerable application. This attack requires a user to use a terminal application that translates ANSI escape codes to read the malicious log file locally in the vulnerable terminal. The vulnerability also requires additional user interaction to succeed. The vulnerability does not directly affect Splunk ITSI. The indirect impact on Splunk ITSI can vary significantly depending on the permissions in the vulnerable terminal application, as well as where and how the user reads the malicious log file. For example, users can copy the malicious file from Splunk ITSI and read it on their local machine.8.6https://nvd.nist.gov/vuln/detail/CVE-2023-4571
CVE-2023-43662ShokoServer is a media server which specializes in organizing anime. In affected versions the `/api/Image/WithPath` endpoint is accessible without authentication and is supposed to return default server images. The endpoint accepts the parameter `serverImagePath`, which is not sanitized in any way before being passed to `System.IO.File.OpenRead`, which results in an arbitrary file read. This issue may lead to an arbitrary file read which is exacerbated in the windows installer which installs the ShokoServer as administrator. Any unauthenticated attacker may be able to access sensitive information and read files stored on the server. The `/api/Image/WithPath` endpoint has been removed in commit `6c57ba0f0` which will be included in subsequent releases. Users should limit access to the `/api/Image/WithPath` endpoint or manually patch their installations until a patched release is made. This issue was discovered by the GitHub Security lab and is also indexed as GHSL-2023-191.8.6https://nvd.nist.gov/vuln/detail/CVE-2023-43662
CVE-2023-3037Improper authorization vulnerability in HelpDezk Community affecting version 1.1.10. This vulnerability could allow a remote attacker to access the platform without authentication and retrieve personal data via the jsonGrid parameter.8.6https://nvd.nist.gov/vuln/detail/CVE-2023-3037
CVE-2023-22374A format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code. In appliance mode BIG-IP, a successful exploit of this vulnerability can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 8.5https://nvd.nist.gov/vuln/detail/CVE-2023-22374
CVE-2023-36569Microsoft Office Elevation of Privilege Vulnerability8.4https://nvd.nist.gov/vuln/detail/CVE-2023-36569
CVE-2020-13398An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in libfreerdp/crypto/crypto.c.8.3https://nvd.nist.gov/vuln/detail/CVE-2020-13398
CVE-2023-35796A vulnerability has been identified in SINEMA Server V14 (All versions). The affected application improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could perform a stored cross-site scripting (XSS) attack that may lead to arbitrary code execution with `SYSTEM` privileges on the application server. (ZDI-CAN-19823)8.3https://nvd.nist.gov/vuln/detail/CVE-2023-35796
CVE-2023-22382Weak configuration in Automotive while VM is processing a listener request from TEE.8.2https://nvd.nist.gov/vuln/detail/CVE-2023-22382
CVE-2023-4100Allows an attacker to perform XSS attacks stored on certain resources. Exploiting this vulnerability can lead to a DoS condition, among other actions.8.2https://nvd.nist.gov/vuln/detail/CVE-2023-4100
CVE-2023-39191An improper input validation flaw was found in the eBPF subsystem in the Linux kernel. The issue occurs due to a lack of proper validation of dynamic pointers within user-supplied eBPF programs prior to executing them. This may allow an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code in the context of the kernel.8.2https://nvd.nist.gov/vuln/detail/CVE-2023-39191
CVE-2023-5441NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8960.8.2https://nvd.nist.gov/vuln/detail/CVE-2023-5441
CVE-2023-21886Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.42 and prior to 7.0.6. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).8.1https://nvd.nist.gov/vuln/detail/CVE-2023-21886
CVE-2022-48566An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest.8.1https://nvd.nist.gov/vuln/detail/CVE-2022-48566
CVE-2023-4427Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)8.1https://nvd.nist.gov/vuln/detail/CVE-2023-4427
CVE-2023-41915OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0.8.1https://nvd.nist.gov/vuln/detail/CVE-2023-41915
CVE-2023-4853A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security policy altogether, resulting in unauthorized endpoint access and possibly a denial of service.8.1https://nvd.nist.gov/vuln/detail/CVE-2023-4853
CVE-2023-43976An issue in CatoNetworks CatoClient before v.5.4.0 allows attackers to escalate privileges and winning the race condition (TOCTOU) via the PrivilegedHelperTool component.8.1https://nvd.nist.gov/vuln/detail/CVE-2023-43976
CVE-2023-1832An improper access control flaw was found in Candlepin. An attacker can create data scoped under another customer/tenant, which can result in loss of confidentiality and availability for the affected customer/tenant.8.1https://nvd.nist.gov/vuln/detail/CVE-2023-1832
CVE-2023-43804urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5.8.1https://nvd.nist.gov/vuln/detail/CVE-2023-43804
CVE-2023-42448Hydra is the layer-two scalability solution for Cardano. Prior to version 0.13.0, the specification states that the contestation period in the datum of the UTxO at the head validator must stay unchanged as the state progresses from Open to Closed (Close transaction), but no such check appears to be performed in the `checkClose` function of the head validator. This would allow a malicious participant to modify the contestation deadline of the head to either allow them to fanout the head without giving another participant the chance to contest, or prevent any participant from ever redistributing the funds locked in the head via a fan-out. Version 0.13.0 contains a patch for this issue.8.1https://nvd.nist.gov/vuln/detail/CVE-2023-42448
CVE-2023-42449Hydra is the two-layer scalability solution for Cardano. Prior to version 0.13.0, it is possible for a malicious head initializer to extract one or more PTs for the head they are initializing due to incorrect data validation logic in the head token minting policy which then results in an flawed check for burning the head ST in the `initial` validator. This is possible because it is not checked in `HeadTokens.hs` that the datums of the outputs at the `initial` validator are equal to the real head ID, and it is also not checked in the `off-chain code`. During the `Initial` state of the protocol, if the malicious initializer removes a PT from the Hydra scripts it becomes impossible for any other participant to reclaim any funds they have attempted to commit into the head, as to do so the Abort transaction must burn all the PTs for the head, but they cannot burn the PT which the attacker controls and so cannot satisfy this requirement. That means the initializer can lock the other participants committed funds forever or until they choose to return the PT (ransom). The malicious initializer can also use the PT to spoof that they have committed a particular TxO when progressing the head into the `Open` state. For example, they could say they committed a TxO residing at their address containing 100 ADA, but in fact this 100 ADA was not moved into the head, and thus in order for an other participant to perform the fanout they will be forced to pay the attacker the 100 ADA out of their own funds, as the fanout transaction must pay all the committed TxOs (even though the attacker did not really commit that TxO). They can do this by placing the PT in a UTxO with a well-formed `Commit` datum with whatever contents they like, then use this UTxO in the `collectCom` transaction. There may be other possible ways to abuse having control of a PT. Version 0.13.0 fixes this issue.8.1https://nvd.nist.gov/vuln/detail/CVE-2023-42449
CVE-2023-40537An authenticated user's session cookie may remain valid for a limited time after logging out from the BIG-IP Configuration utility on a multi-blade VIPRION platform. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 8.1https://nvd.nist.gov/vuln/detail/CVE-2023-40537
CVE-2023-38166Layer 2 Tunneling Protocol Remote Code Execution Vulnerability8.1https://nvd.nist.gov/vuln/detail/CVE-2023-38166
CVE-2023-41765Layer 2 Tunneling Protocol Remote Code Execution Vulnerability8.1https://nvd.nist.gov/vuln/detail/CVE-2023-41765
CVE-2023-41767Layer 2 Tunneling Protocol Remote Code Execution Vulnerability8.1https://nvd.nist.gov/vuln/detail/CVE-2023-41767
CVE-2023-41768Layer 2 Tunneling Protocol Remote Code Execution Vulnerability8.1https://nvd.nist.gov/vuln/detail/CVE-2023-41768
CVE-2023-41769Layer 2 Tunneling Protocol Remote Code Execution Vulnerability8.1https://nvd.nist.gov/vuln/detail/CVE-2023-41769
CVE-2023-41770Layer 2 Tunneling Protocol Remote Code Execution Vulnerability8.1https://nvd.nist.gov/vuln/detail/CVE-2023-41770
CVE-2023-41771Layer 2 Tunneling Protocol Remote Code Execution Vulnerability8.1https://nvd.nist.gov/vuln/detail/CVE-2023-41771
CVE-2023-41773Layer 2 Tunneling Protocol Remote Code Execution Vulnerability8.1https://nvd.nist.gov/vuln/detail/CVE-2023-41773
CVE-2023-41774Layer 2 Tunneling Protocol Remote Code Execution Vulnerability8.1https://nvd.nist.gov/vuln/detail/CVE-2023-41774
CVE-2023-22647An Improper Privilege Management vulnerability in SUSE Rancher allowed standard users to leverage their existing permissions to manipulate Kubernetes secrets in the local cluster, resulting in the secret being deleted, but their read-level permissions to the secret being preserved. When this operation was followed-up by other specially crafted commands, it could result in the user gaining access to tokens belonging to service accounts in the local cluster. This issue affects Rancher: from >= 2.6.0 before < 2.6.13, from >= 2.7.0 before < 2.7.4. 8https://nvd.nist.gov/vuln/detail/CVE-2023-22647
CVE-2023-36778Microsoft Exchange Server Remote Code Execution Vulnerability8https://nvd.nist.gov/vuln/detail/CVE-2023-36778
CVE-2018-10878A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image.7.8https://nvd.nist.gov/vuln/detail/CVE-2018-10878
CVE-2019-0053Insufficient validation of environment variables in the telnet client supplied in Junos OS can lead to stack-based buffer overflows, which can be exploited to bypass veriexec restrictions on Junos OS. A stack-based overflow is present in the handling of environment variables when connecting via the telnet client to remote telnet servers. This issue only affects the telnet client — accessible from the CLI or shell — in Junos OS. Inbound telnet services are not affected by this issue. This issue affects: Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S13; 12.3X48 versions prior to 12.3X48-D80; 14.1X53 versions prior to 14.1X53-D130, 14.1X53-D49; 15.1 versions prior to 15.1F6-S12, 15.1R7-S4; 15.1X49 versions prior to 15.1X49-D170; 15.1X53 versions prior to 15.1X53-D237, 15.1X53-D496, 15.1X53-D591, 15.1X53-D69; 16.1 versions prior to 16.1R3-S11, 16.1R7-S4; 16.2 versions prior to 16.2R2-S9; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R2-S7, 17.2R3-S1; 17.3 versions prior to 17.3R3-S4; 17.4 versions prior to 17.4R1-S6, 17.4R2-S3, 17.4R3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S3; 18.2 versions prior to 18.2R1-S5, 18.2R2-S2, 18.2R3; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R1-S3, 18.3R2; 18.4 versions prior to 18.4R1-S2, 18.4R2.7.8https://nvd.nist.gov/vuln/detail/CVE-2019-0053
CVE-2019-19726OpenBSD through 6.6 allows local users to escalate to root because a check for LD_LIBRARY_PATH in setuid programs can be defeated by setting a very small RLIMIT_DATA resource limit. When executing chpass or passwd (which are setuid root), _dl_setup_env in ld.so tries to strip LD_LIBRARY_PATH from the environment, but fails when it cannot allocate memory. Thus, the attacker is able to execute their own library code as root.7.8https://nvd.nist.gov/vuln/detail/CVE-2019-19726
CVE-2021-1260Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-1260
CVE-2021-1261Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-1261
CVE-2021-1262Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-1262
CVE-2021-1263Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory.7.8https://nvd.nist.gov/vuln/detail/CVE-2021-1263
CVE-2021-21551Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required. 7.8https://nvd.nist.gov/vuln/detail/CVE-2021-21551
CVE-2022-20716A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain escalated privileges. This vulnerability is due to improper access control on files within the affected system. A local attacker could exploit this vulnerability by modifying certain files on the vulnerable device. If successful, the attacker could gain escalated privileges and take actions on the system with the privileges of the root user.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-20716
CVE-2022-24287A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3 UC06), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1 UC01), SIMATIC WinCC Runtime Professional V16 and earlier (All versions), SIMATIC WinCC Runtime Professional V17 (All versions < V17 Upd4), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions < V7.4 SP 1 Update 21), SIMATIC WinCC V7.5 (All versions < V7.5 SP 2 Update 8). A missing printer configuration on the host could allow an authenticated attacker to escape the WinCC Kiosk Mode.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-24287
CVE-2018-25078man-db before 2.8.5 on Gentoo allows local users (with access to the man user account) to gain root privileges because /usr/bin/mandb is executed by root but not owned by root. (Also, the owner can strip the setuid and setgid bits.)7.8https://nvd.nist.gov/vuln/detail/CVE-2018-25078
CVE-2023-1829A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation. The tcindex_delete function which does not properly deactivate filters in case of a perfect hashes while deleting the underlying structure which can later lead to double freeing the structure. A local attacker user can use this vulnerability to elevate its privileges to root. We recommend upgrading past commit 8c710f75256bb3cf05ac7b1672c82b92c43f3d28. 7.8https://nvd.nist.gov/vuln/detail/CVE-2023-1829
CVE-2023-3111A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag().7.8https://nvd.nist.gov/vuln/detail/CVE-2023-3111
CVE-2023-3269A vulnerability exists in the memory management subsystem of the Linux kernel. The lock handling for accessing and updating virtual memory areas (VMAs) is incorrect, leading to use-after-free problems. This issue can be successfully exploited to execute arbitrary kernel code, escalate containers, and gain root privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-3269
CVE-2023-4004A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-4004
CVE-2023-4128A use-after-free flaw was found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel. This flaw allows a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-4128
CVE-2023-40303GNU inetutils through 2.4 may allow privilege escalation because of unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary user control the activities of the process.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-40303
CVE-2023-21235In onCreate of LockSettingsActivity.java, there is a possible way set a new lockscreen PIN without entering the existing PIN due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. 7.8https://nvd.nist.gov/vuln/detail/CVE-2023-21235
CVE-2022-45703Heap buffer overflow vulnerability in binutils readelf before 2.40 via function display_debug_section in file readelf.c.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-45703
CVE-2023-4504Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023. 7.8https://nvd.nist.gov/vuln/detail/CVE-2023-4504
CVE-2023-32377A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-32377
CVE-2023-32396This issue was addressed with improved checks. This issue is fixed in Xcode 15, tvOS 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to gain elevated privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-32396
CVE-2023-40409The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-40409
CVE-2023-41174The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10. An app may be able to execute arbitrary code with kernel privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-41174
CVE-2023-41984The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-41984
CVE-2023-41995A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-41995
CVE-2023-44464pretix before 2023.7.2 allows Pillow to parse EPS files.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-44464
CVE-2023-37605Buffer Overflow vulnerability in baramundi software GmbH EMM Agent 23.1.50 and before allows an attacker to cause a denial of service via a crafted request to the password parameter.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-37605
CVE-2023-43361Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local attacker to execute arbitrary code and cause a denial of service during the conversion of wav files to ogg files.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-43361
CVE-2023-5345A use-after-free vulnerability in the Linux kernel's fs/smb/client component can be exploited to achieve local privilege escalation. In case of an error in smb3_fs_context_parse_param, ctx->password was freed but the field was not set to NULL which could lead to double free. We recommend upgrading past commit e6e43b8aa7cd3c3af686caf0c2e11819a886d705. 7.8https://nvd.nist.gov/vuln/detail/CVE-2023-5345
CVE-2023-21673Improper Access to the VM resource manager can lead to Memory Corruption.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-21673
CVE-2023-22384Memory Corruption in VR Service while sending data using Fast Message Queue (FMQ).7.8https://nvd.nist.gov/vuln/detail/CVE-2023-22384
CVE-2023-24844Memory Corruption in Core while invoking a call to Access Control core library with hardware protected address range.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-24844
CVE-2023-24850Memory Corruption in HLOS while importing a cryptographic key into KeyMaster Trusted Application.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-24850
CVE-2023-24853Memory Corruption in HLOS while registering for key provisioning notify.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-24853
CVE-2023-28539Memory corruption in WLAN Host when the firmware invokes multiple WMI Service Available command.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-28539
CVE-2023-33029Memory corruption in DSP Service during a remote call from HLOS to DSP.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-33029
CVE-2023-33034Memory corruption while parsing the ADSP response command.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-33034
CVE-2023-33035Memory corruption while invoking callback function of AFE from ADSP.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-33035
CVE-2023-33039Memory corruption in Automotive Display while destroying the image handle created using connected display driver.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-33039
CVE-2023-44217A local privilege escalation vulnerability in SonicWall Net Extender MSI client for Windows 10.2.336 and earlier versions allows a local low-privileged user to gain system privileges through running repair functionality. 7.8https://nvd.nist.gov/vuln/detail/CVE-2023-44217
CVE-2023-44218A flaw within the SonicWall NetExtender Pre-Logon feature enables an unauthorized user to gain access to the host Windows operating system with 'SYSTEM' level privileges, leading to a local privilege escalation (LPE) vulnerability. 7.8https://nvd.nist.gov/vuln/detail/CVE-2023-44218
CVE-2023-4911A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-4911
CVE-2023-30692Improper input validation vulnerability in Evaluator prior to SMR Oct-2023 Release 1 allows local attackers to launch privileged activities.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-30692
CVE-2023-30738An improper input validation in UEFI Firmware prior to Firmware update Oct-2023 Release in Galaxy Book, Galaxy Book Pro, Galaxy Book Pro 360 and Galaxy Book Odyssey allows local attacker to execute SMM memory corruption.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-30738
CVE-2023-22618If Security Hardening guide rules are not followed, then Nokia WaveLite products allow a local user to create new users with administrative privileges by manipulating a web request. This affects (for example) WaveLite Metro 200 and Fan, WaveLite Metro 200 OPS and Fans, WaveLite Metro 200 and F2B fans, WaveLite Metro 200 OPS and F2B fans, WaveLite Metro 200 NE and F2B fans, and WaveLite Metro 200 NE OPS and F2B fans.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-22618
CVE-2023-3665A code injection vulnerability in Trellix ENS 10.7.0 April 2023 release and earlier, allowed a local user to disable the ENS AMSI component via environment variables, leading to denial of service and or the execution of arbitrary code. 7.8https://nvd.nist.gov/vuln/detail/CVE-2023-3665
CVE-2023-4237A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system's confidentiality, integrity, and availability.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-4237
CVE-2023-43838An arbitrary file upload vulnerability in Personal Management System v1.4.64 allows attackers to execute arbitrary code via uploading a crafted SVG file into a user profile's avatar.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-43838
CVE-2023-42824The issue was addressed with improved checks. This issue is fixed in iOS 17.0.3 and iPadOS 17.0.3, iOS 16.7.1 and iPadOS 16.7.1. A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.6.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-42824
CVE-2023-44209Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 29051.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-44209
CVE-2023-43799Altair is a GraphQL Client. Prior to version 5.2.5, the Altair GraphQL Client Desktop Application does not sanitize external URLs before passing them to the underlying system. Moreover, Altair GraphQL Client also does not isolate the context of the renderer process. This affects versions of the software running on MacOS, Windows, and Linux. Version 5.2.5 fixes this issue.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-43799
CVE-2023-43069Dell SmartFabric Storage Software v1.4 (and earlier) contain(s) an OS Command Injection Vulnerability in the CLI. An authenticated local attacker could potentially exploit this vulnerability, leading to possible injection of parameters to curl or docker. 7.8https://nvd.nist.gov/vuln/detail/CVE-2023-43069
CVE-2023-43072Dell SmartFabric Storage Software v1.4 (and earlier) contains an improper access control vulnerability in the CLI. A local possibly unauthenticated attacker could potentially exploit this vulnerability, leading to ability to execute arbritrary shell commands. 7.8https://nvd.nist.gov/vuln/detail/CVE-2023-43072
CVE-2023-36123Directory Traversal vulnerability in Hex-Dragon Plain Craft Launcher 2 version Alpha 1.3.9, allows local attackers to execute arbitrary code and gain sensitive information.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-36123
CVE-2022-30527A vulnerability has been identified in SINEC NMS (All versions < V2.0). The affected application assigns improper access rights to specific folders containing executable files and libraries. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges.7.8https://nvd.nist.gov/vuln/detail/CVE-2022-30527
CVE-2023-30900A vulnerability has been identified in Xpedition Layout Browser (All versions < VX.2.14). Affected application contains a stack overflow vulnerability when parsing a PCB file. An attacker can leverage this vulnerability to execute code in the context of the current process.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-30900
CVE-2023-44081A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-44081
CVE-2023-44082A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-44082
CVE-2023-44083A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-44083
CVE-2023-44084A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-44084
CVE-2023-44085A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-44085
CVE-2023-44086A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-44086
CVE-2023-44087A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-44087
CVE-2023-45204A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain a type confusion vulnerability while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21268)7.8https://nvd.nist.gov/vuln/detail/CVE-2023-45204
CVE-2023-45205A vulnerability has been identified in SICAM PAS/PQS (All versions >= V8.00 < V8.20). The affected application is installed with specific files and folders with insecure permissions. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges to `NT AUTHORITY/SYSTEM`.7.8https://nvd.nist.gov/vuln/detail/CVE-2023-45205
CVE-2023-45601A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.262), Parasolid V35.1 (All versions < V35.1.250), Parasolid V36.0 (All versions < V36.0.169), Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain a stack overflow vulnerability while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21290)7.8https://nvd.nist.gov/vuln/detail/CVE-2023-45601
CVE-2023-43611The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process. This vulnerability is due to an incomplete fix for CVE-2023-38418. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated 7.8https://nvd.nist.gov/vuln/detail/CVE-2023-43611
CVE-2023-36417Microsoft SQL ODBC Driver Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-36417
CVE-2023-36418Azure RTOS GUIX Studio Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-36418
CVE-2023-36436Windows MSHTML Platform Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-36436
CVE-2023-36557PrintHTML API Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-36557
CVE-2023-36593Microsoft Message Queuing Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-36593
CVE-2023-36594Windows Graphics Component Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-36594
CVE-2023-36598Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-36598
CVE-2023-36701Microsoft Resilient File System (ReFS) Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-36701
CVE-2023-36702Microsoft DirectMusic Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-36702
CVE-2023-36704Windows Setup Files Cleanup Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-36704
CVE-2023-36710Windows Media Foundation Core Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-36710
CVE-2023-36711Windows Runtime C++ Template Library Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-36711
CVE-2023-36712Windows Kernel Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-36712
CVE-2023-36718Microsoft Virtual Trusted Platform Module Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-36718
CVE-2023-36723Windows Container Manager Service Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-36723
CVE-2023-36725Windows Kernel Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-36725
CVE-2023-36726Windows Internet Key Exchange (IKE) Extension Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-36726
CVE-2023-36729Named Pipe File System Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-36729
CVE-2023-36730Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-36730
CVE-2023-36731Win32k Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-36731
CVE-2023-36732Win32k Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-36732
CVE-2023-36737Azure Network Watcher VM Agent Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-36737
CVE-2023-36743Win32k Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-36743
CVE-2023-36785Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-36785
CVE-2023-36790Windows RDP Encoder Mirror Driver Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-36790
CVE-2023-41766Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-41766
CVE-2023-41772Win32k Elevation of Privilege Vulnerability7.8https://nvd.nist.gov/vuln/detail/CVE-2023-41772
CVE-2022-34821A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (All versions < V7.2), RUGGEDCOM RM1224 LTE(4G) NAM (All versions < V7.2), SCALANCE M804PB (All versions < V7.2), SCALANCE M812-1 ADSL-Router (Annex A) (All versions < V7.2), SCALANCE M812-1 ADSL-Router (Annex B) (All versions < V7.2), SCALANCE M816-1 ADSL-Router (Annex A) (All versions < V7.2), SCALANCE M816-1 ADSL-Router (Annex B) (All versions < V7.2), SCALANCE M826-2 SHDSL-Router (All versions < V7.2), SCALANCE M874-2 (All versions < V7.2), SCALANCE M874-3 (All versions < V7.2), SCALANCE M876-3 (EVDO) (All versions < V7.2), SCALANCE M876-3 (ROK) (All versions < V7.2), SCALANCE M876-4 (All versions < V7.2), SCALANCE M876-4 (EU) (All versions < V7.2), SCALANCE M876-4 (NAM) (All versions < V7.2), SCALANCE MUM853-1 (EU) (All versions < V7.2), SCALANCE MUM856-1 (EU) (All versions < V7.2), SCALANCE MUM856-1 (RoW) (All versions < V7.2), SCALANCE S615 (All versions < V7.2), SCALANCE S615 EEC (All versions < V7.2), SCALANCE SC622-2C (All versions < V2.3), SCALANCE SC622-2C (All versions >= V2.3 < V3.0), SCALANCE SC626-2C (All versions < V2.3), SCALANCE SC626-2C (All versions >= V2.3 < V3.0), SCALANCE SC632-2C (All versions < V2.3), SCALANCE SC632-2C (All versions >= V2.3 < V3.0), SCALANCE SC636-2C (All versions < V2.3), SCALANCE SC636-2C (All versions >= V2.3 < V3.0), SCALANCE SC642-2C (All versions < V2.3), SCALANCE SC642-2C (All versions >= V2.3 < V3.0), SCALANCE SC646-2C (All versions < V2.3), SCALANCE SC646-2C (All versions >= V2.3 < V3.0), SCALANCE WAM763-1 (All versions), SCALANCE WAM766-1 (EU) (All versions), SCALANCE WAM766-1 (US) (All versions), SCALANCE WAM766-1 EEC (EU) (All versions), SCALANCE WAM766-1 EEC (US) (All versions), SCALANCE WUM763-1 (All versions), SCALANCE WUM763-1 (All versions), SCALANCE WUM766-1 (EU) (All versions), SCALANCE WUM766-1 (US) (All versions), SIMATIC CP 1242-7 V2 (All versions < V3.3.46), SIMATIC CP 1243-1 (All versions < V3.3.46), SIMATIC CP 1243-7 LTE EU (All versions < V3.3.46), SIMATIC CP 1243-7 LTE US (All versions < V3.3.46), SIMATIC CP 1243-8 IRC (All versions < V3.3.46), SIMATIC CP 1542SP-1 IRC (All versions >= V2.0 < V2.2.28), SIMATIC CP 1543-1 (All versions < V3.0.22), SIMATIC CP 1543SP-1 (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions >= V2.0 < V2.2.28), SIPLUS NET CP 1242-7 V2 (All versions < V3.3.46), SIPLUS NET CP 1543-1 (All versions < V3.0.22), SIPLUS S7-1200 CP 1243-1 (All versions < V3.3.46), SIPLUS S7-1200 CP 1243-1 RAIL (All versions < V3.3.46). By injecting code to specific configuration options for OpenVPN, an attacker could execute arbitrary code with elevated privileges.7.6https://nvd.nist.gov/vuln/detail/CVE-2022-34821
CVE-2016-1000338In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure.7.5https://nvd.nist.gov/vuln/detail/CVE-2016-1000338
CVE-2019-11324The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use of the ssl_context, ca_certs, or ca_certs_dir argument.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-11324
CVE-2019-14232An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable.7.5https://nvd.nist.gov/vuln/detail/CVE-2019-14232
CVE-2020-4031In FreeRDP before version 2.1.2, there is a use-after-free in gdi_SelectObject. All FreeRDP clients using compatibility mode with /relax-order-checks are affected. This is fixed in version 2.1.2.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-4031
CVE-2021-1278Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-1278
CVE-2021-1241Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-1241
CVE-2020-27632In SIMATIC MV400 family versions prior to v7.0.6, the ISN generator is initialized with a constant value and has constant increments. An attacker could predict and hijack TCP sessions.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-27632
CVE-2022-23223On Apache ShenYu versions 2.4.0 and 2.4.1, and endpoint existed that disclosed the passwords of all users. Users are recommended to upgrade to version 2.4.2 or later.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-23223
CVE-2022-29534An issue was discovered in MISP before 2.4.158. In UsersController.php, password confirmation can be bypassed via vectors involving an "Accept: application/json" header.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-29534
CVE-2022-34180Jenkins Embeddable Build Status Plugin 2.0.3 and earlier does not correctly perform the ViewStatus permission check in the HTTP endpoint it provides for "unprotected" status badge access, allowing attackers without any permissions to obtain the build status badge icon for any attacker-specified job and/or build.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-34180
CVE-2022-41916Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal's PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applications using Heimdal's libhx509. Users should upgrade to Heimdal 7.7.1 or 7.8. There are no known workarounds for this issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-41916
CVE-2021-44758Heimdal before 7.7.1 allows attackers to cause a NULL pointer dereference in a SPNEGO acceptor via a preferred_mech_type of GSS_C_NO_OID and a nonzero initial_response value to send_accept.7.5https://nvd.nist.gov/vuln/detail/CVE-2021-44758
CVE-2022-46285A flaw was found in libXpm. This issue occurs when parsing a file with a comment not closed; the end-of-file condition will not be detected, leading to an infinite loop and resulting in a Denial of Service in the application linked to the library.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-46285
CVE-2022-46663In GNU Less before 609, crafted data can result in "less -R" not filtering ANSI escape sequences sent to the terminal.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-46663
CVE-2022-45142The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches (and possibly other branches) a logic inversion sneaked in causing the validation of message integrity codes in gssapi/arcfour to be inverted.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-45142
CVE-2023-32067c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-32067
CVE-2023-39003OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 was discovered to contain insecure permissions in the directory /tmp.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-39003
CVE-2023-39005Insecure permissions exist for configd.socket in OPNsense Community Edition before 23.7 and Business Edition before 23.4.2.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-39005
CVE-2020-22218An issue was discovered in function _libssh2_packet_add in libssh2 1.10.0 allows attackers to access out of bounds memory.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-22218
CVE-2020-35342GNU Binutils before 2.34 has an uninitialized-heap vulnerability in function tic4x_print_cond (file opcodes/tic4x-dis.c) which could allow attackers to make an information leak.7.5https://nvd.nist.gov/vuln/detail/CVE-2020-35342
CVE-2023-41105An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-41105
CVE-2023-32559A privilege escalation vulnerability exists in the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. The use of the deprecated API `process.binding()` can bypass the policy mechanism by requiring internal modules and eventually take advantage of `process.binding('spawn_sync')` run arbitrary code, outside of the limits defined in a `policy.json` file. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-32559
CVE-2021-32050Some MongoDB Drivers may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when specific authentication-related commands are executed. Without due care, an application may inadvertently expose this sensitive information, e.g., by writing it to a log file. This issue only arises if an application enables the command listener feature (this is not enabled by default). This issue affects the MongoDB C Driver 1.0.0 prior to 1.17.7, MongoDB PHP Driver 1.0.0 prior to 1.9.2, MongoDB Swift Driver 1.0.0 prior to 1.1.1, MongoDB Node.js Driver 3.6 prior to 3.6.10, MongoDB Node.js Driver 4.0 prior to 4.17.0 and MongoDB Node.js Driver 5.0 prior to 5.8.0. This issue also affects users of the MongoDB C++ Driver dependent on the C driver 1.0.0 prior to 1.17.7 (C++ driver prior to 3.7.0). 7.5https://nvd.nist.gov/vuln/detail/CVE-2021-32050
CVE-2023-40589FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions there is a Global-Buffer-Overflow in the ncrush_decompress function. Feeding crafted input into this function can trigger the overflow which has only been shown to cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-40589
CVE-2023-39350FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. This issue affects Clients only. Integer underflow leading to DOS (e.g. abort due to `WINPR_ASSERT` with default compilation flags). When an insufficient blockLen is provided, and proper length validation is not performed, an Integer Underflow occurs, leading to a Denial of Service (DOS) vulnerability. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability. 7.5https://nvd.nist.gov/vuln/detail/CVE-2023-39350
CVE-2023-39351FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions of FreeRDP are subject to a Null Pointer Dereference leading a crash in the RemoteFX (rfx) handling. Inside the `rfx_process_message_tileset` function, the program allocates tiles using `rfx_allocate_tiles` for the number of numTiles. If the initialization process of tiles is not completed for various reasons, tiles will have a NULL pointer. Which may be accessed in further processing and would cause a program crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-39351
CVE-2023-39354FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `nsc_rle_decompress_data` function. The Out-Of-Bounds Read occurs because it processes `context->Planes` without checking if it contains data of sufficient length. Should an attacker be able to leverage this vulnerability they may be able to cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-39354
CVE-2023-4540Improper Handling of Exceptional Conditions vulnerability in Daurnimator lua-http library allows Excessive Allocation and a denial of service (DoS) attack to be executed by sending a properly crafted request to the server. This issue affects lua-http: all versions before commit ddab283.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-4540
CVE-2023-41594Dairy Farm Shop Management System Using PHP and MySQL v1.1 was discovered to contain multiple SQL injection vulnerabilities in the Login function via the Username and Password parameters.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-41594
CVE-2023-30995IBM Aspera Faspex 4.0 through 4.4.2 and 5.0 through 5.0.5 could allow a malicious actor to bypass IP whitelist restrictions using a specially crafted HTTP request. IBM X-Force ID: 254268.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-30995
CVE-2023-4278The MasterStudy LMS WordPress Plugin WordPress plugin before 3.0.18 does not have proper checks in place during registration allowing anyone to register on the site as an instructor. They can then add courses and/or posts.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-4278
CVE-2023-28831The OPC UA implementations (ANSI C and C++) in affected products contain an integer overflow vulnerability that could cause the application to run into an infinite loop during certificate validation. This could allow an unauthenticated remote attacker to create a denial of service condition by sending a specially crafted certificate.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-28831
CVE-2023-43783Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/cadence-wineasio.reg Temporary File. The filename is used even if it has been created by a local adversary before Cadence started. The adversary can leverage this to create or overwrite files via a symlink attack. In some kernel configurations, code injection into the Wine registry is possible.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-43783
CVE-2023-5156A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-5156
CVE-2023-20187A vulnerability in the Multicast Leaf Recycle Elimination (mLRE) feature of Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to incorrect handling of certain IPv6 multicast packets when they are fanned out more than seven times on an affected device. An attacker could exploit this vulnerability by sending a specific IPv6 multicast or IPv6 multicast VPN (MVPNv6) packet through the affected device. A successful exploit could allow the attacker to cause a reload of the affected device, resulting in a DoS condition.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-20187
CVE-2023-20226A vulnerability in Application Quality of Experience (AppQoE) and Unified Threat Defense (UTD) on Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to the mishandling of a crafted packet stream through the AppQoE or UTD application. An attacker could exploit this vulnerability by sending a crafted packet stream through an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-20226
CVE-2023-20227A vulnerability in the Layer 2 Tunneling Protocol (L2TP) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of certain L2TP packets. An attacker could exploit this vulnerability by sending crafted L2TP packets to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition. Note: Only traffic directed to the affected system can be used to exploit this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-20227
CVE-2023-5256In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation. This vulnerability only affects sites with the JSON:API module enabled, and can be mitigated by uninstalling JSON:API. The core REST and contributed GraphQL modules are not affected. 7.5https://nvd.nist.gov/vuln/detail/CVE-2023-5256
CVE-2023-39410When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro version 1.11.3 which addresses this issue. 7.5https://nvd.nist.gov/vuln/detail/CVE-2023-39410
CVE-2023-5296A vulnerability was found in Xinhu RockOA 1.1/2.3.2/15.X3amdi and classified as problematic. Affected by this issue is some unknown functionality of the file api.php?m=reimplat&a=index of the component Password Handler. The manipulation leads to weak password recovery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-240926 is the identifier assigned to this vulnerability.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-5296
CVE-2023-5297A vulnerability was found in Xinhu RockOA 2.3.2. It has been classified as problematic. This affects the function start of the file task.php?m=sys|runt&a=beifen. The manipulation leads to exposure of backup file to an unauthorized control sphere. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240927.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-5297
CVE-2023-44488VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-44488
CVE-2023-3768Incorrect data input validation vulnerability, which could allow an attacker with access to the network to implement fuzzing techniques that would allow him to gain knowledge about specially crafted packets that would create a DoS condition through the MMS protocol when initiating communication, achieving a complete system reboot of the device and its services.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-3768
CVE-2023-5106An issue has been discovered in Ultimate-licensed GitLab EE affecting all versions starting 13.12 prior to 16.2.8, 16.3.0 prior to 16.3.5, and 16.4.0 prior to 16.4.1 that could allow an attacker to impersonate users in CI pipelines through direct transfer group imports.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-5106
CVE-2023-41580Phpipam before v1.5.2 was discovered to contain a LDAP injection vulnerability via the dname parameter at /users/ad-search-result.php. This vulnerability allows attackers to enumerate arbitrary fields in the LDAP server and access sensitive data via a crafted POST request.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-41580
CVE-2023-3769Incorrect data input validation vulnerability, which could allow an attacker with access to the network to implement fuzzing techniques that would allow him to gain knowledge about specially crafted packets that would create a DoS condition through the MMS protocol when initiating communication, achieving a complete system reboot of the device and its services.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-3769
CVE-2023-3592In Mosquitto before 2.0.16, a memory leak occurs when clients send v5 CONNECT packets with a will message that contains invalid property types. 7.5https://nvd.nist.gov/vuln/detail/CVE-2023-3592
CVE-2023-5344Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-5344
CVE-2023-3967Allocation of Resources Without Limits or Throttling vulnerability in Hitachi Ops Center Common Services on Linux allows DoS.This issue affects Hitachi Ops Center Common Services: before 10.9.3-00. 7.5https://nvd.nist.gov/vuln/detail/CVE-2023-3967
CVE-2023-26150Versions of the package asyncua before 0.9.96 are vulnerable to Improper Authentication such that it is possible to access Address Space without encryption and authentication. **Note:** This issue is a result of missing checks for services that require an active session.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-26150
CVE-2023-26151Versions of the package asyncua before 0.9.96 are vulnerable to Denial of Service (DoS) such that an attacker can send a malformed packet and as a result, the server will enter into an infinite loop and consume excessive memory.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-26151
CVE-2023-26152All versions of the package static-server are vulnerable to Directory Traversal due to improper input sanitization passed via the validPath function of server.js.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-26152
CVE-2023-24843Transient DOS in Modem while triggering a camping on an 5G cell.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-24843
CVE-2023-24847Transient DOS in Modem while allocating DSM items.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-24847
CVE-2023-24848Information Disclosure in Data Modem while performing a VoLTE call with an undefined RTCP FB line value.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-24848
CVE-2023-24849Information Disclosure in data Modem while parsing an FMTP line in an SDP message.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-24849
CVE-2023-28540Cryptographic issue in Data Modem due to improper authentication during TLS handshake.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-28540
CVE-2023-33026Transient DOS in WLAN Firmware while parsing a NAN management frame.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-33026
CVE-2023-33027Transient DOS in WLAN Firmware while parsing rsn ies.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-33027
CVE-2023-3655cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to 03.A06rks 2023.02.37 are affected by a dangerous methods, that allows to leak the database (system settings, user accounts,...). This vulnerability can be triggered by an HTTP endpoint exposed to the network. 7.5https://nvd.nist.gov/vuln/detail/CVE-2023-3655
CVE-2022-47892All versions of NetMan 204 could allow an unauthenticated remote attacker to read a file (config.cgi) containing sensitive information, like credentials.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-47892
CVE-2023-3349Information exposure vulnerability in IBERMATICA RPS 2019, which exploitation could allow an unauthenticated user to retrieve sensitive information, such as usernames, IP addresses or SQL queries sent to the application. By accessing the URL /RPS2019Service/status.html, the application enables the logging mechanism by generating the log file, which can be downloaded.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-3349
CVE-2023-3350A Cryptographic Issue vulnerability has been found on IBERMATICA RPS, affecting version 2019. By firstly downloading the log file, an attacker could retrieve the SQL query sent to the application in plaint text. This log file contains the password hashes coded with AES-CBC-128 bits algorithm, which can be decrypted with a .NET function, obtaining the username's password in plain text.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-3350
CVE-2023-4882DOS vulnerability that could allow an attacker to register a new VNF (Virtual Network Function) value. This action could trigger the args_assets() function defined in the arg-log.php file, which would then execute the args-abort.c file, causing the service to crash.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-4882
CVE-2023-4883Invalid pointer release vulnerability. Exploitation of this vulnerability could allow an attacker to interrupt the correct operation of the service by sending a specially crafted json string to the VNF (Virtual Network Function), and triggering the ogs_sbi_message_free function, which could cause a service outage.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-4883
CVE-2023-4884An attacker could send an HTTP request to an Open5GS endpoint and retrieve the information stored on the device due to the lack of Authentication.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-4884
CVE-2023-5255For certificates that utilize the auto-renew feature in Puppet Server, a flaw exists which prevents the certificates from being revoked.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-5255
CVE-2022-22447IBM Disconnected Log Collector 1.0 through 1.8.2 is vulnerable to potential security misconfigurations that could disclose unintended information. IBM X-Force ID: 224648.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-22447
CVE-2023-30727Improper access control vulnerability in SecSettings prior to SMR Oct-2023 Release 1 allows attackers to enable Wi-Fi and connect arbitrary Wi-Fi without User Interaction.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-30727
CVE-2023-1584A flaw was found in Quarkus. Quarkus OIDC can leak both ID and access tokens in the authorization code flow when an insecure HTTP protocol is used, which can allow attackers to access sensitive user data directly from the ID token or by using the access token to access user data from OIDC provider services. Please note that passwords are not stored in access tokens.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-1584
CVE-2023-3512Relative path traversal vulnerability in Setelsa Security's ConacWin CB, in its 3.8.2.2 version and earlier, the exploitation of which could allow an attacker to perform an arbitrary download of files from the system via the "Download file" parameter.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-3512
CVE-2023-3038SQL injection vulnerability in HelpDezk Community affecting version 1.1.10. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the rows parameter of the jsonGrid route and extract all the information stored in the application.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-3038
CVE-2023-3361A flaw was found in Red Hat OpenShift Data Science. When exporting a pipeline from the Elyra notebook pipeline editor as Python DSL or YAML, it reads S3 credentials from the cluster (ds pipeline server) and saves them in plain text in the generated output instead of an ID for a Kubernetes secret.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-3361
CVE-2023-43809Soft Serve is a self-hostable Git server for the command line. Prior to version 0.6.2, a security vulnerability in Soft Serve could allow an unauthenticated, remote attacker to bypass public key authentication when keyboard-interactive SSH authentication is active, through the `allow-keyless` setting, and the public key requires additional client-side verification for example using FIDO2 or GPG. This is due to insufficient validation procedures of the public key step during SSH request handshake, granting unauthorized access if the keyboard-interaction mode is utilized. An attacker could exploit this vulnerability by presenting manipulated SSH requests using keyboard-interactive authentication mode. This could potentially result in unauthorized access to the Soft Serve. Users should upgrade to the latest Soft Serve version `v0.6.2` to receive the patch for this issue. To workaround this vulnerability without upgrading, users can temporarily disable Keyboard-Interactive SSH Authentication using the `allow-keyless` setting.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-43809
CVE-2023-44828D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the CurrentPassword parameter in the CheckPasswdSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-44828
CVE-2023-44829D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the AdminPassword parameter in the SetDeviceSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-44829
CVE-2023-44830D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the EndTime parameter in the SetParentsControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-44830
CVE-2023-44831D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Type parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-44831
CVE-2023-44832D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the MacAddress parameter in the SetWanSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-44832
CVE-2023-44833D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the GuardInt parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-44833
CVE-2023-44834D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the StartTime parameter in the SetParentsControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-44834
CVE-2023-44835D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Mac parameter in the SetParentsControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-44835
CVE-2023-44836D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the SSID parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-44836
CVE-2023-44837D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Password parameter in the SetWanSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-44837
CVE-2023-44838D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the TXPower parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-44838
CVE-2023-44839D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Encryption parameter in the SetWLanRadioSecurity function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-44839
CVE-2022-33160IBM Security Directory Suite 8.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 228568.7.5https://nvd.nist.gov/vuln/detail/CVE-2022-33160
CVE-2023-42796A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.11), CP-8050 MASTER MODULE (All versions < CPCI85 V05.11). The web server of affected devices fails to properly sanitize user input for the /sicweb-ajax/tmproot/ endpoint. This could allow an authenticated remote attacker to traverse directories on the system and download arbitrary files. By exploring active session IDs, the vulnerability could potentially be leveraged to escalate privileges to the administrator role.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-42796
CVE-2023-40534When a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server, and an iRule using the HTTP_REQUEST event or Local Traffic Policy are associated with the virtual server, undisclosed requests can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.7.5https://nvd.nist.gov/vuln/detail/CVE-2023-40534
CVE-2023-40542When TCP Verified Accept is enabled on a TCP profile that is configured on a Virtual Server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated7.5https://nvd.nist.gov/vuln/detail/CVE-2023-40542
CVE-2023-41085When IPSec is configured on a Virtual Server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 7.5https://nvd.nist.gov/vuln/detail/CVE-2023-41085
CVE-2023-36431Microsoft Message Queuing Denial of Service Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2023-36431
CVE-2023-36435Microsoft QUIC Denial of Service Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2023-36435
CVE-2023-36438Windows TCP/IP Information Disclosure Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2023-36438
CVE-2023-36567Windows Deployment Services Information Disclosure Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2023-36567
CVE-2023-36579Microsoft Message Queuing Denial of Service Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2023-36579
CVE-2023-36581Microsoft Message Queuing Denial of Service Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2023-36581
CVE-2023-36585Active Template Library Denial of Service Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2023-36585
CVE-2023-36602Windows TCP/IP Denial of Service Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2023-36602
CVE-2023-36603Windows TCP/IP Denial of Service Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2023-36603
CVE-2023-36606Microsoft Message Queuing Denial of Service Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2023-36606
CVE-2023-36703DHCP Server Service Denial of Service Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2023-36703
CVE-2023-36709Microsoft AllJoyn API Denial of Service Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2023-36709
CVE-2023-36720Windows Mixed Reality Developer Tools Denial of Service Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2023-36720
CVE-2023-38171Microsoft QUIC Denial of Service Vulnerability7.5https://nvd.nist.gov/vuln/detail/CVE-2023-38171
CVE-2023-4586A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validation when using TLS, possibly resulting in a man-in-the-middle (MITM) attack.7.4https://nvd.nist.gov/vuln/detail/CVE-2023-4586
CVE-2023-45226The BIG-IP SPK TMM (Traffic Management Module) f5-debug-sidecar and f5-debug-sshd containers contains hardcoded credentials that may allow an attacker with the ability to intercept traffic to impersonate the SPK Secure Shell (SSH) server on those containers. This is only exposed when ssh debug is enabled. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated7.4https://nvd.nist.gov/vuln/detail/CVE-2023-45226
CVE-2023-36605Windows Named Pipe Filesystem Elevation of Privilege Vulnerability7.4https://nvd.nist.gov/vuln/detail/CVE-2023-36605
CVE-2015-8955arch/arm64/kernel/perf_event.c in the Linux kernel before 4.1 on arm64 platforms allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via vectors involving events that are mishandled during a span of multiple HW PMUs.7.3https://nvd.nist.gov/vuln/detail/CVE-2015-8955
CVE-2022-25311A vulnerability has been identified in SINEC NMS (All versions >= V1.0.3 < V2.0), SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). The affected software do not properly check privileges between users during the same web browser session, creating an unintended sphere of control. This could allow an authenticated low privileged user to achieve privilege escalation.7.3https://nvd.nist.gov/vuln/detail/CVE-2022-25311
CVE-2023-5450An insufficient verification of data vulnerability exists in BIG-IP Edge Client Installer on macOS that may allow an attacker elevation of privileges during the installation process. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 7.3https://nvd.nist.gov/vuln/detail/CVE-2023-5450
CVE-2023-36420Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability7.3https://nvd.nist.gov/vuln/detail/CVE-2023-36420
CVE-2023-36561Azure DevOps Server Elevation of Privilege Vulnerability7.3https://nvd.nist.gov/vuln/detail/CVE-2023-36561
CVE-2023-36570Microsoft Message Queuing Remote Code Execution Vulnerability7.3https://nvd.nist.gov/vuln/detail/CVE-2023-36570
CVE-2023-36571Microsoft Message Queuing Remote Code Execution Vulnerability7.3https://nvd.nist.gov/vuln/detail/CVE-2023-36571
CVE-2023-36572Microsoft Message Queuing Remote Code Execution Vulnerability7.3https://nvd.nist.gov/vuln/detail/CVE-2023-36572
CVE-2023-36573Microsoft Message Queuing Remote Code Execution Vulnerability7.3https://nvd.nist.gov/vuln/detail/CVE-2023-36573
CVE-2023-36574Microsoft Message Queuing Remote Code Execution Vulnerability7.3https://nvd.nist.gov/vuln/detail/CVE-2023-36574
CVE-2023-36575Microsoft Message Queuing Remote Code Execution Vulnerability7.3https://nvd.nist.gov/vuln/detail/CVE-2023-36575
CVE-2023-36578Microsoft Message Queuing Remote Code Execution Vulnerability7.3https://nvd.nist.gov/vuln/detail/CVE-2023-36578
CVE-2023-36582Microsoft Message Queuing Remote Code Execution Vulnerability7.3https://nvd.nist.gov/vuln/detail/CVE-2023-36582
CVE-2023-36583Microsoft Message Queuing Remote Code Execution Vulnerability7.3https://nvd.nist.gov/vuln/detail/CVE-2023-36583
CVE-2023-36589Microsoft Message Queuing Remote Code Execution Vulnerability7.3https://nvd.nist.gov/vuln/detail/CVE-2023-36589
CVE-2023-36590Microsoft Message Queuing Remote Code Execution Vulnerability7.3https://nvd.nist.gov/vuln/detail/CVE-2023-36590
CVE-2023-36591Microsoft Message Queuing Remote Code Execution Vulnerability7.3https://nvd.nist.gov/vuln/detail/CVE-2023-36591
CVE-2023-36592Microsoft Message Queuing Remote Code Execution Vulnerability7.3https://nvd.nist.gov/vuln/detail/CVE-2023-36592
CVE-2022-24282A vulnerability has been identified in SINEC NMS (All versions >= V1.0.3 < V2.0), SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). The affected system allows to upload JSON objects that are deserialized to Java objects. Due to insecure deserialization of user-supplied content by the affected software, a privileged attacker could exploit this vulnerability by sending a maliciously crafted serialized Java object. This could allow the attacker to execute arbitrary code on the device with root privileges.7.2https://nvd.nist.gov/vuln/detail/CVE-2022-24282
CVE-2023-1985A vulnerability, which was classified as critical, has been found in SourceCodester Online Computer and Laptop Store 1.0. This issue affects the function save_brand of the file /classes/Master.php?f=save_brand. The manipulation of the argument name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225533 was assigned to this vulnerability.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-1985
CVE-2023-1986A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. Affected is the function delete_order of the file /classes/master.php?f=delete_order. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225534 is the identifier assigned to this vulnerability.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-1986
CVE-2023-1987A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. Affected by this vulnerability is the function update_order_status of the file /classes/Master.php?f=update_order_status. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225535.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-1987
CVE-2023-39362Cacti is an open source operational monitoring and fault management framework. In Cacti 1.2.24, under certain conditions, an authenticated privileged user, can use a malicious string in the SNMP options of a Device, performing command injection and obtaining remote code execution on the underlying server. The `lib/snmp.php` file has a set of functions, with similar behavior, that accept in input some variables and place them into an `exec` call without a proper escape or validation. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-39362
CVE-2023-32972A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and later QTS 5.1.0.2444 build 20230629 and later QTS 4.5.4.2467 build 20230718 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.0.2424 build 20230609 and later QuTS hero h4.5.4.2476 build 20230728 and later QuTScloud c5.1.0.2498 and later 7.2https://nvd.nist.gov/vuln/detail/CVE-2023-32972
CVE-2023-42768When a non-admin user has been assigned an administrator role via an iControl REST PUT request and later the user's role is reverted back to a non-admin role via the Configuration utility, tmsh, or iControl REST. BIG-IP non-admin user can still have access to iControl REST admin resource. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.7.2https://nvd.nist.gov/vuln/detail/CVE-2023-42768
CVE-2023-36780Skype for Business Remote Code Execution Vulnerability7.2https://nvd.nist.gov/vuln/detail/CVE-2023-36780
CVE-2023-36786Skype for Business Remote Code Execution Vulnerability7.2https://nvd.nist.gov/vuln/detail/CVE-2023-36786
CVE-2023-36789Skype for Business Remote Code Execution Vulnerability7.2https://nvd.nist.gov/vuln/detail/CVE-2023-36789
CVE-2020-13396An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in ntlm_read_ChallengeMessage in winpr/libwinpr/sspi/NTLM/ntlm_message.c.7.1https://nvd.nist.gov/vuln/detail/CVE-2020-13396
CVE-2022-0850A vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to userspace.7.1https://nvd.nist.gov/vuln/detail/CVE-2022-0850
CVE-2022-3202A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in Journaled File System (JFS)in the Linux kernel. This could allow a local attacker to crash the system or leak kernel internal information.7.1https://nvd.nist.gov/vuln/detail/CVE-2022-3202
CVE-2022-41858A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information.7.1https://nvd.nist.gov/vuln/detail/CVE-2022-41858
CVE-2023-24518A Cross-site Request Forgery (CSRF) vulnerability in Pandora FMS allows an attacker to force authenticated users to send a request to a web application they are currently authenticated against. This issue affects Pandora FMS version 767 and earlier versions on all platforms.7.1https://nvd.nist.gov/vuln/detail/CVE-2023-24518
CVE-2023-5369Before correction, the copy_file_range system call checked only for the CAP_READ and CAP_WRITE capabilities on the input and output file descriptors, respectively. Using an offset is logically equivalent to seeking, and the system call must additionally require the CAP_SEEK capability. This incorrect privilege check enabled sandboxed processes with only read or write but no seek capability on a file descriptor to read data from or write data to an arbitrary location within the file corresponding to that file descriptor.7.1https://nvd.nist.gov/vuln/detail/CVE-2023-5369
CVE-2023-5377Out-of-bounds Read in GitHub repository gpac/gpac prior to v2.2.2-DEV.7.1https://nvd.nist.gov/vuln/detail/CVE-2023-5377
CVE-2023-2422A flaw was found in Keycloak. A Keycloak server configured to support mTLS authentication for OAuth/OpenID clients does not properly verify the client certificate chain. A client that possesses a proper certificate can authorize itself as any other client, therefore, access data that belongs to other clients.7.1https://nvd.nist.gov/vuln/detail/CVE-2023-2422
CVE-2023-44211Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 31637.7.1https://nvd.nist.gov/vuln/detail/CVE-2023-44211
CVE-2023-44212Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 31477.7.1https://nvd.nist.gov/vuln/detail/CVE-2023-44212
CVE-2019-11486The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel before 5.0.8 has multiple race conditions.7https://nvd.nist.gov/vuln/detail/CVE-2019-11486
CVE-2020-25668A flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op.7https://nvd.nist.gov/vuln/detail/CVE-2020-25668
CVE-2021-4083A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system. This flaw affects Linux kernel versions prior to 5.16-rc4.7https://nvd.nist.gov/vuln/detail/CVE-2021-4083
CVE-2021-3640A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system.7https://nvd.nist.gov/vuln/detail/CVE-2021-3640
CVE-2023-36565Microsoft Office Graphics Elevation of Privilege Vulnerability7https://nvd.nist.gov/vuln/detail/CVE-2023-36565
CVE-2023-36568Microsoft Office Click-To-Run Elevation of Privilege Vulnerability7https://nvd.nist.gov/vuln/detail/CVE-2023-36568
CVE-2023-36721Windows Error Reporting Service Elevation of Privilege Vulnerability7https://nvd.nist.gov/vuln/detail/CVE-2023-36721
CVE-2023-36776Win32k Elevation of Privilege Vulnerability7https://nvd.nist.gov/vuln/detail/CVE-2023-36776
CVE-2023-36902Windows Runtime Remote Code Execution Vulnerability7https://nvd.nist.gov/vuln/detail/CVE-2023-36902
CVE-2023-38159Windows Graphics Component Elevation of Privilege Vulnerability7https://nvd.nist.gov/vuln/detail/CVE-2023-38159
CVE-2020-11039In FreeRDP less than or equal to 2.0.0, when using a manipulated server with USB redirection enabled (nearly) arbitrary memory can be read and written due to integer overflows in length checks. This has been patched in 2.1.0.6.8https://nvd.nist.gov/vuln/detail/CVE-2020-11039
CVE-2023-36697Microsoft Message Queuing Remote Code Execution Vulnerability6.8https://nvd.nist.gov/vuln/detail/CVE-2023-36697
CVE-2020-27777A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel.6.7https://nvd.nist.gov/vuln/detail/CVE-2020-27777
CVE-2021-28972In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\\0' termination, aka CID-cc7a0bb058b8.6.7https://nvd.nist.gov/vuln/detail/CVE-2021-28972
CVE-2023-37194A vulnerability has been identified in SIMATIC CP 1604 (All versions), SIMATIC CP 1616 (All versions), SIMATIC CP 1623 (All versions), SIMATIC CP 1626 (All versions), SIMATIC CP 1628 (All versions). The kernel memory of affected devices is exposed to user-mode via direct memory access (DMA) which could allow a local attacker with administrative privileges to execute arbitrary code on the host system without any restrictions.6.7https://nvd.nist.gov/vuln/detail/CVE-2023-37194
CVE-2023-20109A vulnerability in the Cisco Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute arbitrary code on an affected device or cause the device to crash. This vulnerability is due to insufficient validation of attributes in the Group Domain of Interpretation (GDOI) and G-IKEv2 protocols of the GET VPN feature. An attacker could exploit this vulnerability by either compromising an installed key server or modifying the configuration of a group member to point to a key server that is controlled by the attacker. A successful exploit could allow the attacker to execute arbitrary code and gain full control of the affected system or cause the affected system to reload, resulting in a denial of service (DoS) condition. For more information, see the Details ["#details"] section of this advisory.6.6https://nvd.nist.gov/vuln/detail/CVE-2023-20109
CVE-2023-38640A vulnerability has been identified in SICAM PAS/PQS (All versions >= V8.00 < V8.22). The affected application is installed with specific files and folders with insecure permissions. This could allow an authenticated local attacker to read and modify configuration data in the context of the application process.6.6https://nvd.nist.gov/vuln/detail/CVE-2023-38640
CVE-2020-11017In FreeRDP less than or equal to 2.0.0, by providing manipulated input a malicious client can create a double free condition and crash the server. This is fixed in version 2.1.0.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-11017
CVE-2020-11018In FreeRDP less than or equal to 2.0.0, a possible resource exhaustion vulnerability can be performed. Malicious clients could trigger out of bound reads causing memory allocation with random size. This has been fixed in 2.1.0.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-11018
CVE-2020-11019In FreeRDP less than or equal to 2.0.0, when running with logger set to "WLOG_TRACE", a possible crash of application could occur due to a read of an invalid array index. Data could be printed as string to local terminal. This has been fixed in 2.1.0.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-11019
CVE-2020-11096In FreeRDP before version 2.1.2, there is a global OOB read in update_read_cache_bitmap_v3_order. As a workaround, one can disable bitmap cache with -bitmap-cache (default). This is fixed in version 2.1.2.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-11096
CVE-2020-11098In FreeRDP before version 2.1.2, there is an out-of-bound read in glyph_cache_put. This affects all FreeRDP clients with `+glyph-cache` option enabled This is fixed in version 2.1.2.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-11098
CVE-2020-11099In FreeRDP before version 2.1.2, there is an out of bounds read in license_read_new_or_upgrade_license_packet. A manipulated license packet can lead to out of bound reads to an internal buffer. This is fixed in version 2.1.2.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-11099
CVE-2020-4030In FreeRDP before version 2.1.2, there is an out of bounds read in TrioParse. Logging might bypass string length checks due to an integer overflow. This is fixed in version 2.1.2.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-4030
CVE-2020-4033In FreeRDP before version 2.1.2, there is an out of bounds read in RLEDECOMPRESS. All FreeRDP based clients with sessions with color depth < 32 are affected. This is fixed in version 2.1.2.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-4033
CVE-2020-26137urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-26137
CVE-2021-1304Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information that they are not authorized to access. For more information about these vulnerabilities, see the Details section of this advisory.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-1304
CVE-2022-25187Jenkins Support Core Plugin 2.79 and earlier does not redact some sensitive information in the support bundle.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-25187
CVE-2022-27211A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-27211
CVE-2022-46144A vulnerability has been identified in SCALANCE SC622-2C (All versions < V2.3), SCALANCE SC622-2C (All versions >= V2.3 < V3.0), SCALANCE SC626-2C (All versions < V2.3), SCALANCE SC626-2C (All versions >= V2.3 < V3.0), SCALANCE SC632-2C (All versions < V2.3), SCALANCE SC632-2C (All versions >= V2.3 < V3.0), SCALANCE SC636-2C (All versions < V2.3), SCALANCE SC636-2C (All versions >= V2.3 < V3.0), SCALANCE SC642-2C (All versions < V2.3), SCALANCE SC642-2C (All versions >= V2.3 < V3.0), SCALANCE SC646-2C (All versions < V2.3), SCALANCE SC646-2C (All versions >= V2.3 < V3.0). Affected devices do not properly process CLI commands after a user forcefully quitted the SSH connection. This could allow an authenticated attacker to make the CLI via SSH or serial interface irresponsive.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-46144
CVE-2022-3437A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack.6.5https://nvd.nist.gov/vuln/detail/CVE-2022-3437
CVE-2023-22283On versions beginning in 7.1.5 to before 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client for Windows. User interaction and administrative privileges are required to exploit this vulnerability because the victim user needs to run the executable on the system and the attacker requires administrative privileges for modifying the files in the trusted search path. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 6.5https://nvd.nist.gov/vuln/detail/CVE-2023-22283
CVE-2023-2307Cross-Site Request Forgery (CSRF) in GitHub repository builderio/qwik prior to 0.104.0. 6.5https://nvd.nist.gov/vuln/detail/CVE-2023-2307
CVE-2023-26782An issue discovered in mccms 2.6.1 allows remote attackers to cause a denial of service via Backend management interface ->System Configuration->Cache Configuration->Cache security characters.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-26782
CVE-2023-31147c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom() are unavailable, c-ares uses rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand() so will generate predictable output. Input from the random number generator is fed into a non-compilant RC4 implementation and may not be as strong as the original RC4 implementation. No attempt is made to look for modern OS-provided CSPRNGs like arc4random() that is widely available. This issue has been fixed in version 1.19.1.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-31147
CVE-2023-3932An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-3932
CVE-2023-3180A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of `src_len` and `dst_len` in virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the two values differ.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-3180
CVE-2023-38999A Cross-Site Request Forgery (CSRF) in the System Halt API (/system/halt) of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to cause a Denial of Service (DoS) via a crafted GET request.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-38999
CVE-2020-19185Buffer Overflow vulnerability in one_one_mapping function in progs/dump_entry.c:1373 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-19185
CVE-2020-19186Buffer Overflow vulnerability in _nc_find_entry function in tinfo/comp_hash.c:66 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-19186
CVE-2020-19187Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1100 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-19187
CVE-2020-19188Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1116 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-19188
CVE-2020-19189Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-19189
CVE-2020-19190Buffer Overflow vulnerability in _nc_find_entry in tinfo/comp_hash.c:70 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command.6.5https://nvd.nist.gov/vuln/detail/CVE-2020-19190
CVE-2021-40266FreeImage before 1.18.0, ReadPalette function in PluginTIFF.cpp is vulnerabile to null pointer dereference.6.5https://nvd.nist.gov/vuln/detail/CVE-2021-40266
CVE-2023-4527A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-4527
CVE-2023-5169A compromised content process could have provided malicious data in a `PathRecording` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-5169
CVE-2023-5171During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-5171
CVE-2023-20202A vulnerability in the Wireless Network Control daemon (wncd) of Cisco IOS XE Software for Wireless LAN Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper memory management. An attacker could exploit this vulnerability by sending a series of network requests to an affected device. A successful exploit could allow the attacker to cause the wncd process to consume available memory and eventually cause the device to reload, resulting in a DoS condition.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-20202
CVE-2023-42822xrdp is an open source remote desktop protocol server. Access to the font glyphs in xrdp_painter.c is not bounds-checked . Since some of this data is controllable by the user, this can result in an out-of-bounds read within the xrdp executable. The vulnerability allows an out-of-bounds read within a potentially privileged process. On non-Debian platforms, xrdp tends to run as root. Potentially an out-of-bounds write can follow the out-of-bounds read. There is no denial-of-service impact, providing xrdp is running in forking mode. This issue has been addressed in release 0.9.23.1. Users are advised to upgrade. There are no known workarounds for this vulnerability.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-42822
CVE-2023-3024Forcing the Bluetooth LE stack to segment 'prepare write response' packets can lead to an out-of-bounds memory access.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-3024
CVE-2023-5324A vulnerability has been found in eeroOS up to 6.16.4-11 and classified as critical. This vulnerability affects unknown code of the component Ethernet Interface. The manipulation leads to denial of service. The attack needs to be approached within the local network. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-241024.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-5324
CVE-2023-5327A vulnerability was found in SATO CL4NX-J Plus 1.13.2-u455_r2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /rest/dir/. The manipulation of the argument full leads to path traversal. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-241028.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-5327
CVE-2023-43836There is a SQL injection vulnerability in the Jizhicms 2.4.9 backend, which users can use to obtain database information6.5https://nvd.nist.gov/vuln/detail/CVE-2023-43836
CVE-2023-4099The QSige Monitor application does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so. As a prerequisite, it is necessary to log into the application.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-4099
CVE-2023-4101The QSige login SSO does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so. As a prerequisite, it is necessary to log into the application.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-4101
CVE-2023-32791Cross-Site Request Forgery (CSRF) vulnerability in NXLog Manager 5.6.5633 version. This vulnerability allows an attacker to manipulate and delete user accounts within the platform by sending a specifically crafted query to the server. The vulnerability is based on the lack of proper validation of the origin of incoming requests.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-32791
CVE-2023-32792Cross-Site Request Forgery (CSRF) vulnerability in NXLog Manager 5.6.5633 version. This vulnerability allows an attacker to eliminate roles within the platform by sending a specifically crafted query to the server. The vulnerability is based on the absence of proper validation of the origin of incoming requests.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-32792
CVE-2023-39159Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Fraud Prevention For Woocommerce plugin <= 2.1.5 versions.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-39159
CVE-2023-40009Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Pipes plugin <= 1.4.0 versions.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-40009
CVE-2023-40198Cross-Site Request Forgery (CSRF) vulnerability in Antsanchez Easy Cookie Law plugin <= 3.1 versions.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-40198
CVE-2023-40212Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Product Attachment for WooCommerce plugin <= 2.1.8 versions.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-40212
CVE-2023-42508JFrog Artifactory prior to version 7.66.0 is vulnerable to specific endpoint abuse with a specially crafted payload, which can lead to unauthenticated users being able to send emails with manipulated email body.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-42508
CVE-2023-5353Improper Access Control in GitHub repository salesagility/suitecrm prior to 7.14.1.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-5353
CVE-2023-2544Authorization bypass vulnerability in UPV PEIX, affecting the component "pdf_curri_new.php". Through a POST request, an authenticated user could change the ID parameter to retrieve all the stored information of other registered users.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-2544
CVE-2023-39158Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Banner Management For WooCommerce plugin <= 2.4.2 versions.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-39158
CVE-2023-5368On an msdosfs filesystem, the 'truncate' or 'ftruncate' system calls under certain circumstances populate the additional space in the file with unallocated data from the underlying disk device, rather than zero bytes. This may permit a user with write access to files on a msdosfs filesystem to read unintended data (e.g. from a previously deleted file).6.5https://nvd.nist.gov/vuln/detail/CVE-2023-5368
CVE-2023-40376IBM UrbanCode Deploy (UCD) 7.1 - 7.1.2.12, 7.2 through 7.2.3.5, and 7.3 through 7.3.2.0 under certain configurations could allow an authenticated user to make changes to environment variables due to improper authentication controls. IBM X-Force ID: 263581.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-40376
CVE-2023-5371RTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and 3.6.0 to 3.6.16 allows denial of service via packet injection or crafted capture file6.5https://nvd.nist.gov/vuln/detail/CVE-2023-5371
CVE-2023-43793Misskey is an open source, decentralized social media platform. Prior to version 2023.9.0, by editing the URL, a user can bypass the authentication of the Bull dashboard, which is the job queue management UI, and access it. Version 2023.9.0 contains a fix. There are no known workarounds.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-43793
CVE-2023-43070Dell SmartFabric Storage Software v1.4 (and earlier) contains a Path Traversal Vulnerability in the HTTP interface. A remote authenticated attacker could potentially exploit this vulnerability, leading to modify or write arbitrary files to arbitrary locations in the license container. 6.5https://nvd.nist.gov/vuln/detail/CVE-2023-43070
CVE-2023-43073Dell SmartFabric Storage Software v1.4 (and earlier) contains an Improper Input Validation vulnerability in RADIUS configuration. An authenticated remote attacker could potentially exploit this vulnerability, leading to gaining unauthorized access to data. 6.5https://nvd.nist.gov/vuln/detail/CVE-2023-43073
CVE-2023-40745LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-40745
CVE-2023-41175A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow.6.5https://nvd.nist.gov/vuln/detail/CVE-2023-41175
CVE-2023-23365A path traversal vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow authenticated users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following version: Music Station 5.3.22 and later 6.5https://nvd.nist.gov/vuln/detail/CVE-2023-23365
CVE-2023-23366A path traversal vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow authenticated users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following version: Music Station 5.3.22 and later 6.5https://nvd.nist.gov/vuln/detail/CVE-2023-23366
CVE-2023-29348Windows Remote Desktop Gateway (RD Gateway) Information Disclosure Vulnerability6.5https://nvd.nist.gov/vuln/detail/CVE-2023-29348
CVE-2023-36429Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability6.5https://nvd.nist.gov/vuln/detail/CVE-2023-36429
CVE-2023-36433Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability6.5https://nvd.nist.gov/vuln/detail/CVE-2023-36433
CVE-2023-36563Microsoft WordPad Information Disclosure Vulnerability6.5https://nvd.nist.gov/vuln/detail/CVE-2023-36563
CVE-2023-36564Windows Search Security Feature Bypass Vulnerability6.5https://nvd.nist.gov/vuln/detail/CVE-2023-36564
CVE-2023-36566Microsoft Common Data Model SDK Denial of Service Vulnerability6.5https://nvd.nist.gov/vuln/detail/CVE-2023-36566
CVE-2023-36596Remote Procedure Call Information Disclosure Vulnerability6.5https://nvd.nist.gov/vuln/detail/CVE-2023-36596
CVE-2023-36706Windows Deployment Services Information Disclosure Vulnerability6.5https://nvd.nist.gov/vuln/detail/CVE-2023-36706
CVE-2023-36707Windows Deployment Services Denial of Service Vulnerability6.5https://nvd.nist.gov/vuln/detail/CVE-2023-36707
CVE-2023-36717Windows Virtual Trusted Platform Module Denial of Service Vulnerability6.5https://nvd.nist.gov/vuln/detail/CVE-2023-36717
CVE-2023-31130c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed in 1.19.1. 6.4https://nvd.nist.gov/vuln/detail/CVE-2023-31130
CVE-2023-5467The GEO my WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.6.4https://nvd.nist.gov/vuln/detail/CVE-2023-5467
CVE-2023-5468The Slick Contact Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'dcscf-link' shortcode in versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.6.4https://nvd.nist.gov/vuln/detail/CVE-2023-5468
CVE-2023-4380A logic flaw exists in Ansible. Whenever a private project is created with incorrect credentials, they are logged in plaintext. This flaw allows an attacker to retrieve the credentials from the log, resulting in the loss of confidentiality, integrity, and availability.6.3https://nvd.nist.gov/vuln/detail/CVE-2023-4380
CVE-2019-11236In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.6.1https://nvd.nist.gov/vuln/detail/CVE-2019-11236
CVE-2020-6215SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, allows an attacker to redirect users to a malicious site due to insufficient URL validation and steal credentials of the victim, leading to URL Redirection vulnerability.6.1https://nvd.nist.gov/vuln/detail/CVE-2020-6215
CVE-2022-25321An issue was discovered in Cerebrate through 1.4. XSS could occur in the bookmarks component.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-25321
CVE-2023-0028Cross-site Scripting (XSS) - Stored in GitHub repository linagora/twake prior to 2023.Q1.1200+. 6.1https://nvd.nist.gov/vuln/detail/CVE-2023-0028
CVE-2023-0748Open Redirect in GitHub repository btcpayserver/btcpayserver prior to 1.7.6. 6.1https://nvd.nist.gov/vuln/detail/CVE-2023-0748
CVE-2023-28439CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered affecting Iframe Dialog and Media Embed packages. The vulnerability may trigger a JavaScript code after fulfilling special conditions: using one of the affected packages on a web page with missing proper Content Security Policy configuration; initializing the editor on an element and using an element other than `<textarea>` as a base; and destroying the editor instance. This vulnerability might affect a small percentage of integrators that depend on dynamic editor initialization/destroy mechanism. A fix is available in CKEditor4 version 4.21.0. In some rare cases, a security fix may be considered a breaking change. Starting from version 4.21.0, the Iframe Dialog plugin applies the `sandbox` attribute by default, which restricts JavaScript code execution in the iframe element. To change this behavior, configure the `config.iframe_attributes` option. Also starting from version 4.21.0, the Media Embed plugin regenerates the entire content of the embed widget by default. To change this behavior, configure the `config.embed_keepOriginalContent` option. Those who choose to enable either of the more permissive options or who cannot upgrade to a patched version should properly configure Content Security Policy to avoid any potential security issues that may arise from embedding iframe elements on their web page.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-28439
CVE-2023-1857A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/?page=product/manage_product&id=2. The manipulation of the argument Product Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224996.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-1857
CVE-2023-1961A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/?page=system_info. The manipulation of the argument System Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225348.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-1961
CVE-2023-2657A vulnerability classified as problematic was found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this vulnerability is an unknown functionality of the file products.php. The manipulation of the argument search leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228799.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-2657
CVE-2023-34666Cross-site scripting (XSS) vulnerability in Phpgurukul Cyber Cafe Management System 1.0 allows remote attackers to inject arbitrary web script or HTML via the admin username parameter.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-34666
CVE-2023-38998An open redirect in the Login page of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to redirect a victim user to an arbitrary web site via a crafted URL.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-38998
CVE-2023-39000A reflected cross-site scripting (XSS) vulnerability in the component /ui/diagnostics/log/core/ of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to inject arbitrary JavaScript via the URL path.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-39000
CVE-2023-39002A cross-site scripting (XSS) vulnerability in the act parameter of system_certmanager.php in OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-39002
CVE-2023-5084Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.8.8. 6.1https://nvd.nist.gov/vuln/detail/CVE-2023-5084
CVE-2023-44043A reflected cross-site scripting (XSS) vulnerability in /install/index.php of Black Cat CMS 1.4.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website title parameter.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-44043
CVE-2023-41856Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ClickToTweet.Com Click To Tweet plugin <= 2.0.14 versions.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-41856
CVE-2023-44244Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FooPlugins FooGallery plugin <= 2.2.44 versions.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-44244
CVE-2023-44474Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in MD Jakir Hosen Tiger Forms – Drag and Drop Form Builder plugin <= 2.0.0 versions.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-44474
CVE-2023-44144Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Dreamfox Payment gateway per Product for WooCommerce plugin <= 3.2.7 versions.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-44144
CVE-2023-44245Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Leap Contractor Contact Form Website to Workflow Tool plugin <= 4.0.0 versions.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-44245
CVE-2023-44012Cross Site Scripting vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the helpkey parameter in the Help.aspx component.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-44012
CVE-2023-0828Cross-site Scripting (XSS) vulnerability in Syslog Section of Pandora FMS allows attacker to cause that users cookie value will be transferred to the attackers users server. This issue affects Pandora FMS v767 version and prior versions on all platforms.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-0828
CVE-2023-32790Cross-Site Scripting (XSS) vulnerability in NXLog Manager 5.6.5633 version. This vulnerability allows an attacker to inject a malicious JavaScript payload into the 'Full Name' field during a user edit, due to improper sanitization of the input parameter.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-32790
CVE-2023-40519A cross-site scripting (XSS) vulnerability in the bpk-common/auth/login/index.html login portal in Broadpeak Centralized Accounts Management Auth Agent 01.01.00.19219575_ee9195b0, 01.01.01.30097902_fd999e76, and 00.12.01.9565588_1254b459 allows remote attackers to inject arbitrary web script or HTML via the disconnectMessage parameter.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-40519
CVE-2023-5375Open Redirect in GitHub repository mosparo/mosparo prior to 1.0.2.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-5375
CVE-2023-4090Cross-site Scripting (XSS) reflected vulnerability on WideStand until 5.3.5 version, which generates one of the meta tags directly using the content of the queried URL, which would allow an attacker to inject HTML/Javascript code into the response.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-4090
CVE-2023-4492Vulnerability in Easy Address Book Web Server 1.6 version, affecting the parameters (firstname, homephone, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate and workzip) of the /addrbook.ghp file, allowing an attacker to inject a JavaScript payload specially designed to run when the application is loaded6.1https://nvd.nist.gov/vuln/detail/CVE-2023-4492
CVE-2023-4495Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability stored via /registresult.htm (POST method), in the Resume parameter. The XSS is loaded from /register.ghp.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-4495
CVE-2023-4496Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability stored via /body2.ghp (POST method), in the mtowho parameter.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-4496
CVE-2023-4497Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability stored via /registresult.htm (POST method), in the Icon parameter. The XSS is loaded from /users.ghp.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-4497
CVE-2022-36277The 'sReferencia', 'sDescripcion', 'txtCodigo' and 'txtDescripcion' parameters, in the frmGestionStock.aspx and frmEditServicio.aspx files in TCMAN GIM v8.0.1, could allow an attacker to perform persistent XSS attacks.6.1https://nvd.nist.gov/vuln/detail/CVE-2022-36277
CVE-2023-27121A cross-site scripting (XSS) vulnerability in the component /framework/cron/action/humanize of Pleasant Solutions Pleasant Password Server v7.11.41.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cronString parameter.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-27121
CVE-2023-42808Common Voice is the web app for Mozilla Common Voice, a platform for collecting speech donations in order to create public domain datasets for training voice recognition-related tools. Version 1.88.2 is vulnerable to reflected Cross-Site Scripting given that user-controlled data flows to a path expression (path of a network request). This issue may lead to reflected Cross-Site Scripting (XSS) in the context of Common Voice’s server origin. As of time of publication, it is unknown whether any patches or workarounds exist.6.1https://nvd.nist.gov/vuln/detail/CVE-2023-42808
CVE-2023-36416Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability6.1https://nvd.nist.gov/vuln/detail/CVE-2023-36416
CVE-2023-0330A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free.6https://nvd.nist.gov/vuln/detail/CVE-2023-0330
CVE-2020-11042In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of-bounds read in update_read_icon_info. It allows reading a attacker-defined amount of client memory (32bit unsigned -> 4GB) to an intermediate buffer. This can be used to crash the client or store information for later retrieval. This has been patched in 2.0.0.5.9https://nvd.nist.gov/vuln/detail/CVE-2020-11042
CVE-2020-11047In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bounds read in autodetect_recv_bandwidth_measure_results. A malicious server can extract up to 8 bytes of client memory with a manipulated message by providing a short input and reading the measurement result data. This has been patched in 2.0.0.5.9https://nvd.nist.gov/vuln/detail/CVE-2020-11047
CVE-2023-32570VideoLAN dav1d before 1.2.0 has a thread_task.c race condition that can lead to an application crash, related to dav1d_decode_frame_exit.5.9https://nvd.nist.gov/vuln/detail/CVE-2023-32570
CVE-2023-4813A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.5.9https://nvd.nist.gov/vuln/detail/CVE-2023-4813
CVE-2023-4806A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.5.9https://nvd.nist.gov/vuln/detail/CVE-2023-4806
CVE-2023-4885Man in the Middle vulnerability, which could allow an attacker to intercept VNF (Virtual Network Function) communications resulting in the exposure of sensitive information.5.9https://nvd.nist.gov/vuln/detail/CVE-2023-4885
CVE-2022-4132A flaw was found in JSS. A memory leak in JSS requires non-standard configuration but is a low-effort DoS vector if configured that way (repeatedly hitting the login page).5.9https://nvd.nist.gov/vuln/detail/CVE-2022-4132
CVE-2023-5257A vulnerability was found in WhiteHSBG JNDIExploit 1.4 on Windows. It has been rated as problematic. Affected by this issue is the function handleFileRequest of the file src/main/java/com/feihong/ldap/HTTPServer.java. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. VDB-240866 is the identifier assigned to this vulnerability.5.7https://nvd.nist.gov/vuln/detail/CVE-2023-5257
CVE-2023-43627Path traversal vulnerability in ACERA 1320 firmware ver.01.26 and earlier, and ACERA 1310 firmware ver.01.26 and earlier allows a network-adjacent authenticated attacker to alter critical information such as system files by sending a specially crafted request. They are affected when running in ST(Standalone) mode.5.7https://nvd.nist.gov/vuln/detail/CVE-2023-43627
CVE-2023-38537A race condition in a network transport subsystem led to a heap use-after-free issue in established or unsilenced incoming audio/video calls that could have resulted in app termination or unexpected control flow with very low probability.5.6https://nvd.nist.gov/vuln/detail/CVE-2023-38537
CVE-2019-6293An issue was discovered in the function mark_beginning_as_normal in nfa.c in flex 2.6.4. There is a stack exhaustion problem caused by the mark_beginning_as_normal function making recursive calls to itself in certain scenarios involving lots of '*' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service.5.5https://nvd.nist.gov/vuln/detail/CVE-2019-6293
CVE-2020-13397An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in security_fips_decrypt in libfreerdp/core/security.c due to an uninitialized value.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-13397
CVE-2020-11089In FreeRDP before 2.1.0, there is an out-of-bound read in irp functions (parallel_process_irp_create, serial_process_irp_create, drive_process_irp_write, printer_process_irp_write, rdpei_recv_pdu, serial_process_irp_write). This has been fixed in 2.1.0.5.5https://nvd.nist.gov/vuln/detail/CVE-2020-11089
CVE-2023-21898Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.42 and prior to 7.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. Note: Applies to VirtualBox VMs running Windows 7 and later. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).5.5https://nvd.nist.gov/vuln/detail/CVE-2023-21898
CVE-2023-21899Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.42 and prior to 7.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. Note: Applies to VirtualBox VMs running Windows 7 and later. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).5.5https://nvd.nist.gov/vuln/detail/CVE-2023-21899
CVE-2023-20588A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. 5.5https://nvd.nist.gov/vuln/detail/CVE-2023-20588
CVE-2022-35205An issue was discovered in Binutils readelf 2.38.50, reachable assertion failure in function display_debug_names allows attackers to cause a denial of service.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-35205
CVE-2022-48063GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function load_separate_debug_files at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-48063
CVE-2022-48064GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-48064
CVE-2022-48065GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-48065
CVE-2023-43782Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/.cadence-aloop-daemon.x Temporary File. The file is used even if it has been created by a local adversary before Cadence started. The adversary can then delete the file, disrupting Cadence.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-43782
CVE-2023-23495A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-23495
CVE-2023-32361The issue was addressed with improved handling of caches. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access user-sensitive data.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-32361
CVE-2023-32421A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14. An app may be able to observe unprotected user data.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-32421
CVE-2023-41078An authorization issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14. An app may be able to bypass certain Privacy preferences.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-41078
CVE-2023-41079The issue was addressed with improved permissions logic. This issue is fixed in macOS Sonoma 14. An app may be able to bypass Privacy preferences.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-41079
CVE-2023-41232An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.7, iOS 17 and iPadOS 17, macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. An app may be able to disclose kernel memory.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-41232
CVE-2023-41968This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read arbitrary files.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-41968
CVE-2023-41980A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to bypass Privacy preferences.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-41980
CVE-2023-41986The issue was addressed with improved checks. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to modify protected parts of the file system.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-41986
CVE-2023-41996The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6. Apps that fail verification checks may still launch.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-41996
CVE-2023-4211A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory. 5.5https://nvd.nist.gov/vuln/detail/CVE-2023-4211
CVE-2023-3335Insertion of Sensitive Information into Log File vulnerability in Hitachi Ops Center Administrator on Linux allows local users to gain sensive information.This issue affects Hitachi Ops Center Administrator: before 10.9.3-00. 5.5https://nvd.nist.gov/vuln/detail/CVE-2023-3335
CVE-2023-28571Information disclosure in WLAN HOST while processing the WLAN scan descriptor list during roaming scan.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-28571
CVE-2023-43898Nothings stb 2.28 was discovered to contain a Null Pointer Dereference via the function stbi__convert_format. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted pic file.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-43898
CVE-2023-30734Improper access control vulnerability in Samsung Health prior to version 6.24.3.007 allows attackers to access sensitive information via implicit intent.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-30734
CVE-2023-30737Improper access control vulnerability in Samsung Health prior to version 6.24.3.007 allows attackers to access sensitive information via implicit intent.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-30737
CVE-2023-5370On CPU 0 the check for the SMCCC workaround is called before SMCCC support has been initialized. This resulted in no speculative execution workarounds being installed on CPU 0.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-5370
CVE-2023-4037Blind SQL injection vulnerability in the Conacwin 3.7.1.2 web interface, the exploitation of which could allow a local attacker to obtain sensitive data stored in the database by sending a specially crafted SQL query to the xml parameter.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-4037
CVE-2023-3428A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageMagick. This issue may allow a local attacker to trick the user into opening a specially crafted file, resulting in an application crash and denial of service.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-3428
CVE-2023-3576A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denial of service.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-3576
CVE-2023-44210Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 29258.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-44210
CVE-2023-44213Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Agent (Windows) before build 35739.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-44213
CVE-2023-44214Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-44214
CVE-2023-45240Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-45240
CVE-2023-45241Sensitive information leak through log files. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-45241
CVE-2023-45242Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-45242
CVE-2023-45243Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-45243
CVE-2023-45245Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 36119.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-45245
CVE-2022-34355IBM Jazz Foundation (IBM Engineering Lifecycle Management 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2) could disclose sensitive version information to a user that could be used in further attacks against the system. IBM X-Force ID: 230498.5.5https://nvd.nist.gov/vuln/detail/CVE-2022-34355
CVE-2023-41253When on BIG-IP DNS or BIG-IP LTM enabled with DNS Services License, and a TSIG key is created, it is logged in plaintext in the audit log. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-41253
CVE-2023-43485When TACACS+ audit forwarding is configured on BIG-IP or BIG-IQ system, sharedsecret is logged in plaintext in the audit log. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.5.5https://nvd.nist.gov/vuln/detail/CVE-2023-43485
CVE-2023-36576Windows Kernel Information Disclosure Vulnerability5.5https://nvd.nist.gov/vuln/detail/CVE-2023-36576
CVE-2023-36713Windows Common Log File System Driver Information Disclosure Vulnerability5.5https://nvd.nist.gov/vuln/detail/CVE-2023-36713
CVE-2023-36724Windows Power Management Service Information Disclosure Vulnerability5.5https://nvd.nist.gov/vuln/detail/CVE-2023-36724
CVE-2023-36728Microsoft SQL Server Denial of Service Vulnerability5.5https://nvd.nist.gov/vuln/detail/CVE-2023-36728
CVE-2019-14870All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of clients to be opted out of constrained delegation in any way, either S4U2Self or regular Kerberos authentication, by forcing all tickets for these clients to be non-forwardable. In AD this is implemented by a user attribute delegation_not_allowed (aka not-delegated), which translates to disallow-forwardable. However the Samba AD DC does not do that for S4U2Self and does set the forwardable flag even if the impersonated client has the not-delegated flag set.5.4https://nvd.nist.gov/vuln/detail/CVE-2019-14870
CVE-2020-11038In FreeRDP less than or equal to 2.0.0, an Integer Overflow to Buffer Overflow exists. When using /video redirection, a manipulated server can instruct the client to allocate a buffer with a smaller size than requested due to an integer overflow in size calculation. With later messages, the server can manipulate the client to write data out of bound to the previously allocated buffer. This has been patched in 2.1.0.5.4https://nvd.nist.gov/vuln/detail/CVE-2020-11038
CVE-2020-11086In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_ntlm_v2_client_challenge that reads up to 28 bytes out-of-bound to an internal structure. This has been fixed in 2.1.0.5.4https://nvd.nist.gov/vuln/detail/CVE-2020-11086
CVE-2020-11087In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_AuthenticateMessage. This has been fixed in 2.1.0.5.4https://nvd.nist.gov/vuln/detail/CVE-2020-11087
CVE-2020-11088In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_NegotiateMessage. This has been fixed in 2.1.0.5.4https://nvd.nist.gov/vuln/detail/CVE-2020-11088
CVE-2020-11095In FreeRDP before version 2.1.2, an out of bound reads occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. This is fixed in version 2.1.2.5.4https://nvd.nist.gov/vuln/detail/CVE-2020-11095
CVE-2020-11097In FreeRDP before version 2.1.2, an out of bounds read occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. This is fixed in version 2.1.2.5.4https://nvd.nist.gov/vuln/detail/CVE-2020-11097
CVE-2022-29529An issue was discovered in MISP before 2.4.158. There is stored XSS via the LinOTP login field.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-29529
CVE-2022-29530An issue was discovered in MISP before 2.4.158. There is stored XSS in the galaxy clusters.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-29530
CVE-2022-29531An issue was discovered in MISP before 2.4.158. There is stored XSS in the event graph via a tag name.5.4https://nvd.nist.gov/vuln/detail/CVE-2022-29531
CVE-2023-0747Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.6. 5.4https://nvd.nist.gov/vuln/detail/CVE-2023-0747
CVE-2023-0879Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.12. 5.4https://nvd.nist.gov/vuln/detail/CVE-2023-0879
CVE-2023-39006The Crash Reporter (crash_reporter.php) component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 mishandles input sanitization.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-39006
CVE-2023-40577Alertmanager handles alerts sent by client applications such as the Prometheus server. An attacker with the permission to perform POST requests on the /api/v1/alerts endpoint could be able to execute arbitrary JavaScript code on the users of Prometheus Alertmanager. This issue has been fixed in Alertmanager version 0.2.51.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-40577
CVE-2023-20179A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to inject HTML content. This vulnerability is due to improper validation of user-supplied data in element fields. An attacker could exploit this vulnerability by submitting malicious content within requests and persuading a user to view a page that contains injected content. A successful exploit could allow the attacker to modify pages within the web-based management interface, possibly leading to further browser-based attacks against users of the application.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-20179
CVE-2023-43871A File upload vulnerability in WBCE v.1.6.1 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS).5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43871
CVE-2023-43702Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "tracking_number" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43702
CVE-2023-43703Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "product_info[][name]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43703
CVE-2023-43704Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "title" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43704
CVE-2023-43705Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "translation_value[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43705
CVE-2023-43706Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "email_templates_key" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43706
CVE-2023-43707Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "CatalogsPageDescriptionForm[1][name] " parameter, potentially leading to unauthorized execution of scripts within a user's web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43707
CVE-2023-43708Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "configuration_title[1](MODULE_PAYMENT_SAGE_PAY_SERVER_TEXT_TITLE)" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43708
CVE-2023-43709Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "configuration_title[1](MODULE)" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43709
CVE-2023-43710Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "configuration_title[1][MODULE_SHIPPING_PERCENT_TEXT_TITLE]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43710
CVE-2023-43711Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "admin_firstname" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43711
CVE-2023-43712Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "access_levels_name" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43712
CVE-2023-43713Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability, which allows attackers to inject JS via the "title" parameter, in the "/admin/admin-menu/add-submit" endpoint, which can lead to unauthorized execution of scripts in a user's web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43713
CVE-2023-43714Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "SKIP_CART_PAGE_TITLE[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43714
CVE-2023-43715Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "ENTRY_FIRST_NAME_MIN_LENGTH_TITLE[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43715
CVE-2023-43716Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "MAX_DISPLAY_NEW_PRODUCTS_TITLE[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43716
CVE-2023-43717Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "MSEARCH_HIGHLIGHT_ENABLE_TITLE[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43717
CVE-2023-43718Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "MSEARCH_ENABLE_TITLE[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43718
CVE-2023-43719Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "SHIPPING_GENDER_TITLE[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43719
CVE-2023-43720Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "BILLING_GENDER_TITLE[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43720
CVE-2023-43721Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "PACKING_SLIPS_SUMMARY_TITLE[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43721
CVE-2023-43722Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "orders_status_groups_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43722
CVE-2023-43723Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "orders_status_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43723
CVE-2023-43724Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "derb6zmklgtjuhh2cn5chn2qjbm2stgmfa4.oastify.comscription[1][name]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43724
CVE-2023-43725Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "orders_products_status_name_long[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43725
CVE-2023-43726Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "orders_products_status_manual_name_long[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43726
CVE-2023-43727Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "stock_indication_text[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43727
CVE-2023-43728Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "stock_delivery_terms_text[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43728
CVE-2023-43729Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "xsell_type_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43729
CVE-2023-43730Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "countries_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43730
CVE-2023-43731Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "zone_name" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43731
CVE-2023-43732Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "tax_class_title" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43732
CVE-2023-43733Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "company_address" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43733
CVE-2023-43734Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "name" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43734
CVE-2023-43735Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "formats_titles[7]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43735
CVE-2023-5111Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "featured_type_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-5111
CVE-2023-5112Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "specials_type_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-5112
CVE-2023-41847Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WEN Solutions Notice Bar plugin <= 3.1.0 versions.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-41847
CVE-2023-44145Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in jesweb.Dev Anchor Episodes Index (Spotify for Podcasters) plugin <= 2.1.7 versions.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-44145
CVE-2023-43267A cross-site scripting (XSS) vulnerability in the publish article function of emlog pro v2.1.14 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title field.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43267
CVE-2023-43297An issue in animal-art-lab v13.6.1 allows attackers to send crafted notifications via leakage of the channel access token.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43297
CVE-2023-39429Cross-site scripting vulnerability in FURUNO SYSTEMS wireless LAN access point devices allows an authenticated user to inject an arbitrary script via a crafted configuration. Affected products and versions are as follows: ACERA 1210 firmware ver.02.36 and earlier, ACERA 1150i firmware ver.01.35 and earlier, ACERA 1150w firmware ver.01.35 and earlier, ACERA 1110 firmware ver.01.76 and earlier, ACERA 1020 firmware ver.01.86 and earlier, ACERA 1010 firmware ver.01.86 and earlier, ACERA 950 firmware ver.01.60 and earlier, ACERA 850F firmware ver.01.60 and earlier, ACERA 900 firmware ver.02.54 and earlier, ACERA 850M firmware ver.02.06 and earlier, ACERA 810 firmware ver.03.74 and earlier, and ACERA 800ST firmware ver.07.35 and earlier. They are affected when running in ST(Standalone) mode.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-39429
CVE-2023-5334The WP Responsive header image slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'sp_responsiveslider' shortcode in versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-5334
CVE-2023-5351Cross-site Scripting (XSS) - Stored in GitHub repository salesagility/suitecrm prior to 7.14.1.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-5351
CVE-2023-32669Authorization bypass vulnerability in BuddyBoss 2.2.9 version, the exploitation of which could allow an authenticated user to access and rename other users' albums. This vulnerability can be exploited by changing the album identification (id).5.4https://nvd.nist.gov/vuln/detail/CVE-2023-32669
CVE-2023-32670Cross-Site Scripting vulnerability in BuddyBoss 2.2.9 version , which could allow a local attacker with basic privileges to execute a malicious payload through the "[name]=image.jpg" parameter, allowing to assign a persistent javascript payload that would be triggered when the associated image is loaded. 5.4https://nvd.nist.gov/vuln/detail/CVE-2023-32670
CVE-2023-43951SSCMS 7.2.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Column Management component.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43951
CVE-2023-43952SSCMS 7.2.2 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Material Management component.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43952
CVE-2023-43953SSCMS 7.2.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Content Management component.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43953
CVE-2023-35905IBM FileNet Content Manager 5.5.8, 5.5.10, and 5.5.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 259384.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-35905
CVE-2023-5291The Blog Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'AWL-BlogFilter' shortcode in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-5291
CVE-2023-5357The Instagram for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-5357
CVE-2023-30736Improper authorization in PushMsgReceiver of Samsung Assistant prior to version 8.7.00.1 allows attacker to execute javascript interface. To trigger this vulnerability, user interaction is required.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-30736
CVE-2023-44272A cross-site scripting vulnerability exists in Citadel versions prior to 994. When a malicious user sends an instant message with some JavaScript code, the script may be executed on the web browser of the victim user.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-44272
CVE-2023-4493Stored Cross-Site Scripting in Easy Address Book Web Server 1.6 version, through the users_admin.ghp file that affects multiple parameters such as (firstname, homephone, lastname, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate, workzip). This vulnerability allows a remote attacker to store a malicious JavaScript payload in the application to be executed when the page is loaded, resulting in an integrity impact.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-4493
CVE-2023-40684IBM Content Navigator 3.0.11, 3.0.13, and 3.0.14 with IBM Daeja ViewOne Virtual is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 264019.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-40684
CVE-2023-3971An HTML injection flaw was found in Controller in the user interface settings. This flaw allows an attacker to capture credentials by creating a custom login page by injecting HTML, resulting in a complete compromise.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-3971
CVE-2023-44075Cross Site Scripting vulnerability in Small CRM in PHP v.3.0 allows a remote attacker to execute arbitrary code via a crafted payload to the Address parameter.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-44075
CVE-2023-43071Dell SmartFabric Storage Software v1.4 (and earlier) contains possible vulnerabilities for HTML injection or CVS formula injection which might escalate to cross-site scripting attacks in HTML pages in the GUI. A remote authenticated attacker could potentially exploit these issues, leading to various injection type attacks. 5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43071
CVE-2023-43343Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Files - Description parameter in the Pages Menu component.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-43343
CVE-2023-44761Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS v.9.2.1 allow a local attacker to execute arbitrary code via a crafted script to the Forms of the Data objects.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-44761
CVE-2023-44762A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to the Tags from Settings - Tags.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-44762
CVE-2023-44764A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to the SITE parameter from installation or in the Settings.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-44764
CVE-2023-44765A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to Plural Handle of the Data Objects from System & Settings.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-44765
CVE-2023-44766A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to the SEO - Extra from Page Settings.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-44766
CVE-2023-44770A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows an attacker to execute arbitrary code via a crafted script to the Organizer - Spare alias.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-44770
CVE-2023-44771A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows a local attacker to execute arbitrary code via a crafted script to the Page Layout.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-44771
CVE-2023-5452Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.2.2.5.4https://nvd.nist.gov/vuln/detail/CVE-2023-5452
CVE-2023-36584Windows Mark of the Web Security Feature Bypass Vulnerability5.4https://nvd.nist.gov/vuln/detail/CVE-2023-36584
CVE-2019-5640Rapid7 Nexpose versions prior to 6.6.114 suffer from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the inspect element browser feature to remove the login panel and view the details available in the last webpage visited by previous user 5.3https://nvd.nist.gov/vuln/detail/CVE-2019-5640
CVE-2022-25319An issue was discovered in Cerebrate through 1.4. Endpoints could be open even when not enabled.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-25319
CVE-2022-39046An issue was discovered in the GNU C Library (glibc) 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-39046
CVE-2023-24594When an SSL profile is configured on a Virtual Server, undisclosed traffic can cause an increase in CPU or SSL accelerator resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-24594
CVE-2023-32675Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In contracts with more than one regular nonpayable function, it is possible to send funds to the default function, even if the default function is marked `nonpayable`. This applies to contracts compiled with vyper versions prior to 0.3.8. This issue was fixed by the removal of the global `calldatasize` check in commit `02339dfda`. Users are advised to upgrade to version 0.3.8. Users unable to upgrade should avoid use of nonpayable default functions.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-32675
CVE-2023-40217An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.)5.3https://nvd.nist.gov/vuln/detail/CVE-2023-40217
CVE-2023-44216PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification, aka a GPU.zip issue. For example, attackers can sometimes accurately determine text contained on a web page from one origin if they control a resource from a different origin.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-44216
CVE-2023-20251A vulnerability in the memory buffer of Cisco Wireless LAN Controller (WLC) AireOS Software could allow an unauthenticated, adjacent attacker to cause memory leaks that could eventually lead to a device reboot. This vulnerability is due to memory leaks caused by multiple clients connecting under specific conditions. An attacker could exploit this vulnerability by causing multiple wireless clients to attempt to connect to an access point (AP) on an affected device. A successful exploit could allow the attacker to cause the affected device to reboot after a significant amount of time, resulting in a denial of service (DoS) condition.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-20251
CVE-2023-44270An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being included in a comment.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-44270
CVE-2023-0809In Mosquitto before 2.0.16, excessive memory is allocated based on malicious initial packets that are not CONNECT packets.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-0809
CVE-2023-44463An issue was discovered in pretix before 2023.7.1. Incorrect parsing of configuration files causes the application to trust unchecked X-Forwarded-For headers even though it has not been configured to do so. This can lead to IP address spoofing by users of the application.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-44463
CVE-2023-3213The WP Mail SMTP Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the is_print_page function in versions up to, and including, 3.8.0. This makes it possible for unauthenticated attackers to disclose potentially sensitive email information.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-3213
CVE-2023-3153A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. This issue could allow an attacker to cause a denial of service, including on deployments with CoPP enabled and properly configured.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-3153
CVE-2022-43906IBM Security Guardium 11.5 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie. IBM X-Force ID: 240897.5.3https://nvd.nist.gov/vuln/detail/CVE-2022-43906
CVE-2023-4469The Profile Extra Fields by BestWebSoft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the prflxtrflds_export_file function in versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to expose potentially sensitive user data, including data entered into custom fields.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-4469
CVE-2023-43623A vulnerability has been identified in Mendix Forgot Password (Mendix 10 compatible) (All versions < V5.4.0), Mendix Forgot Password (Mendix 7 compatible) (All versions < V3.7.3), Mendix Forgot Password (Mendix 8 compatible) (All versions < V4.1.3), Mendix Forgot Password (Mendix 9 compatible) (All versions < V5.4.0). Applications using the affected module are vulnerable to user enumeration due to distinguishable responses. This could allow an unauthenticated remote attacker to determine if a user is valid or not, enabling a brute force attack with valid users.5.3https://nvd.nist.gov/vuln/detail/CVE-2023-43623
CVE-2023-41763Skype for Business Elevation of Privilege Vulnerability5.3https://nvd.nist.gov/vuln/detail/CVE-2023-41763
CVE-2023-38538A race condition in an event subsystem led to a heap use-after-free issue in established audio/video calls that could have resulted in app termination or unexpected control flow with very low probability.5https://nvd.nist.gov/vuln/detail/CVE-2023-38538
CVE-2023-32572A flaw exists in FlashArray Purity wherein under limited circumstances, an array administrator can alter the retention lock of a pgroup and disable pgroup SafeMode protection. 4.9https://nvd.nist.gov/vuln/detail/CVE-2023-32572
CVE-2022-29532An issue was discovered in MISP before 2.4.158. There is XSS in the cerebrate view if one administrator puts a javascript\: URL in the URL field, and another administrator clicks on it.4.8https://nvd.nist.gov/vuln/detail/CVE-2022-29532
CVE-2022-0598The Login with phone number WordPress plugin before 1.3.8 does not sanitise and escape plugin settings which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.4.8https://nvd.nist.gov/vuln/detail/CVE-2022-0598
CVE-2023-1988A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/?page=maintenance/brand. The manipulation of the argument Brand Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225536.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-1988
CVE-2023-41800Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in UniConsent UniConsent CMP for GDPR CPRA GPP TCF plugin <= 1.4.2 versions.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-41800
CVE-2023-41855Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Regpacks Regpack plugin <= 0.1 versions.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-41855
CVE-2023-41859Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ashok Rane Order Delivery Date for WP e-Commerce plugin <= 1.2 versions.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-41859
CVE-2023-44479Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jim Krill WP Jump Menu plugin <= 3.6.4 versions.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-44479
CVE-2023-44239Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jobin Jose WWM Social Share On Image Hover plugin <= 2.2 versions.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-44239
CVE-2023-44262Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Renzo Johnson Blocks plugin <= 1.6.41 versions.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-44262
CVE-2023-44263Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Riyaz Social Metrics plugin <= 2.2 versions.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-44263
CVE-2023-44228Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Onclick show popup plugin <= 8.1 versions.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-44228
CVE-2023-44230Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Popup contact form plugin <= 7.1 versions.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-44230
CVE-2023-3196This vulnerability could allow an attacker to store a malicious JavaScript payload in the login footer and login page description parameters within the administration panel.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-3196
CVE-2023-4564This vulnerability could allow an attacker to store a malicious JavaScript payload in the broadcast message parameter within the admin panel.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-4564
CVE-2023-44389Zope is an open-source web application server. The title property, available on most Zope objects, can be used to store script code that is executed while viewing the affected object in the Zope Management Interface (ZMI). All versions of Zope 4 and Zope 5 are affected. Patches will be released with Zope versions 4.8.11 and 5.8.6.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-44389
CVE-2023-43877Rite CMS 3.0 has Multiple Cross-Site scripting (XSS) vulnerabilities that allow attackers to execute arbitrary code via a payload crafted in the Home Page fields in the Administration menu.4.8https://nvd.nist.gov/vuln/detail/CVE-2023-43877
CVE-2023-41979A race condition was addressed with improved locking. This issue is fixed in macOS Sonoma 14. An app may be able to modify protected parts of the file system.4.7https://nvd.nist.gov/vuln/detail/CVE-2023-41979
CVE-2023-20268A vulnerability in the packet processing functionality of Cisco access point (AP) software could allow an unauthenticated, adjacent attacker to exhaust resources on an affected device. This vulnerability is due to insufficient management of resources when handling certain types of traffic. An attacker could exploit this vulnerability by sending a series of specific wireless packets to an affected device. A successful exploit could allow the attacker to consume resources on an affected device. A sustained attack could lead to the disruption of the Control and Provisioning of Wireless Access Points (CAPWAP) tunnel and intermittent loss of wireless client traffic.4.7https://nvd.nist.gov/vuln/detail/CVE-2023-20268
CVE-2023-42756A flaw was found in the Netfilter subsystem of the Linux kernel. A race condition between IPSET_CMD_ADD and IPSET_CMD_SWAP can lead to a kernel panic due to the invocation of `__ip_set_put` on a wrong `set`. This issue may allow a local user to crash the system.4.7https://nvd.nist.gov/vuln/detail/CVE-2023-42756
CVE-2023-33200A local non-privileged user can make improper GPU processing operations to exploit a software race condition. If the system’s memory is carefully prepared by the user, then this in turn could give them access to already freed memory. 4.7https://nvd.nist.gov/vuln/detail/CVE-2023-33200
CVE-2023-34970A local non-privileged user can make improper GPU processing operations to access a limited amount outside of buffer bounds or to exploit a software race condition. If the system’s memory is carefully prepared by the user, then this in turn could give them access to already freed memory 4.7https://nvd.nist.gov/vuln/detail/CVE-2023-34970
CVE-2023-4732A flaw was found in pfn_swap_entry_to_page in memory management subsystem in the Linux Kernel. In this flaw, an attacker with a local user privilege may cause a denial of service problem due to a BUG statement referencing pmd_t x.4.7https://nvd.nist.gov/vuln/detail/CVE-2023-4732
CVE-2023-44315A vulnerability has been identified in SINEC NMS (All versions < V2.0). The affected application improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could prepare a stored cross-site scripting (XSS) attack that may lead to unintentional modification of application data by legitimate users.4.7https://nvd.nist.gov/vuln/detail/CVE-2023-44315
CVE-2023-30731Logic error in package installation via debugger command prior to SMR Oct-2023 Release 1 allows physical attacker to install an application that has different build type.4.6https://nvd.nist.gov/vuln/detail/CVE-2023-30731
CVE-2021-1233A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information on an affected device. The vulnerability is due to insufficient input validation of requests that are sent to the iperf tool. An attacker could exploit this vulnerability by sending a crafted request to the iperf tool, which is included in Cisco SD-WAN Software. A successful exploit could allow the attacker to obtain any file from the filesystem of an affected device.4.4https://nvd.nist.gov/vuln/detail/CVE-2021-1233
CVE-2023-21884Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.42 and prior to 7.0.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).4.4https://nvd.nist.gov/vuln/detail/CVE-2023-21884
CVE-2023-41981The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations.4.4https://nvd.nist.gov/vuln/detail/CVE-2023-41981
CVE-2023-4886A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and truststore, were found to be world readable.4.4https://nvd.nist.gov/vuln/detail/CVE-2023-4886
CVE-2023-37195A vulnerability has been identified in SIMATIC CP 1604 (All versions), SIMATIC CP 1616 (All versions), SIMATIC CP 1623 (All versions), SIMATIC CP 1626 (All versions), SIMATIC CP 1628 (All versions). Affected devices insufficiently control continuous mapping of direct memory access (DMA) requests. This could allow local attackers with administrative privileges to cause a denial of service situation on the host. A physical power cycle is required to get the system working again.4.4https://nvd.nist.gov/vuln/detail/CVE-2023-37195
CVE-2023-39447When BIG-IP APM Guided Configurations are configured, undisclosed sensitive information may be logged in restnoded log. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 4.4https://nvd.nist.gov/vuln/detail/CVE-2023-39447
CVE-2023-45219Exposure of Sensitive Information vulnerability exist in an undisclosed BIG-IP TMOS shell (tmsh) command which may allow an authenticated attacker with resource administrator role privileges to view sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. 4.4https://nvd.nist.gov/vuln/detail/CVE-2023-45219
CVE-2023-36722Active Directory Domain Services Information Disclosure Vulnerability4.4https://nvd.nist.gov/vuln/detail/CVE-2023-36722
CVE-2020-4032In FreeRDP before version 2.1.2, there is an integer casting vulnerability in update_recv_secondary_order. All clients with +glyph-cache /relax-order-checks are affected. This is fixed in version 2.1.2.4.3https://nvd.nist.gov/vuln/detail/CVE-2020-4032
CVE-2022-41230Jenkins Build-Publisher Plugin 1.22 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain names and URLs of Jenkins servers that the plugin is configured to publish builds to, as well as builds pending for publication to those Jenkins servers.4.3https://nvd.nist.gov/vuln/detail/CVE-2022-41230
CVE-2023-28406A directory traversal vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which may allow an authenticated attacker to read files with .xml extension. Access to restricted information is limited and the attacker does not control what information is obtained. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-28406
CVE-2023-30534Cacti is an open source operational monitoring and fault management framework. There are two instances of insecure deserialization in Cacti version 1.2.24. While a viable gadget chain exists in Cacti’s vendor directory (phpseclib), the necessary gadgets are not included, making them inaccessible and the insecure deserializations not exploitable. Each instance of insecure deserialization is due to using the unserialize function without sanitizing the user input. Cacti has a “safe” deserialization that attempts to sanitize the content and check for specific values before calling unserialize, but it isn’t used in these instances. The vulnerable code lies in graphs_new.php, specifically within the host_new_graphs_save function. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability. 4.3https://nvd.nist.gov/vuln/detail/CVE-2023-30534
CVE-2023-35984The issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An attacker in physical proximity can cause a limited out of bounds write.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-35984
CVE-2023-42453Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Users were able to forge read receipts for any event (if they knew the room ID and event ID). Note that the users were not able to view the events, but simply mark it as read. This could be confusing as clients will show the event as read by the user, even if they are not in the room. This issue has been patched in version 1.93.0. Users are advised to upgrade. There are no known workarounds for this issue.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-42453
CVE-2023-44469A Server-Side Request Forgery issue in the OpenID Connect Issuer in LemonLDAP::NG before 2.17.1 allows authenticated remote attackers to send GET requests to arbitrary URLs through the request_uri authorization parameter. This is similar to CVE-2020-10770.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-44469
CVE-2023-5160Mattermost fails to check the Show Full Name option at the /api/v4/teams/TEAM_ID/top/team_members endpoint allowing a member to get the full name of another user even if the Show Full Name option was disabled 4.3https://nvd.nist.gov/vuln/detail/CVE-2023-5160
CVE-2023-3770Incorrect validation vulnerability of the data entered, allowing an attacker with access to the network on which the affected device is located to use the discovery port protocol (1925/UDP) to obtain device-specific information without the need for authentication. 4.3https://nvd.nist.gov/vuln/detail/CVE-2023-3770
CVE-2023-31042A flaw exists in FlashBlade Purity whereby an authenticated user with access to FlashBlade’s object store protocol can impact the availability of the system’s data access and replication protocols. 4.3https://nvd.nist.gov/vuln/detail/CVE-2023-31042
CVE-2023-41964The BIG-IP and BIG-IQ systems do not encrypt some sensitive information written to Database (DB) variables. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.4.3https://nvd.nist.gov/vuln/detail/CVE-2023-41964
CVE-2023-21885Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.42 and prior to 7.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. Note: Applies to Windows only. CVSS 3.1 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N).3.8https://nvd.nist.gov/vuln/detail/CVE-2023-21885
CVE-2023-21889Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.42 and prior to 7.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N).3.8https://nvd.nist.gov/vuln/detail/CVE-2023-21889
CVE-2023-31124c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand() as a fallback which could allow an attacker to take advantage of the lack of entropy by not using a CSPRNG. This issue was patched in version 1.19.1. 3.7https://nvd.nist.gov/vuln/detail/CVE-2023-31124
CVE-2023-41335Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. When users update their passwords, the new credentials may be briefly held in the server database. While this doesn't grant the server any added capabilities—it already learns the users' passwords as part of the authentication process—it does disrupt the expectation that passwords won't be stored in the database. As a result, these passwords could inadvertently be captured in database backups for a longer duration. These temporarily stored passwords are automatically erased after a 48-hour window. This issue has been addressed in version 1.93.0. Users are advised to upgrade. There are no known workarounds for this issue.3.7https://nvd.nist.gov/vuln/detail/CVE-2023-41335
CVE-2023-36698Windows Kernel Security Feature Bypass Vulnerability3.6https://nvd.nist.gov/vuln/detail/CVE-2023-36698
CVE-2020-11085In FreeRDP before 2.1.0, there is an out-of-bounds read in cliprdr_read_format_list. Clipboard format data read (by client or server) might read data out-of-bounds. This has been fixed in 2.1.0.3.5https://nvd.nist.gov/vuln/detail/CVE-2020-11085
CVE-2020-15103In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel. All FreeRDP clients are affected. The input rectangles from the server are not checked against local surface coordinates and blindly accepted. A malicious server can send data that will crash the client later on (invalid length arguments to a `memcpy`) This has been fixed in 2.2.0. As a workaround, stop using command line arguments /gfx, /gfx-h264 and /network:auto3.5https://nvd.nist.gov/vuln/detail/CVE-2020-15103
CVE-2023-0919Missing Authentication for Critical Function in GitHub repository kareadita/kavita prior to 0.7.0. 3.5https://nvd.nist.gov/vuln/detail/CVE-2023-0919
CVE-2020-11045In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bound read in in update_read_bitmap_data that allows client memory to be read to an image buffer. The result displayed on screen as colour.3.3https://nvd.nist.gov/vuln/detail/CVE-2020-11045
CVE-2023-29497A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14. An app may be able to access calendar data saved to a temporary directory.3.3https://nvd.nist.gov/vuln/detail/CVE-2023-29497
CVE-2023-30732Improper access control in system property prior to SMR Oct-2023 Release 1 allows local attacker to get CPU serial number.3.3https://nvd.nist.gov/vuln/detail/CVE-2023-30732
CVE-2023-30735Improper Preservation of Permissions vulnerability in SAssistant prior to version 8.7 allows local attackers to access backup data in SAssistant.3.3https://nvd.nist.gov/vuln/detail/CVE-2023-30735
CVE-2020-11041In FreeRDP less than or equal to 2.0.0, an outside controlled array index is used unchecked for data used as configuration for sound backend (alsa, oss, pulse, ...). The most likely outcome is a crash of the client instance followed by no or distorted sound or a session disconnect. If a user cannot upgrade to the patched version, a workaround is to disable sound for the session. This has been patched in 2.1.0.2.7https://nvd.nist.gov/vuln/detail/CVE-2020-11041
CVE-2020-11040In FreeRDP less than or equal to 2.0.0, there is an out-of-bound data read from memory in clear_decompress_subcode_rlex, visualized on screen as color. This has been patched in 2.1.0.2.7https://nvd.nist.gov/vuln/detail/CVE-2020-11040
CVE-2020-11043In FreeRDP less than or equal to 2.0.0, there is an out-of-bounds read in rfx_process_message_tileset. Invalid data fed to RFX decoder results in garbage on screen (as colors). This has been patched in 2.1.0.2.7https://nvd.nist.gov/vuln/detail/CVE-2020-11043
CVE-2022-35919MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. In affected versions all 'admin' users authorized for `admin:ServerUpdate` can selectively trigger an error that in response, returns the content of the path requested. Any normal OS system would allow access to contents at any arbitrary paths that are readable by MinIO process. Users are advised to upgrade. Users unable to upgrade may disable ServerUpdate API by denying the `admin:ServerUpdate` action for your admin users via IAM policies.2.7https://nvd.nist.gov/vuln/detail/CVE-2022-35919
CVE-2023-28372A flaw exists in FlashBlade Purity (OE) Version 4.1.0 whereby a user with privileges to extend an object’s retention period can affect the availability of the object lock. 2.7https://nvd.nist.gov/vuln/detail/CVE-2023-28372
CVE-2023-36627A flaw exists in FlashBlade Purity whereby a user with access to an administrative account on a FlashBlade that is configured with timezone-dependent snapshot schedules can configure a timezone to prevent the schedule from functioning properly. 2.7https://nvd.nist.gov/vuln/detail/CVE-2023-36627
CVE-2023-28373A flaw exists in FlashArray Purity whereby an array administrator by configuring an external key manager can affect the availability of data on the system including snapshots protected by SafeMode. 2.7https://nvd.nist.gov/vuln/detail/CVE-2023-28373
CVE-2020-11044In FreeRDP greater than 1.2 and before 2.0.0, a double free in update_read_cache_bitmap_v3_order crashes the client application if corrupted data from a manipulated server is parsed. This has been patched in 2.0.0.2.2https://nvd.nist.gov/vuln/detail/CVE-2020-11044
CVE-2020-11046In FreeRDP after 1.0 and before 2.0.0, there is a stream out-of-bounds seek in update_read_synchronize that could lead to a later out-of-bounds read.2.2https://nvd.nist.gov/vuln/detail/CVE-2020-11046
CVE-2020-11048In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bounds read. It only allows to abort a session. No data extraction is possible. This has been fixed in 2.0.0.2.2https://nvd.nist.gov/vuln/detail/CVE-2020-11048
CVE-2020-11049In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bound read of client memory that is then passed on to the protocol parser. This has been patched in 2.0.0.2.2https://nvd.nist.gov/vuln/detail/CVE-2020-11049
CVE-2020-11058In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds seek in rdp_read_font_capability_set could lead to a later out-of-bounds read. As a result, a manipulated client or server might force a disconnect due to an invalid data read. This has been fixed in 2.0.0.2.2https://nvd.nist.gov/vuln/detail/CVE-2020-11058
CVE-2006-0459flex.skl in Will Estes and John Millaway Fast Lexical Analyzer Generator (flex) before 2.5.33 does not allocate enough memory for grammars containing (1) REJECT statements or (2) trailing context rules, which causes flex to generate code that contains a buffer overflow that might allow context-dependent attackers to execute arbitrary code.https://nvd.nist.gov/vuln/detail/CVE-2006-0459
CVE-2013-1860Heap-based buffer overflow in the wdm_in_callback function in drivers/usb/class/cdc-wdm.c in the Linux kernel before 3.8.4 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted cdc-wdm USB device.https://nvd.nist.gov/vuln/detail/CVE-2013-1860
CVE-2015-8104The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c.https://nvd.nist.gov/vuln/detail/CVE-2015-8104
CVE-2023-30690Improper input validation vulnerability in Duo prior to SMR Oct-2023 Release 1 allows local attackers to launch privileged activities.https://nvd.nist.gov/vuln/detail/CVE-2023-30690
CVE-2023-43261An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components.https://nvd.nist.gov/vuln/detail/CVE-2023-43261
CVE-2023-5113Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are potentially vulnerable to denial of service due to WS-Print request and potential injections of Cross Site Scripting via jQuery-UI.https://nvd.nist.gov/vuln/detail/CVE-2023-5113
CVE-2021-3784Garuda Linux performs an insecure user creation and authentication that allows any user to impersonate the created account. By creating users from the 'Garuda settings manager', an insecure procedure is performed that keeps the created user without an assigned password during some seconds. This could allow a potential attacker to exploit this vulnerability in order to authenticate without knowing the password.https://nvd.nist.gov/vuln/detail/CVE-2021-3784
CVE-2023-20235A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user. This vulnerability exists because Docker containers with the privileged runtime option are not blocked when they are in application development mode. An attacker could exploit this vulnerability by using the Docker CLI to access an affected device. The application development workflow is meant to be used only on development systems and not in production systems.https://nvd.nist.gov/vuln/detail/CVE-2023-20235
CVE-2023-20259A vulnerability in an API endpoint of multiple Cisco Unified Communications Products could allow an unauthenticated, remote attacker to cause high CPU utilization, which could impact access to the web-based management interface and cause delays with call processing. This API is not used for device management and is unlikely to be used in normal operations of the device. This vulnerability is due to improper API authentication and incomplete validation of the API request. An attacker could exploit this vulnerability by sending a crafted HTTP request to a specific API on the device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to high CPU utilization, which could negatively impact user traffic and management access. When the attack stops, the device will recover without manual intervention.https://nvd.nist.gov/vuln/detail/CVE-2023-20259
CVE-2023-5402A?CWE-269: Improper Privilege Management vulnerability exists?that could cause?a local privilege escalation?when the transfer command is used.https://nvd.nist.gov/vuln/detail/CVE-2023-5402
CVE-2023-38701Hydra is the layer-two scalability solution for Cardano. Users of the Hydra head protocol send the UTxOs they wish to commit into the Hydra head first to the `commit` validator, where they remain until they are either collected into the `head` validator or the protocol initialisation is aborted and the value in the committed UTxOs is returned to the users who committed them. Prior to version 0.12.0, the `commit` validator contains a flawed check when the `ViaAbort` redeemer is used, which allows any user to spend any UTxO which is at the validator arbitrarily, meaning an attacker can steal the funds that users are trying to commit into the head validator. The intended behavior is that the funds must be returned to the user which committed the funds and can only be performed by a participant of the head. The `initial` validator also is similarly affected as the same flawed check is performed for the `ViaAbort` redeemer. Due to this issue, an attacker can steal any funds that user's try to commit into a Hydra head. Also, an attacker can prevent any Hydra head from being successfully opened. It does not allow an attacker to take funds which have been successfully collected into and currently reside in the `head` validator. Version 0.12.0 contains a fix for this issue.https://nvd.nist.gov/vuln/detail/CVE-2023-38701
CVE-2023-43805Nexkey is a fork of Misskey, an open source, decentralized social media platform. Prior to version 12.121.9, incomplete URL validation can allow users to bypass authentication for access to the job queue dashboard. Version 12.121.9 contains a fix for this issue. As a workaround, it may be possible to avoid this by blocking access using tools such as Cloudflare's WAF.https://nvd.nist.gov/vuln/detail/CVE-2023-43805
CVE-2023-40299Kong Insomnia 2023.4.0 on macOS allows attackers to execute code and access restricted files, or make requests for TCC permissions, by using the DYLD_INSERT_LIBRARIES environment variable.https://nvd.nist.gov/vuln/detail/CVE-2023-40299
CVE-2023-26236An issue was discovered in WatchGuard EPDR 8.0.21.0002. Due to a weak implementation of message handling between WatchGuard EPDR processes, it is possible to perform a Local Privilege Escalation on Windows by sending a crafted message to a named pipe.https://nvd.nist.gov/vuln/detail/CVE-2023-26236
CVE-2023-26237An issue was discovered in WatchGuard EPDR 8.0.21.0002. It is possible to bypass the defensive capabilities by adding a registry key as SYSTEM.https://nvd.nist.gov/vuln/detail/CVE-2023-26237
CVE-2023-26238An issue was discovered in WatchGuard EPDR 8.0.21.0002. It is possible to enable or disable defensive capabilities by sending a crafted message to a named pipe.https://nvd.nist.gov/vuln/detail/CVE-2023-26238
CVE-2023-26239An issue was discovered in WatchGuard EPDR 8.0.21.0002. Due to a weak implementation of a password check, it is possible to obtain credentials to access the management console as a non-privileged user.https://nvd.nist.gov/vuln/detail/CVE-2023-26239
CVE-2023-45198ftpd before "NetBSD-ftpd 20230930" can leak information about the host filesystem before authentication via an MLSD or MLST command. tnftpd (the portable version of NetBSD ftpd) before 20231001 is also vulnerable.https://nvd.nist.gov/vuln/detail/CVE-2023-45198
CVE-2023-451591E Client installer can perform arbitrary file deletion on protected files. A non-privileged user could provide a symbolic link or Windows junction to point to a protected directory in the installer that the 1E Client would then clear on service startup. A hotfix is available Q23092 that forces the 1E Client to check for a symbolic link or junction and if it finds one refuses to use that path and instead creates a path involving a random GUID. https://nvd.nist.gov/vuln/detail/CVE-2023-45159
CVE-2022-4145A content spoofing flaw was found in OpenShift's OAuth endpoint. This flaw allows a remote, unauthenticated attacker to inject text into a webpage, enabling the obfuscation of a phishing operation.https://nvd.nist.gov/vuln/detail/CVE-2022-4145
CVE-2022-3248A flaw was found in OpenShift API, as admission checks do not enforce "custom-host" permissions. This issue could allow an attacker to violate the boundaries, as permissions will not be applied.https://nvd.nist.gov/vuln/detail/CVE-2022-3248
CVE-2023-44390HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. The vulnerability occurs in configurations where foreign content is allowed, i.e. either `svg` or `math` are in the list of allowed elements. In the case an application sanitizes user input with a vulnerable configuration, an attacker could bypass the sanitization and inject arbitrary HTML, including JavaScript code. Note that in the default configuration the vulnerability is not present. The vulnerability has been fixed in versions 8.0.723 and 8.1.722-beta (preview version).https://nvd.nist.gov/vuln/detail/CVE-2023-44390
CVE-2023-45160In the affected version of the 1E Client, an ordinary user could subvert downloaded instruction resource files, e.g., to substitute a harmful script. by replacing a resource script file created by an instruction at run time with a malicious script. This has been fixed in patch Q23094 as the 1E Client's temporary directory is now locked down https://nvd.nist.gov/vuln/detail/CVE-2023-45160
CVE-2023-4570An improper access restriction in NI MeasurementLink Python services could allow an attacker on an adjacent network to reach services exposed on localhost. These services were previously thought to be unreachable outside of the node. This affects measurement plug-ins written in Python using version 1.1.0 of the ni-measurementlink-service Python package and all previous versions. https://nvd.nist.gov/vuln/detail/CVE-2023-4570
CVE-2023-44386Vapor is an HTTP web framework for Swift. There is a denial of service vulnerability impacting all users of affected versions of Vapor. The HTTP1 error handler closed connections when HTTP parse errors occur instead of passing them on. The issue is fixed as of Vapor release 4.84.2.https://nvd.nist.gov/vuln/detail/CVE-2023-44386
CVE-2023-44387Gradle is a build tool with a focus on build automation and support for multi-language development. When copying or archiving symlinked files, Gradle resolves them but applies the permissions of the symlink itself instead of the permissions of the linked file to the resulting file. This leads to files having too much permissions given that symlinks usually are world readable and writeable. While it is unlikely this results in a direct vulnerability for the impacted build, it may open up attack vectors depending on where build artifacts end up being copied to or un-archived. In versions 7.6.3, 8.4 and above, Gradle will now properly use the permissions of the file pointed at by the symlink to set permissions of the copied or archived file.https://nvd.nist.gov/vuln/detail/CVE-2023-44387
CVE-2023-5423A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/ajax.php?action=confirm_order. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The identifier of this vulnerability is VDB-241384.https://nvd.nist.gov/vuln/detail/CVE-2023-5423
CVE-2023-42754A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a device before calling __ip_options_compile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with CAP_NET_ADMIN privileges to crash the system.https://nvd.nist.gov/vuln/detail/CVE-2023-42754
CVE-2023-42755A flaw was found in the IPv4 Resource Reservation Protocol (RSVP) classifier in the Linux kernel. The xprt pointer may go beyond the linear part of the skb, leading to an out-of-bounds read in the `rsvp_classify` function. This issue may allow a local user to crash the system and cause a denial of service.https://nvd.nist.gov/vuln/detail/CVE-2023-42755
CVE-2023-43260Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the admin panel.https://nvd.nist.gov/vuln/detail/CVE-2023-43260
CVE-2023-40920Prixan prixanconnect up to v1.62 was discovered to contain a SQL injection vulnerability via the component CartsGuruCatalogModuleFrontController::importProducts().https://nvd.nist.gov/vuln/detail/CVE-2023-40920
CVE-2023-39323Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex.https://nvd.nist.gov/vuln/detail/CVE-2023-39323
CVE-2023-43269pigcms up to 7.0 was discovered to contain an arbitrary file upload vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-43269
CVE-2015-10125A vulnerability classified as problematic has been found in WP Ultimate CSV Importer Plugin 3.7.2 on WordPress. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 3.7.3 is able to address this issue. The identifier of the patch is 13c30af721d3f989caac72dd0f56cf0dc40fad7e. It is recommended to upgrade the affected component. The identifier VDB-241317 was assigned to this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2015-10125
CVE-2023-26153Versions of the package geokit-rails before 2.5.0 are vulnerable to Command Injection due to unsafe deserialisation of YAML within the 'geo_location' cookie. This issue can be exploited remotely via a malicious cookie value. **Note:** An attacker can use this vulnerability to execute commands on the host system.https://nvd.nist.gov/vuln/detail/CVE-2023-26153
CVE-2023-40556Cross-Site Request Forgery (CSRF) vulnerability in Greg Ross Schedule Posts Calendar plugin <= 5.2 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-40556
CVE-2015-10126A vulnerability classified as critical was found in Easy2Map Photos Plugin 1.0.1 on WordPress. This vulnerability affects unknown code. The manipulation leads to sql injection. The attack can be initiated remotely. Upgrading to version 1.1.0 is able to address this issue. The patch is identified as 503d9ee2482d27c065f78d9546f076a406189908. It is recommended to upgrade the affected component. VDB-241318 is the identifier assigned to this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2015-10126
CVE-2023-45244Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35895.https://nvd.nist.gov/vuln/detail/CVE-2023-45244
CVE-2023-44758GDidees CMS 3.0 is affected by a Cross-Site Scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload to the Page Title.https://nvd.nist.gov/vuln/detail/CVE-2023-44758
CVE-2023-45246Sensitive information disclosure and manipulation due to improper authentication. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 36343.https://nvd.nist.gov/vuln/detail/CVE-2023-45246
CVE-2023-36465Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The `templates` module doesn't enforce the correct permissions, allowing any logged-in user to access to this functionality in the administration panel. An attacker could use this vulnerability to change, create or delete templates of surveys. This issue has been patched in version 0.26.8 and 0.27.4.https://nvd.nist.gov/vuln/detail/CVE-2023-36465
CVE-2023-35897IBM Spectrum Protect Client and IBM Storage Protect for Virtual Environments 8.1.0.0 through 8.1.19.0 could allow a local user to execute arbitrary code on the system using a specially crafted file, caused by a DLL hijacking flaw. IBM X-Force ID: 259246.https://nvd.nist.gov/vuln/detail/CVE-2023-35897
CVE-2023-42445Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, when Gradle parses XML files, resolving XML external entities is not disabled. Combined with an Out Of Band XXE attack (OOB-XXE), just parsing XML can lead to exfiltration of local text files to a remote server. Gradle parses XML files for several purposes. Most of the time, Gradle parses XML files it generated or were already present locally. Only Ivy XML descriptors and Maven POM files can be fetched from remote repositories and parsed by Gradle. In Gradle 7.6.3 and 8.4, resolving XML external entities has been disabled for all use cases to protect against this vulnerability. Gradle will now refuse to parse XML files that have XML external entities. https://nvd.nist.gov/vuln/detail/CVE-2023-42445
CVE-2023-43810OpenTelemetry, also known as OTel for short, is a vendor-neutral open-source Observability framework for instrumenting, generating, collecting, and exporting telemetry data such as traces, metrics, logs. Autoinstrumentation out of the box adds the label `http_method` that has unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent. HTTP method for requests can be easily set by an attacker to be random and long. In order to be affected program has to be instrumented for HTTP handlers and does not filter any unknown HTTP methods on the level of CDN, LB, previous middleware, etc. This issue has been patched in version 0.41b0.https://nvd.nist.gov/vuln/detail/CVE-2023-43810
CVE-2023-41659Cross-Site Request Forgery (CSRF) vulnerability in Jules Colle, BDWM Responsive Gallery Grid plugin <= 2.3.10 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-41659
CVE-2023-23370An insufficiently protected credentials vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to gain access to user accounts and access sensitive data used by the user account via unspecified vectors. We have already fixed the vulnerability in the following version: QVPN Windows 2.1.0.0518 and later https://nvd.nist.gov/vuln/detail/CVE-2023-23370
CVE-2023-23371A cleartext transmission of sensitive information vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to read sensitive data via unspecified vectors. We have already fixed the vulnerability in the following version: QVPN Windows 2.2.0.0823 and later https://nvd.nist.gov/vuln/detail/CVE-2023-23371
CVE-2023-32971A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and later QTS 5.1.0.2444 build 20230629 and later QTS 4.5.4.2467 build 20230718 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.0.2424 build 20230609 and later QuTS hero h4.5.4.2476 build 20230728 and later QuTScloud c5.1.0.2498 and later https://nvd.nist.gov/vuln/detail/CVE-2023-32971
CVE-2023-44384Discourse-jira is a Discourse plugin allows Jira projects, issue types, fields and field options will be synced automatically. An administrator user can make an SSRF attack by setting the Jira URL to an arbitrary location and enabling the `discourse_jira_verbose_log` site setting. A moderator user could manipulate the request path to the Jira API, allowing them to perform arbitrary GET requests using the Jira API credentials, potentially with elevated permissions, used by the application.https://nvd.nist.gov/vuln/detail/CVE-2023-44384
CVE-2023-45239A lack of input validation exists in tac_plus prior to commit 4fdf178 which, when pre or post auth commands are enabled, allows an attacker who can control the username, rem-addr, or NAC address sent to tac_plus to inject shell commands and gain remote code execution on the tac_plus server.https://nvd.nist.gov/vuln/detail/CVE-2023-45239
CVE-2023-5366A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses.https://nvd.nist.gov/vuln/detail/CVE-2023-5366
CVE-2023-21244In visitUris of Notification.java, there is a possible bypass of user profile boundaries due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.https://nvd.nist.gov/vuln/detail/CVE-2023-21244
CVE-2023-21252In validatePassword of WifiConfigurationUtil.java, there is a possible way to get the device into a boot loop due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.https://nvd.nist.gov/vuln/detail/CVE-2023-21252
CVE-2023-21253In multiple locations, there is a possible way to crash multiple system services due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.https://nvd.nist.gov/vuln/detail/CVE-2023-21253
CVE-2023-21266In killBackgroundProcesses of ActivityManagerService.java, there is a possible way to escape Google Play protection due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.https://nvd.nist.gov/vuln/detail/CVE-2023-21266
CVE-2023-21291In visitUris of Notification.java, there is a possible way to reveal image contents from another user due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.https://nvd.nist.gov/vuln/detail/CVE-2023-21291
CVE-2023-45282In NASA Open MCT (aka openmct) 2.2.5 before 545a177, prototype pollution can occur via an import action.https://nvd.nist.gov/vuln/detail/CVE-2023-45282
CVE-2023-45303ThingsBoard before 3.5 allows Server-Side Template Injection if users are allowed to modify an email template, because Apache FreeMarker supports freemarker.template.utility.Execute (for content sent to the /api/admin/settings endpoint).https://nvd.nist.gov/vuln/detail/CVE-2023-45303
CVE-2023-45311fsevents before 1.2.11 depends on the https://fsevents-binaries.s3-us-west-2.amazonaws.com URL, which might allow an adversary to execute arbitrary code if any JavaScript project (that depends on fsevents) distributes code that was obtained from that URL at a time when it was controlled by an adversary.https://nvd.nist.gov/vuln/detail/CVE-2023-45311
CVE-2023-44860An issue in NETIS SYSTEMS N3Mv2 v.1.0.1.865 allows a remote attacker to cause a denial of service via the authorization component in the HTTP request.https://nvd.nist.gov/vuln/detail/CVE-2023-44860
CVE-2023-5182Sensitive data could be exposed in logs of subiquity version 23.09.1 and earlier. An attacker in the adm group could use this information to find hashed passwords and possibly escalate their privilege.https://nvd.nist.gov/vuln/detail/CVE-2023-5182
CVE-2023-43615Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow.https://nvd.nist.gov/vuln/detail/CVE-2023-43615
CVE-2023-45199Mbed TLS 3.2.x through 3.4.x before 3.5 has a Buffer Overflow that can lead to remote Code execution.https://nvd.nist.gov/vuln/detail/CVE-2023-45199
CVE-2023-40631In Dialer, there is a possible missing permission check. This could lead to local information disclosure with System execution privileges neededhttps://nvd.nist.gov/vuln/detail/CVE-2023-40631
CVE-2023-40632In jpg driver, there is a possible use after free due to a logic error. This could lead to remote information disclosure no additional execution privileges neededhttps://nvd.nist.gov/vuln/detail/CVE-2023-40632
CVE-2023-40633In phasecheckserver, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges neededhttps://nvd.nist.gov/vuln/detail/CVE-2023-40633
CVE-2023-40634In phasechecksercer, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges neededhttps://nvd.nist.gov/vuln/detail/CVE-2023-40634
CVE-2023-40635In linkturbo, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges neededhttps://nvd.nist.gov/vuln/detail/CVE-2023-40635
CVE-2023-40636In telecom service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with System execution privileges neededhttps://nvd.nist.gov/vuln/detail/CVE-2023-40636
CVE-2023-40637In telecom service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privilegeshttps://nvd.nist.gov/vuln/detail/CVE-2023-40637
CVE-2023-40638In Telecom service, there is a possible missing permission check. This could lead to local denial of service with System execution privileges neededhttps://nvd.nist.gov/vuln/detail/CVE-2023-40638
CVE-2023-40639In SoundRecorder service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privilegeshttps://nvd.nist.gov/vuln/detail/CVE-2023-40639
CVE-2023-40640In SoundRecorder service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privilegeshttps://nvd.nist.gov/vuln/detail/CVE-2023-40640
CVE-2023-40641In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges neededhttps://nvd.nist.gov/vuln/detail/CVE-2023-40641
CVE-2023-40642In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges neededhttps://nvd.nist.gov/vuln/detail/CVE-2023-40642
CVE-2023-40643In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges neededhttps://nvd.nist.gov/vuln/detail/CVE-2023-40643
CVE-2023-40644In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges neededhttps://nvd.nist.gov/vuln/detail/CVE-2023-40644
CVE-2023-40645In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges neededhttps://nvd.nist.gov/vuln/detail/CVE-2023-40645
CVE-2023-40646In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges neededhttps://nvd.nist.gov/vuln/detail/CVE-2023-40646
CVE-2023-40647In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges neededhttps://nvd.nist.gov/vuln/detail/CVE-2023-40647
CVE-2023-40648In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges neededhttps://nvd.nist.gov/vuln/detail/CVE-2023-40648
CVE-2023-40649In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges neededhttps://nvd.nist.gov/vuln/detail/CVE-2023-40649
CVE-2023-40650In Telecom service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges neededhttps://nvd.nist.gov/vuln/detail/CVE-2023-40650
CVE-2023-40651In urild service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges neededhttps://nvd.nist.gov/vuln/detail/CVE-2023-40651
CVE-2023-40652In jpg driver, there is a possible out of bounds write due to improper input validation. This could lead to local denial of service with System execution privileges neededhttps://nvd.nist.gov/vuln/detail/CVE-2023-40652
CVE-2023-40653In FW-PackageManager, there is a possible missing permission check. This could lead to local escalation of privilege with System execution privileges neededhttps://nvd.nist.gov/vuln/detail/CVE-2023-40653
CVE-2023-40654In FW-PackageManager, there is a possible missing permission check. This could lead to local escalation of privilege with System execution privileges neededhttps://nvd.nist.gov/vuln/detail/CVE-2023-40654
CVE-2023-45349Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.34.7, 4000 Assistant V10 R1.42.0, 4000 Assistant V10 R0, 4000 Manager V10 R1 before V10 R1.34.7, 4000 Manager V10 R1.42.0, and 4000 Manager V10 R0 expose sensitive information that may allow lateral movement to the backup system via AShbr. This is also known as OSFOURK-23722.https://nvd.nist.gov/vuln/detail/CVE-2023-45349
CVE-2023-45350Atos Unify OpenScape 4000 Manager V10 R1 before V10 R1.42.1 and 4000 Manager V10 R0 allow Privilege escalation that may lead to the ability of an authenticated attacker to run arbitrary code via AScm. This is also known as OSFOURK-24034.https://nvd.nist.gov/vuln/detail/CVE-2023-45350
CVE-2023-45351Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.1, 4000 Assistant V10 R0, 4000 Manager V10 R1 before V10 R1.42.1, and 4000 Manager V10 R0 allow Authenticated Command Injection via AShbr. This is also known as OSFOURK-24039.https://nvd.nist.gov/vuln/detail/CVE-2023-45351
CVE-2023-45352Atos Unify OpenScape Common Management Portal V10 before V10 R4.17.0 and V10 R5.1.0 allows an authenticated attacker to execute arbitrary code on the operating system via a Common Management Portal web interface Path traversal vulnerability allowing write access outside the intended folders. This is also known as OCMP-6592.https://nvd.nist.gov/vuln/detail/CVE-2023-45352
CVE-2023-45353Atos Unify OpenScape Common Management Portal V10 before V10 R4.17.0 and V10 R5.1.0 allows an authenticated attacker to execute arbitrary code on the operating system by leveraging the Common Management Portal web interface for Authenticated remote upload and creation of arbitrary files affecting the underlying operating system. This is also known as OCMP-6591.https://nvd.nist.gov/vuln/detail/CVE-2023-45353
CVE-2023-45354Atos Unify OpenScape Common Management Portal V10 before V10 R4.17.0 and V10 R5.1.0 allows an authenticated remote attacker to execute arbitrary code on the operating system by using the Common Management Portal web interface. This is also known as OCMP-6589.https://nvd.nist.gov/vuln/detail/CVE-2023-45354
CVE-2023-45355Atos Unify OpenScape 4000 Platform V10 R1 before Hotfix V10 R1.42.2 and 4000 and Manager Platform V10 R1 before Hotfix V10 R1.42.2 allow command injection by an authenticated attacker into the platform operating system, leading to administrative access via the webservice. This is also known as OSFOURK-24120.https://nvd.nist.gov/vuln/detail/CVE-2023-45355
CVE-2023-45356Atos Unify OpenScape 4000 Platform V10 R1 before Hotfix V10 R1.42.2 4000 and Manager Platform V10 R1 before Hotfix V10 R1.42.2 allow command injection by an authenticated attacker into the platform operating system, leading to administrative access, via dtb pages of the platform portal. This is also known as OSFOURK-23719.https://nvd.nist.gov/vuln/detail/CVE-2023-45356
CVE-2023-45363An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service (unbounded loop and RequestTimeoutException) when querying pages redirected to other variants with redirects and converttitles set.https://nvd.nist.gov/vuln/detail/CVE-2023-45363
CVE-2023-45364An issue was discovered in includes/page/Article.php in MediaWiki 1.36.x through 1.39.x before 1.39.5 and 1.40.x before 1.40.1. Deleted revision existence is leaked due to incorrect permissions being checked. This reveals that a given revision ID belonged to the given page title, and its timestamp, both of which are not supposed to be public information.https://nvd.nist.gov/vuln/detail/CVE-2023-45364
CVE-2023-45367An issue was discovered in the CheckUser extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. A user can use a rest.php/checkuser/v0/useragent-clienthints/revision/ URL to store an arbitrary number of rows in cu_useragent_clienthints, leading to a denial of service.https://nvd.nist.gov/vuln/detail/CVE-2023-45367
CVE-2023-45369An issue was discovered in the PageTriage extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. Usernames of hidden users are exposed.https://nvd.nist.gov/vuln/detail/CVE-2023-45369
CVE-2023-45370An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. SportsTeams: Special:SportsManagerLogo and Special:SportsTeamsManagerLogo do not check for the sportsteamsmanager user right, and thus an attacker may be able to affect pages that are concerned with sports teams.https://nvd.nist.gov/vuln/detail/CVE-2023-45370
CVE-2023-45371An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is no rate limit for merging items.https://nvd.nist.gov/vuln/detail/CVE-2023-45371
CVE-2023-45372An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. During item merging, ItemMergeInteractor does not have an edit filter running (e.g., AbuseFilter).https://nvd.nist.gov/vuln/detail/CVE-2023-45372
CVE-2023-45373An issue was discovered in the ProofreadPage extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. XSS can occur via formatNumNoSeparators.https://nvd.nist.gov/vuln/detail/CVE-2023-45373
CVE-2023-45374An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It does not check for the anti-CSRF edit token in Special:SportsTeamsManager and Special:UpdateFavoriteTeams.https://nvd.nist.gov/vuln/detail/CVE-2023-45374
CVE-2023-39854The web interface of ATX Ucrypt through 3.5 allows authenticated users (or attackers using default credentials for the admin, master, or user account) to include files via a URL in the /hydra/view/get_cc_url url parameter. There can be resultant SSRF.https://nvd.nist.gov/vuln/detail/CVE-2023-39854
CVE-2023-3589A Cross-Site Request Forgery (CSRF) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x allows an attacker to send a specifically crafted query to the server.https://nvd.nist.gov/vuln/detail/CVE-2023-3589
CVE-2023-44231Cross-Site Request Forgery (CSRF) vulnerability in NickDuncan Contact Form plugin <= 2.0.10 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-44231
CVE-2023-44232Cross-Site Request Forgery (CSRF) vulnerability in Huseyin Berberoglu WP Hide Pages plugin <= 1.0 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-44232
CVE-2023-44260Cross-Site Request Forgery (CSRF) vulnerability in Mikk Mihkel Nurges, Rebing OÜ Woocommerce ESTO plugin <= 2.23.1 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-44260
CVE-2023-44236Cross-Site Request Forgery (CSRF) vulnerability in Devnath verma WP Captcha plugin <= 2.0.0 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-44236
CVE-2023-44237Cross-Site Request Forgery (CSRF) vulnerability in Moriyan Jay WP Site Protector plugin <= 2.0 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-44237
CVE-2023-44238Cross-Site Request Forgery (CSRF) vulnerability in Joakim Ling Remove slug from custom post type plugin <= 1.0.3 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-44238
CVE-2023-44246Cross-Site Request Forgery (CSRF) vulnerability in Matias s Shockingly Simple Favicon plugin <= 1.8.2 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-44246
CVE-2023-44240Cross-Site Request Forgery (CSRF) vulnerability in Peter Butler Timthumb Vulnerability Scanner plugin <= 1.54 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-44240
CVE-2023-44473Cross-Site Request Forgery (CSRF) vulnerability in Michael Tran Table of Contents Plus plugin <= 2302 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-44473
CVE-2023-44993Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud AI ChatBot plugin <= 4.7.8 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-44993
CVE-2023-45612In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXEhttps://nvd.nist.gov/vuln/detail/CVE-2023-45612
CVE-2023-45613In JetBrains Ktor before 2.3.5 server certificates were not verifiedhttps://nvd.nist.gov/vuln/detail/CVE-2023-45613
CVE-2023-5330Mattermost fails to enforce a limit for the size of the cache entry for OpenGraph data allowing an attacker to send a specially crafted request to the /api/v4/opengraph filling the cache and turning the server unavailable. https://nvd.nist.gov/vuln/detail/CVE-2023-5330
CVE-2023-5331Mattermost fails to properly check the creator of an attached file when adding the file to a draft post, potentially exposing unauthorized file information. https://nvd.nist.gov/vuln/detail/CVE-2023-5331
CVE-2023-5333Mattermost fails to deduplicate input IDs allowing a simple user to cause the application to consume excessive resources and possibly crash by sending a specially crafted request to /api/v4/users/ids with multiple identical IDs. https://nvd.nist.gov/vuln/detail/CVE-2023-5333
CVE-2023-43696Improper Access Control in SICK APU allows an unprivileged remote attacker to download as well as upload arbitrary files via anonymous access to the FTP server. https://nvd.nist.gov/vuln/detail/CVE-2023-43696
CVE-2023-43699Improper Restriction of Excessive Authentication Attempts in RDT400 in SICK APU allows an unprivileged remote attacker to guess the password via trial-and-error as the login attempts are not limited. https://nvd.nist.gov/vuln/detail/CVE-2023-43699
CVE-2023-43700Missing Authorization in RDT400 in SICK APU allows an unprivileged remote attacker to modify data via HTTP requests that no not require authentication. https://nvd.nist.gov/vuln/detail/CVE-2023-43700
CVE-2023-45247Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 36497.https://nvd.nist.gov/vuln/detail/CVE-2023-45247
CVE-2023-45248Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Agent (Windows) before build 36497.https://nvd.nist.gov/vuln/detail/CVE-2023-45248
CVE-2023-43697Modification of Assumed-Immutable Data (MAID) in RDT400 in SICK APU allows an unprivileged remote attacker to make the site unable to load necessary strings via changing file paths using HTTP requests. https://nvd.nist.gov/vuln/detail/CVE-2023-43697
CVE-2023-43698Improper Neutralization of Input During Web Page Generation (’Cross-site Scripting’) in RDT400 in SICK APU allows an unprivileged remote attacker to run arbitrary code in the clients browser via injecting code into the website. https://nvd.nist.gov/vuln/detail/CVE-2023-43698
CVE-2023-5100Cleartext Transmission of Sensitive Information in RDT400 in SICK APU allows an unprivileged remote attacker to retrieve potentially sensitive information via intercepting network traffic that is not encrypted. https://nvd.nist.gov/vuln/detail/CVE-2023-5100
CVE-2023-5101Files or Directories Accessible to External Parties in RDT400 in SICK APU allows an unprivileged remote attacker to download various files from the server via HTTP requests. https://nvd.nist.gov/vuln/detail/CVE-2023-5101
CVE-2023-5102Insufficient Control Flow Management in RDT400 in SICK APU allows an unprivileged remote attacker to potentially enable hidden functionality via HTTP requests. https://nvd.nist.gov/vuln/detail/CVE-2023-5102
CVE-2023-5103Improper Restriction of Rendered UI Layers or Frames in RDT400 in SICK APU allows an unprivileged remote attacker to potentially reveal sensitive information via tricking a user into clicking on an actionable item using an iframe. https://nvd.nist.gov/vuln/detail/CVE-2023-5103
CVE-2022-35950OroCommerce is an open-source Business to Business Commerce application. In versions 4.1.0 through 4.1.13, 4.2.0 through 4.2.10, 5.0.0 prior to 5.0.11, and 5.1.0 prior to 5.1.1, the JS payload added to the product name may be executed at the storefront when adding a note to the shopping list line item containing a vulnerable product. An attacker should be able to edit a product in the admin area and force a user to add this product to Shopping List and click add a note for it. Versions 5.0.11 and 5.1.1 contain a fix for this issue. https://nvd.nist.gov/vuln/detail/CVE-2022-35950
CVE-2023-25822ReportPortal is an AI-powered test automation platform. Prior to version 5.10.0 of the `com.epam.reportportal:service-api` module, corresponding to ReportPortal version 23.2, the ReportPortal database becomes unstable and reporting almost fully stops except for small launches with approximately 1 test inside when the test_item.path field is exceeded the allowable `ltree` field type indexing limit (path length>=120, approximately recursive nesting of the nested steps). REINDEX INDEX path_gist_idx and path_idx aren't helped. The problem was fixed in `com.epam.reportportal:service-api` module version 5.10.0 (product release 23.2), where the maximum number of nested elements were programmatically limited. A workaround is available. After deletion of the data with long paths, and reindexing both indexes (path_gist_idx and path_idx), the database becomes stable and ReportPortal works properly.https://nvd.nist.gov/vuln/detail/CVE-2023-25822
CVE-2023-36820Micronaut Security is a security solution for applications. Prior to versions 3.1.2, 3.2.4, 3.3.2, 3.4.3, 3.5.3, 3.6.6, 3.7.4, 3.8.4, 3.9.6, 3.10.2, and 3.11.1, IdTokenClaimsValidator skips `aud` claim validation if token is issued by same identity issuer/provider. Any OIDC setup using Micronaut where multiple OIDC applications exists for the same issuer but token auth are not meant to be shared. This issue has been patched in versions 3.1.2, 3.2.4, 3.3.2, 3.4.3, 3.5.3, 3.6.6, 3.7.4, 3.8.4, 3.9.6, 3.10.2, and 3.11.1. https://nvd.nist.gov/vuln/detail/CVE-2023-36820
CVE-2023-41660Cross-Site Request Forgery (CSRF) vulnerability in WPSynchro WP Synchro plugin <= 1.9.1 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-41660
CVE-2023-43643AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. Prior to version 1.7.4, there is a potential for a mutation XSS (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the `preserveComments` directive must be enabled in your policy file and also allow for certain tags at the same time. As a result, certain crafty inputs can result in elements in comment tags being interpreted as executable when using AntiSamy's sanitized output. This issue has been patched in AntiSamy 1.7.4 and later.https://nvd.nist.gov/vuln/detail/CVE-2023-43643
CVE-2023-44378gnark is a zk-SNARK library that offers a high-level API to design circuits. Prior to version 0.9.0, for some in-circuit values, it is possible to construct two valid decomposition to bits. In addition to the canonical decomposition of `a`, for small values there exists a second decomposition for `a+r` (where `r` is the modulus the values are being reduced by). The second decomposition was possible due to overflowing the field where the values are defined. Upgrading to version 0.9.0 should fix the issue without needing to change the calls to value comparison methods.https://nvd.nist.gov/vuln/detail/CVE-2023-44378
CVE-2023-44393Piwigo is an open source photo gallery application. Prior to version 14.0.0beta4, a reflected cross-site scripting (XSS) vulnerability is in the` /admin.php?page=plugins&tab=new&installstatus=ok&plugin_id=[here]` page. This vulnerability can be exploited by an attacker to inject malicious HTML and JS code into the HTML page, which could then be executed by admin users when they visit the URL with the payload. The vulnerability is caused by the insecure injection of the `plugin_id` value from the URL into the HTML page. An attacker can exploit this vulnerability by crafting a malicious URL that contains a specially crafted `plugin_id` value. When a victim who is logged in as an administrator visits this URL, the malicious code will be injected into the HTML page and executed. This vulnerability can be exploited by any attacker who has access to a malicious URL. However, only users who are logged in as administrators are affected. This is because the vulnerability is only present on the `/admin.php?page=plugins&tab=new&installstatus=ok&plugin_id=[here]` page, which is only accessible to administrators. Version 14.0.0.beta4 contains a patch for this issue.https://nvd.nist.gov/vuln/detail/CVE-2023-44393
CVE-2023-30910HPE MSA Controller prior to version IN210R004 could be remotely exploited to allow inconsistent interpretation of HTTP requests. https://nvd.nist.gov/vuln/detail/CVE-2023-30910
CVE-2023-41047OctoPrint is a web interface for 3D printers. OctoPrint versions up until and including 1.9.2 contain a vulnerability that allows malicious admins to configure a specially crafted GCODE script that will allow code execution during rendering of that script. An attacker might use this to extract data managed by OctoPrint, or manipulate data managed by OctoPrint, as well as execute arbitrary commands with the rights of the OctoPrint process on the server system. OctoPrint versions from 1.9.3 onward have been patched. Administrators of OctoPrint instances are advised to make sure they can trust all other administrators on their instance and to also not blindly configure arbitrary GCODE scripts found online or provided to them by third parties.https://nvd.nist.gov/vuln/detail/CVE-2023-41047
CVE-2023-44400Uptime Kuma is a self-hosted monitoring tool. Prior to version 1.23.3, attackers with access to a user's device can gain persistent account access. This is caused by missing verification of Session Tokens after password changes and/or elapsed inactivity periods. Version 1.23.3 has a patch for the issue.https://nvd.nist.gov/vuln/detail/CVE-2023-44400
CVE-2023-5365HP LIFE Android Mobile application is potentially vulnerable to escalation of privilege and/or information disclosure.https://nvd.nist.gov/vuln/detail/CVE-2023-5365
CVE-2023-42455Wazuh is a security detection, visibility, and compliance open source project. In versions 4.4.0 and 4.4.1, it is possible to get the Wazuh API administrator key used by the Dashboard using the browser development tools. This allows a logged user to the dashboard to become administrator of the API, even if their dashboard role is not. Version 4.4.2 contains a fix. There are no known workarounds.https://nvd.nist.gov/vuln/detail/CVE-2023-42455
CVE-2023-39189A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode controlled opt_num field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure.https://nvd.nist.gov/vuln/detail/CVE-2023-39189
CVE-2023-39192A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure. This flaw allows a local privileged attacker to trigger an out-of-bounds read by setting the size fields with a value beyond the array boundaries, leading to a crash or information disclosure.https://nvd.nist.gov/vuln/detail/CVE-2023-39192
CVE-2023-39193A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the flag_count field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure.https://nvd.nist.gov/vuln/detail/CVE-2023-39193
CVE-2023-39194A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing of state filters, which can result in a read past the end of an allocated buffer. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, potentially leading to an information disclosure.https://nvd.nist.gov/vuln/detail/CVE-2023-39194
CVE-2023-41667Cross-Site Request Forgery (CSRF) vulnerability in Ulf Benjaminsson WP-dTree plugin <= 4.4.5 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-41667
CVE-2023-41668Cross-Site Request Forgery (CSRF) vulnerability in Leadster plugin <= 1.1.2 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-41668
CVE-2022-3431A potential vulnerability in a driver used during manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.https://nvd.nist.gov/vuln/detail/CVE-2022-3431
CVE-2023-41669Cross-Site Request Forgery (CSRF) vulnerability in DAEXT Live News plugin <= 1.06 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-41669
CVE-2023-41670Cross-Site Request Forgery (CSRF) vulnerability in Palasthotel (in person: Edward Bock) Use Memcached plugin <= 1.0.4 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-41670
CVE-2023-41672Cross-Site Request Forgery (CSRF) vulnerability in Rémi Leclercq Hide admin notices – Admin Notification Center plugin <= 2.3.2 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-41672
CVE-2023-5459A vulnerability has been found in Delta Electronics DVP32ES2 PLC 1.48 and classified as critical. This vulnerability affects unknown code of the component Password Transmission Handler. The manipulation leads to denial of service. The exploit has been disclosed to the public and may be used. VDB-241582 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.https://nvd.nist.gov/vuln/detail/CVE-2023-5459
CVE-2023-5460A vulnerability was found in Delta Electronics WPLSoft up to 2.51 and classified as problematic. This issue affects some unknown processing of the component Modbus Data Packet Handler. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-241583. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.https://nvd.nist.gov/vuln/detail/CVE-2023-5460
CVE-2023-44392Garden provides automation for Kubernetes development and testing. Prior tov ersions 0.13.17 and 0.12.65, Garden has a dependency on the cryo library, which is vulnerable to code injection due to an insecure implementation of deserialization. Garden stores serialized objects using cryo in the Kubernetes `ConfigMap` resources prefixed with `test-result` and `run-result` to cache Garden test and run results. These `ConfigMaps` are stored either in the `garden-system` namespace or the configured user namespace. When a user invokes the command `garden test` or `garden run` objects stored in the `ConfigMap` are retrieved and deserialized. This can be used by an attacker with access to the Kubernetes cluster to store malicious objects in the `ConfigMap`, which can trigger a remote code execution on the users machine when cryo deserializes the object. In order to exploit this vulnerability, an attacker must have access to the Kubernetes cluster used to deploy garden remote environments. Further, a user must actively invoke either a `garden test` or `garden run` which has previously cached results. The issue has been patched in Garden versions `0.13.17` (Bonsai) and `0.12.65` (Acorn). Only Garden versions prior to these are vulnerable. No known workarounds are available.https://nvd.nist.gov/vuln/detail/CVE-2023-44392
CVE-2023-44467langchain_experimental 0.0.14 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via the PALChain in the python exec method.https://nvd.nist.gov/vuln/detail/CVE-2023-44467
CVE-2023-44811Cross Site Request Forgery (CSRF) vulnerability in MooSocial v.3.1.8 allows a remote attacker to execute arbitrary code and obtain sensitive information via the admin Password Change Function.https://nvd.nist.gov/vuln/detail/CVE-2023-44811
CVE-2023-5461A vulnerability was found in Delta Electronics WPLSoft 2.51. It has been classified as problematic. Affected is an unknown function of the component Modbus Handler. The manipulation leads to cleartext transmission of sensitive information. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-241584. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.https://nvd.nist.gov/vuln/detail/CVE-2023-5461
CVE-2022-36228Nokelock Smart padlock O1 Version 5.3.0 is vulnerable to Insecure Permissions. By sending a request, you can add any device and set the device password in the Nokelock app.https://nvd.nist.gov/vuln/detail/CVE-2022-36228
CVE-2022-3728A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under specific circumstances which could allow unauthorized access. https://nvd.nist.gov/vuln/detail/CVE-2022-3728
CVE-2022-48182A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under specific circumstances which could allow unauthorized access. https://nvd.nist.gov/vuln/detail/CVE-2022-48182
CVE-2022-48183A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under specific circumstances which could allow unauthorized access. https://nvd.nist.gov/vuln/detail/CVE-2022-48183
CVE-2023-43271Incorrect access control in 70mai a500s v1.2.119 allows attackers to directly access and delete the video files of the driving recorder through ftp and other protocols.https://nvd.nist.gov/vuln/detail/CVE-2023-43271
CVE-2023-44812Cross Site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the admin_redirect_url parameter of the user login function.https://nvd.nist.gov/vuln/detail/CVE-2023-44812
CVE-2023-44813Cross Site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the mode parameter of the invite friend login function.https://nvd.nist.gov/vuln/detail/CVE-2023-44813
CVE-2023-43641libcue provides an API for parsing and extracting data from CUE sheets. Versions 2.2.1 and prior are vulnerable to out-of-bounds array access. A user of the GNOME desktop environment can be exploited by downloading a cue sheet from a malicious webpage. Because the file is saved to `~/Downloads`, it is then automatically scanned by tracker-miners. And because it has a .cue filename extension, tracker-miners use libcue to parse the file. The file exploits the vulnerability in libcue to gain code execution.https://nvd.nist.gov/vuln/detail/CVE-2023-43641
CVE-2023-43899hansun CMS v1.0 was discovered to contain a SQL injection vulnerability via the component /ajax/ajax_login.ashx.https://nvd.nist.gov/vuln/detail/CVE-2023-43899
CVE-2023-5462A vulnerability was found in XINJE XD5E-30R-E 3.5.3b. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Modbus Handler. The manipulation leads to denial of service. The exploit has been disclosed to the public and may be used. The identifier VDB-241585 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.https://nvd.nist.gov/vuln/detail/CVE-2023-5462
CVE-2023-5463A vulnerability was found in XINJE XDPPro up to 3.7.17a. It has been rated as critical. Affected by this issue is some unknown functionality in the library cfgmgr32.dll. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. VDB-241586 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.https://nvd.nist.gov/vuln/detail/CVE-2023-5463
CVE-2023-44846An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_ notify.php component.https://nvd.nist.gov/vuln/detail/CVE-2023-44846
CVE-2023-44847An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_ Weixin.php component.https://nvd.nist.gov/vuln/detail/CVE-2023-44847
CVE-2023-44848An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_template.php component.https://nvd.nist.gov/vuln/detail/CVE-2023-44848
CVE-2023-5471A vulnerability, which was classified as critical, was found in codeprojects Farmacia 1.0. Affected is an unknown function of the file index.php. The manipulation of the argument usario/senha leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-241608.https://nvd.nist.gov/vuln/detail/CVE-2023-5471
CVE-2023-40310SAP PowerDesigner Client - version 16.7, does not sufficiently validate BPMN2 XML document imported from an untrusted source. As a result, URLs of external entities in BPMN2 file, although not used, would be accessed during import. A successful attack could impact availability of SAP PowerDesigner Client. https://nvd.nist.gov/vuln/detail/CVE-2023-40310
CVE-2023-41365SAP Business One (B1i) - version 10.0, allows an authorized attacker to retrieve the details stack trace of the fault message to conduct the XXE injection, which will lead to information disclosure. After successful exploitation, an attacker can cause limited impact on the confidentiality and no impact to the integrity and availability. https://nvd.nist.gov/vuln/detail/CVE-2023-41365
CVE-2023-42473S/4HANA Manage (Withholding Tax Items) - version 106, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges which has low impact on the confidentiality and integrity of the application. https://nvd.nist.gov/vuln/detail/CVE-2023-42473
CVE-2023-42474SAP BusinessObjects Web Intelligence - version 420, has a URL with parameter that could be vulnerable to XSS attack. The attacker could send a malicious link to a user that would possibly allow an attacker to retrieve the sensitive information. https://nvd.nist.gov/vuln/detail/CVE-2023-42474
CVE-2023-42475The Statutory Reporting application has a vulnerable file storage location, potentially enabling low privileged attacker to read server files with minimal impact on confidentiality. https://nvd.nist.gov/vuln/detail/CVE-2023-42475
CVE-2023-42477SAP NetWeaver AS Java (GRMG Heartbeat application) - version 7.50, allows an attacker to send a crafted request from a vulnerable web application, causing limited impact on confidentiality and integrity of the application. https://nvd.nist.gov/vuln/detail/CVE-2023-42477
CVE-2020-18336Cross Site Scripting (XSS) vulnerability found in Typora v.0.9.65 allows a remote attacker to obtain sensitive information via the PDF file exporting function.https://nvd.nist.gov/vuln/detail/CVE-2020-18336
CVE-2023-42189Insecure Permissions vulnerability in Connectivity Standards Alliance Matter Official SDK v.1.1.0.0 , Nanoleaf Light strip v.3.5.10, Govee LED Strip v.3.00.42, switchBot Hub2 v.1.0-0.8, Phillips hue hub v.1.59.1959097030, and yeelight smart lamp v.1.12.69 allows a remote attacker to cause a denial of service via a crafted script to the KeySetRemove function.https://nvd.nist.gov/vuln/detail/CVE-2023-42189
CVE-2023-44826Cross Site Scripting vulnerability in ZenTaoPMS v.18.6 allows a local attacker to obtain sensitive information via a crafted script.https://nvd.nist.gov/vuln/detail/CVE-2023-44826
CVE-2023-44827An issue in ZenTao Community Edition v.18.6 and before, ZenTao Biz v.8.6 and before, ZenTao Max v.4.7 and before allows an attacker to execute arbitrary code via a crafted script to the Office Conversion Settings function.https://nvd.nist.gov/vuln/detail/CVE-2023-44827
CVE-2023-44959An issue found in D-Link DSL-3782 v.1.03 and before allows remote authenticated users to execute arbitrary code as root via the Router IP Address fields of the network settings page.https://nvd.nist.gov/vuln/detail/CVE-2023-44959
CVE-2023-45208A command injection in the parsing_xml_stasurvey function inside libcgifunc.so of the D-Link DAP-X1860 repeater 1.00 through 1.01b05-01 allows attackers (within range of the repeater) to run shell commands as root during the setup process of the repeater, via a crafted SSID. Also, network names containing single quotes (in the range of the repeater) can result in a denial of service.https://nvd.nist.gov/vuln/detail/CVE-2023-45208
CVE-2023-41684Cross-Site Request Forgery (CSRF) vulnerability in Felix Welberg SIS Handball plugin <= 1.0.45 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-41684
CVE-2023-41694Cross-Site Request Forgery (CSRF) vulnerability in Realbig Team Realbig For WordPress plugin <= 1.0.3 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-41694
CVE-2023-41697Cross-Site Request Forgery (CSRF) vulnerability in Nikunj Soni Easy WP Cleaner plugin <= 1.9 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-41697
CVE-2023-41730Cross-Site Request Forgery (CSRF) vulnerability in SendPress Newsletters plugin <= 1.22.3.31 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-41730
CVE-2023-41850Cross-Site Request Forgery (CSRF) vulnerability in Morris Bryant, Ruben Sargsyan Outbound Link Manager plugin <= 1.2 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-41850
CVE-2023-41851Cross-Site Request Forgery (CSRF) vulnerability in Dotsquares WP Custom Post Template <= 1.0 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-41851
CVE-2023-41852Cross-Site Request Forgery (CSRF) vulnerability in MailMunch MailMunch – Grow your Email List plugin <= 3.1.2 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-41852
CVE-2023-41853Cross-Site Request Forgery (CSRF) vulnerability in WP iCal Availability plugin <= 1.0.3 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-41853
CVE-2023-41854Cross-Site Request Forgery (CSRF) vulnerability in Softaculous Ltd. WpCentral plugin <= 1.5.7 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-41854
CVE-2023-41858Cross-Site Request Forgery (CSRF) vulnerability in Ashok Rane Order Delivery Date for WP e-Commerce plugin <= 1.2 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-41858
CVE-2023-41876Cross-Site Request Forgery (CSRF) vulnerability in Hardik Kalathiya WP Gallery Metabox plugin <= 1.0.0 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-41876
CVE-2023-44257Cross-Site Request Forgery (CSRF) vulnerability in Hometory Mang Board WP plugin <= 1.7.6 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-44257
CVE-2023-44259Cross-Site Request Forgery (CSRF) vulnerability in Mediavine Mediavine Control Panel plugin <= 2.10.2 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-44259
CVE-2023-44261Cross-Site Request Forgery (CSRF) vulnerability in Dinesh Karki Block Plugin Update plugin <= 3.3 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-44261
CVE-2023-5498Cross-Site Request Forgery (CSRF) in GitHub repository chiefonboarding/chiefonboarding prior to v2.0.47.https://nvd.nist.gov/vuln/detail/CVE-2023-5498
CVE-2023-44763Concrete CMS v9.2.1 is affected by Arbitrary File Upload vulnerability via the Thumbnail" file upload, which allows Cross-Site Scripting (XSS).https://nvd.nist.gov/vuln/detail/CVE-2023-44763
CVE-2023-43785A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system.https://nvd.nist.gov/vuln/detail/CVE-2023-43785
CVE-2023-43786A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition.https://nvd.nist.gov/vuln/detail/CVE-2023-43786
CVE-2023-43787A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges.https://nvd.nist.gov/vuln/detail/CVE-2023-43787
CVE-2023-43788A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer() function. This flaw allows a local to trigger an out-of-bounds read error and read the contents of memory on the system.https://nvd.nist.gov/vuln/detail/CVE-2023-43788
CVE-2023-30801All versions of the qBittorrent client through 4.5.5 use default credentials when the web user interface is enabled. The administrator is not forced to change the default credentials. As of 4.5.5, this issue has not been fixed. A remote attacker can use the default credentials to authenticate and execute arbitrary operating system commands using the "external program" feature in the web user interface. This was reportedly exploited in the wild in March 2023. https://nvd.nist.gov/vuln/detail/CVE-2023-30801
CVE-2023-44241Cross-Site Request Forgery (CSRF) vulnerability in Keap Keap Landing Pages plugin <= 1.4.2 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-44241
CVE-2023-44470Cross-Site Request Forgery (CSRF) vulnerability in Kvvaradha Kv TinyMCE Editor Add Fonts plugin <= 1.1 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-44470
CVE-2023-44487The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.https://nvd.nist.gov/vuln/detail/CVE-2023-44487
CVE-2023-4966Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server. https://nvd.nist.gov/vuln/detail/CVE-2023-4966
CVE-2023-5488A vulnerability was found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. It has been rated as critical. Affected by this issue is some unknown functionality of the file /sysmanage/updatelib.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-241640. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.https://nvd.nist.gov/vuln/detail/CVE-2023-5488
CVE-2023-5499Information exposure vulnerability in Shenzhen Reachfar v28, the exploitation of which could allow a remote attacker to retrieve all the week's logs stored in the 'log2' directory. An attacker could retrieve sensitive information such as remembered wifi networks, sent messages, SOS device locations and device configurations.https://nvd.nist.gov/vuln/detail/CVE-2023-5499
CVE-2023-30802The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to a source code disclosure vulnerability. A remote and unauthenticated attacker can obtain PHP source code by sending an HTTP request with an invalid Content-Length field. https://nvd.nist.gov/vuln/detail/CVE-2023-30802
CVE-2023-30803The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can bypass authentication and access administrative functionality by sending HTTP requests using a crafted Y-forwarded-for header. https://nvd.nist.gov/vuln/detail/CVE-2023-30803
CVE-2023-30804The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authenticated file disclosure vulnerability. A remote and authenticated attacker can read arbitrary system files using the svpn_html/loadfile.php endpoint. This issue is exploitable by a remote and unauthenticated attacker when paired with CVE-2023-30803. https://nvd.nist.gov/vuln/detail/CVE-2023-30804
CVE-2023-30805The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /LogInOut.php endpoint. This is due to mishandling of shell meta-characters in the "un" parameter. https://nvd.nist.gov/vuln/detail/CVE-2023-30805
CVE-2023-30806The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /cgi-bin/login.cgi endpoint. This is due to mishandling of shell meta-characters in the PHPSESSID cookie. https://nvd.nist.gov/vuln/detail/CVE-2023-30806
CVE-2023-44471Cross-Site Request Forgery (CSRF) vulnerability in Bernhard Kau Backend Localization plugin <= 2.1.10 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-44471
CVE-2023-44475Cross-Site Request Forgery (CSRF) vulnerability in Michael Simpson Add Shortcodes Actions And Filters plugin <= 2.0.9 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-44475
CVE-2023-44476Cross-Site Request Forgery (CSRF) vulnerability in Andres Felipe Perea V. CopyRightPro plugin <= 2.1 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-44476
CVE-2023-44994Cross-Site Request Forgery (CSRF) vulnerability in Bainternet ShortCodes UI plugin <= 1.9.8 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-44994
CVE-2023-5489A vulnerability classified as critical has been found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. This affects an unknown part of the file /Tool/uploadfile.php. The manipulation of the argument file_upload leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-241641 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.https://nvd.nist.gov/vuln/detail/CVE-2023-5489
CVE-2023-5490A vulnerability classified as critical was found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. This vulnerability affects unknown code of the file /useratte/userattestation.php. The manipulation of the argument web_img leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-241642 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.https://nvd.nist.gov/vuln/detail/CVE-2023-5490
CVE-2023-5491A vulnerability, which was classified as critical, has been found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. This issue affects some unknown processing of the file /sysmanage/updatelib.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-241643. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.https://nvd.nist.gov/vuln/detail/CVE-2023-5491
CVE-2023-43896A buffer overflow in Macrium Reflect 8.1.7544 and below allows attackers to escalate privileges or execute arbitrary code.https://nvd.nist.gov/vuln/detail/CVE-2023-43896
CVE-2023-44995Cross-Site Request Forgery (CSRF) vulnerability in WP Doctor WooCommerce Login Redirect plugin <= 2.2.4 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-44995
CVE-2023-44996Cross-Site Request Forgery (CSRF) vulnerability in Naresh Parmar Post View Count plugin <= 1.8.2 versions.https://nvd.nist.gov/vuln/detail/CVE-2023-44996
CVE-2023-5492A vulnerability, which was classified as critical, was found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. Affected is an unknown function of the file /sysmanage/licence.php. The manipulation of the argument file_upload leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-241644. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.https://nvd.nist.gov/vuln/detail/CVE-2023-5492
CVE-2023-5493A vulnerability has been found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /useratte/web.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-241645 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.https://nvd.nist.gov/vuln/detail/CVE-2023-5493
CVE-2023-5494A vulnerability was found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928 and classified as critical. Affected by this issue is some unknown functionality of the file /log/download.php. The manipulation of the argument file leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-241646 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.https://nvd.nist.gov/vuln/detail/CVE-2023-5494
CVE-2020-27213An issue was discovered in Ethernut Nut/OS 5.1. The code that generates Initial Sequence Numbers (ISNs) for TCP connections derives the ISN from an insufficiently random source. As a result, an attacker may be able to determine the ISN of current and future TCP connections and either hijack existing ones or spoof future ones. While the ISN generator seems to adhere to RFC 793 (where a global 32-bit counter is incremented roughly every 4 microseconds), proper ISN generation should aim to follow at least the specifications outlined in RFC 6528.https://nvd.nist.gov/vuln/detail/CVE-2020-27213
CVE-2020-27630In Silicon Labs uC/TCP-IP 3.6.0, TCP ISNs are improperly random.https://nvd.nist.gov/vuln/detail/CVE-2020-27630
CVE-2020-27631In Oryx CycloneTCP 1.9.6, TCP ISNs are improperly random.https://nvd.nist.gov/vuln/detail/CVE-2020-27631
CVE-2020-27633In FNET 4.6.3, TCP ISNs are improperly random.https://nvd.nist.gov/vuln/detail/CVE-2020-27633
CVE-2020-27634In Contiki 4.5, TCP ISNs are improperly random.https://nvd.nist.gov/vuln/detail/CVE-2020-27634
CVE-2020-27635In PicoTCP 1.7.0, TCP ISNs are improperly random.https://nvd.nist.gov/vuln/detail/CVE-2020-27635
CVE-2020-27636In Microchip MPLAB Net 3.6.1, TCP ISNs are improperly random.https://nvd.nist.gov/vuln/detail/CVE-2020-27636
CVE-2022-22298A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiIsolator version 1.0.0, FortiIsolator version 1.1.0, FortiIsolator version 1.2.0 through 1.2.2, FortiIsolator version 2.0.0 through 2.0.1, FortiIsolator version 2.1.0 through 2.1.2, FortiIsolator version 2.2.0, FortiIsolator version 2.3.0 through 2.3.4 allows attacker to execute arbitrary OS commands in the underlying shell via specially crafted input parameters.https://nvd.nist.gov/vuln/detail/CVE-2022-22298
CVE-2023-25604An insertion of sensitive information into log file vulnerability in Fortinet FortiGuest 1.0.0 allows a local attacker to access plaintext passwords in the RADIUS logs.https://nvd.nist.gov/vuln/detail/CVE-2023-25604
CVE-2023-25607An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78 ] in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions, FortiAnalyzer 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions and FortiADC 7.1.0, 7.0.0 through 7.0.3, 6.2 all versions, 6.1 all versions, 6.0 all versions management interface may allow an authenticated attacker with at least READ permissions on system settings to execute arbitrary commands on the underlying shell due to an unsafe usage of the wordexp function.https://nvd.nist.gov/vuln/detail/CVE-2023-25607
CVE-2023-33301An improper access control vulnerability in Fortinet FortiOS 7.2.0 - 7.2.4 and 7.4.0 allows an attacker to access a restricted resource from a non trusted host.https://nvd.nist.gov/vuln/detail/CVE-2023-33301
CVE-2023-34985A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters.https://nvd.nist.gov/vuln/detail/CVE-2023-34985
CVE-2023-34986A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters.https://nvd.nist.gov/vuln/detail/CVE-2023-34986
CVE-2023-34987A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters.https://nvd.nist.gov/vuln/detail/CVE-2023-34987
CVE-2023-34988A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters.https://nvd.nist.gov/vuln/detail/CVE-2023-34988
CVE-2023-34989A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters.https://nvd.nist.gov/vuln/detail/CVE-2023-34989
CVE-2023-34992A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.0.0 and 6.7.0 through 6.7.5 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.1 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via crafted API requests.https://nvd.nist.gov/vuln/detail/CVE-2023-34992
CVE-2023-34993A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters.https://nvd.nist.gov/vuln/detail/CVE-2023-34993
CVE-2023-36478Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. `MetaDataBuilder.java` determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded. However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. `(_size+length)` will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. Users of HTTP/2 can be impacted by a remote denial of service attack. The issue has been fixed in versions 11.0.16, 10.0.16, and 9.4.53. There are no known workarounds.https://nvd.nist.gov/vuln/detail/CVE-2023-36478
CVE-2023-36547A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters.https://nvd.nist.gov/vuln/detail/CVE-2023-36547
CVE-2023-36548A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters.https://nvd.nist.gov/vuln/detail/CVE-2023-36548
CVE-2023-36549A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters.https://nvd.nist.gov/vuln/detail/CVE-2023-36549
CVE-2023-36550A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters.https://nvd.nist.gov/vuln/detail/CVE-2023-36550
CVE-2023-36555An improper neutralization of script-related html tags in a web page (basic xss) in Fortinet FortiOS 7.2.0 - 7.2.4 allows an attacker to execute unauthorized code or commands via the SAML and Security Fabric components.https://nvd.nist.gov/vuln/detail/CVE-2023-36555
CVE-2023-36556An incorrect authorization vulnerability [CWE-863] in FortiMail webmail version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.5 and below 6.4.7 allows an authenticated attacker to login on other users accounts from the same web domain via crafted HTTP or HTTPs requests.https://nvd.nist.gov/vuln/detail/CVE-2023-36556
CVE-2023-36637An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiMail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to inject HTML tags in FortiMail's calendar via input fields.https://nvd.nist.gov/vuln/detail/CVE-2023-36637
CVE-2023-37935A use of GET request method with sensitive query strings vulnerability in Fortinet FortiOS 7.0.0 - 7.0.12, 7.2.0 - 7.2.5 and 7.4.0 allows an attacker to view plaintext passwords of remote services such as RDP or VNC, if the attacker is able to read the GET requests to those services.https://nvd.nist.gov/vuln/detail/CVE-2023-37935
CVE-2023-37939An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Windows 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions, Linux 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions and Mac 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions, 6.2 all versions, may allow a local authenticated attacker with no Administrative privileges to retrieve the list of files or folders excluded from malware scanning.https://nvd.nist.gov/vuln/detail/CVE-2023-37939
CVE-2023-40718A interpretation conflict in Fortinet IPS Engine versions 7.321, 7.166 and 6.158 allows attacker to evade IPS features via crafted TCP packets.https://nvd.nist.gov/vuln/detail/CVE-2023-40718
CVE-2023-41675A use after free vulnerability [CWE-416] in FortiOS version 7.2.0 through 7.2.4 and version 7.0.0 through 7.0.10 and FortiProxy version 7.2.0 through 7.2.2 and version 7.0.0 through 7.0.8 may allow an unauthenticated remote attacker to crash the WAD process via multiple crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection.https://nvd.nist.gov/vuln/detail/CVE-2023-41675
CVE-2023-41679An improper access control vulnerability [CWE-284] in FortiManager management interface 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions may allow a remote and authenticated attacker with at least "device management" permission on his profile and belonging to a specific ADOM to add and delete CLI script on other ADOMshttps://nvd.nist.gov/vuln/detail/CVE-2023-41679
CVE-2023-41838An improper neutralization of special elements used in an os command ('os command injection') in FortiManager 7.4.0 and 7.2.0 through 7.2.3 may allow attacker to execute unauthorized code or commands via FortiManager cli.https://nvd.nist.gov/vuln/detail/CVE-2023-41838
CVE-2023-41841An improper authorization vulnerability in Fortinet FortiOS 7.0.0 - 7.0.11 and 7.2.0 - 7.2.4 allows an attacker belonging to the prof-admin profile to perform elevated actions.https://nvd.nist.gov/vuln/detail/CVE-2023-41841
CVE-2023-42782A insufficient verification of data authenticity vulnerability [CWE-345] in FortiAnalyzer version 7.4.0 and below 7.2.3 allows a remote unauthenticated attacker to send messages to the syslog server of FortiAnalyzer via the knoweldge of an authorized device serial number.https://nvd.nist.gov/vuln/detail/CVE-2023-42782
CVE-2023-42787A client-side enforcement of server-side security [CWE-602] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 may allow a remote attacker with low privileges to access a privileged web console via client side code execution.https://nvd.nist.gov/vuln/detail/CVE-2023-42787
CVE-2023-42788An improper neutralization of special elements used in an os command ('OS Command Injection') vulnerability [CWE-78] in FortiManager & FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.8, version 6.4.0 through 6.4.12 and version 6.2.0 through 6.2.11 may allow a local attacker with low privileges to execute unauthorized code via specifically crafted arguments to a CLI commandhttps://nvd.nist.gov/vuln/detail/CVE-2023-42788
CVE-2023-44249An authorization bypass through user-controlled key [CWE-639] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 allows a remote attacker with low privileges to read sensitive information via crafted HTTP requests.https://nvd.nist.gov/vuln/detail/CVE-2023-44249
CVE-2023-44399ZITADEL provides identity infrastructure. In versions 2.37.2 and prior, ZITADEL administrators can enable a setting called "Ignoring unknown usernames" which helps mitigate attacks that try to guess/enumerate usernames. While this settings was properly working during the authentication process it did not work correctly on the password reset flow. This meant that even if this feature was active that an attacker could use the password reset function to verify if an account exist within ZITADEL. This bug has been patched in versions 2.37.3 and 2.38.0. No known workarounds are available.https://nvd.nist.gov/vuln/detail/CVE-2023-44399
CVE-2023-5495A vulnerability was found in QDocs Smart School 6.4.1. It has been classified as critical. This affects an unknown part of the file /course/filterRecords/ of the component HTTP POST Request Handler. The manipulation of the argument searchdata[0][title]/searchdata[0][searchfield]/searchdata[0][searchvalue] leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-241647. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.https://nvd.nist.gov/vuln/detail/CVE-2023-5495
CVE-2023-5496A vulnerability was found in Translator PoqDev Add-On 1.0.11 on Firefox. It has been rated as problematic. This issue affects some unknown processing of the component Select Text Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-241649 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.https://nvd.nist.gov/vuln/detail/CVE-2023-5496
CVE-2023-42794Incomplete Cleanup vulnerability in Apache Tomcat. The internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, in progress refactoring that exposed a potential denial of service on Windows if a web application opened a stream for an uploaded file but failed to close the stream. The file would never be deleted from disk creating the possibility of an eventual denial of service due to the disk being full. Users are recommended to upgrade to version 9.0.81 onwards or 8.5.94 onwards, which fixes the issue. https://nvd.nist.gov/vuln/detail/CVE-2023-42794
CVE-2023-42795Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue. https://nvd.nist.gov/vuln/detail/CVE-2023-42795
CVE-2023-45129Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Prior to version 1.94.0, a malicious server ACL event can impact performance temporarily or permanently leading to a persistent denial of service. Homeservers running on a closed federation (which presumably do not need to use server ACLs) are not affected. Server administrators are advised to upgrade to Synapse 1.94.0 or later. As a workaround, rooms with malicious server ACL events can be purged and blocked using the admin API.https://nvd.nist.gov/vuln/detail/CVE-2023-45129
CVE-2023-4309Election Services Co. (ESC) Internet Election Service is vulnerable to SQL injection in multiple pages and parameters. These vulnerabilities allow an unauthenticated, remote attacker to read or modify data for any elections that share the same backend database. ESC deactivated older and unused elections and enabled web application firewall (WAF) protection for current and future elections on or around 2023-08-12. https://nvd.nist.gov/vuln/detail/CVE-2023-4309
CVE-2023-5497A vulnerability classified as critical has been found in Tongda OA 2017 11.10. Affected is an unknown function of the file general/hr/salary/welfare_manage/delete.php. The manipulation of the argument WELFARE_ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-241650 is the identifier assigned to this vulnerability.https://nvd.nist.gov/vuln/detail/CVE-2023-5497
CVE-2023-31096An issue was discovered in Broadcom) LSI PCI-SV92EX Soft Modem Kernel Driver through 2.2.100.1 (aka AGRSM64.sys). There is Local Privilege Escalation to SYSTEM via a Stack Overflow in RTLCopyMemory (IOCTL 0x1b2150). An attacker can exploit this to elevate privileges from a medium-integrity process to SYSTEM. This can also be used to bypass kernel-level protections such as AV or PPL, because exploit code runs with high-integrity privileges and can be used in coordinated BYOVD (bring your own vulnerable driver) ransomware campaigns.https://nvd.nist.gov/vuln/detail/CVE-2023-31096
CVE-2023-45648Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue. https://nvd.nist.gov/vuln/detail/CVE-2023-45648
CVE-2023-45312In the mtproto_proxy (aka MTProto proxy) component through 0.7.2 for Erlang, a low-privileged remote attacker can access an improperly secured default installation without authenticating and achieve remote command execution ability.https://nvd.nist.gov/vuln/detail/CVE-2023-45312
CVE-2023-36126There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Appointment Scheduler v3.0https://nvd.nist.gov/vuln/detail/CVE-2023-36126
CVE-2023-36127User enumeration is found in in PHPJabbers Appointment Scheduler 3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.https://nvd.nist.gov/vuln/detail/CVE-2023-36127
CVE-2023-26220The Spotfire Library component of TIBCO Software Inc.'s Spotfire Analyst and Spotfire Server contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s Spotfire Analyst: versions 11.4.7 and below, versions 11.5.0, 11.6.0, 11.7.0, 11.8.0, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4, versions 12.1.0 and 12.1.1 and Spotfire Server: versions 11.4.11 and below, versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.7.0, 11.8.0, 11.8.1, 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.0.4, and 12.0.5, versions 12.1.0 and 12.1.1. https://nvd.nist.gov/vuln/detail/CVE-2023-26220