Published on 11 Oct 2023
SingCERT's Security Bulletin summarises the list of vulnerabilities collated from the National Institute of Standards and Technology (NIST)'s National Vulnerability Database (NVD) in the past week.
The vulnerabilities are tabled based on severity, in accordance to their CVSSv3 base scores:
Critical | vulnerabilities with a base score of 9.0 to 10.0 |
High | vulnerabilities with a base score of 7.0 to 8.9 |
Medium | vulnerabilities with a base score of 4.0 to 6.9 |
Low | vulnerabilities with a base score of 0.1 to 3.9 |
None | vulnerabilities with a base score of 0.0 |
For those vulnerabilities without assigned CVSS scores, please visit NVD for the updated CVSS vulnerability entries.
CVE Number | Description | Base Score | Reference |
---|---|---|---|
CVE-2023-2564 | OS Command Injection in GitHub repository sbs20/scanservjs prior to v2.27.0. | 10 | https://nvd.nist.gov/vuln/detail/CVE-2023-2564 |
CVE-2022-36648 | The hardware emulation in the of_dpa_cmd_add_l2_flood of rocker device model in QEMU, as used in 7.0.0 and earlier, allows remote attackers to crash the host qemu and potentially execute code on the host via execute a malformed program in the guest OS. | 10 | https://nvd.nist.gov/vuln/detail/CVE-2022-36648 |
CVE-2023-41373 | A directory traversal vulnerability exists in the BIG-IP Configuration Utility that may allow an authenticated attacker to execute commands on the BIG-IP system. For BIG-IP system running in Appliance mode, a successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 9.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-41373 |
CVE-2016-6354 | Heap-based buffer overflow in the yy_get_next_buffer function in Flex before 2.6.1 might allow context-dependent attackers to cause a denial of service or possibly execute arbitrary code via vectors involving num_to_read. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2016-6354 |
CVE-2021-1300 | Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-1300 |
CVE-2021-1301 | Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-1301 |
CVE-2020-36062 | Dairy Farm Shop Management System v1.0 was discovered to contain hardcoded credentials in the source code which allows attackers access to the control panel if compromised. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-36062 |
CVE-2022-29528 | An issue was discovered in MISP before 2.4.158. PHAR deserialization can occur. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-29528 |
CVE-2022-29006 | Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Directory Management System v1.0 allows attackers to bypass authentication. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-29006 |
CVE-2022-29007 | Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Dairy Farm Shop Management System v1.0 allows attackers to bypass authentication. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-29007 |
CVE-2022-29009 | Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Cyber Cafe Management System Project v1.0 allows attackers to bypass authentication. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-29009 |
CVE-2022-31382 | Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter in search-dirctory.php. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-31382 |
CVE-2022-31383 | Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter in view-directory.php. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-31383 |
CVE-2022-31384 | Directory Management System v1.0 was discovered to contain a SQL injection vulnerability via the fullname parameter in add-directory.php. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-31384 |
CVE-2022-41352 | An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a cpio loophole (extraction to /opt/zimbra/jetty/webapps/zimbra/public) that can lead to incorrect access to any other user accounts. Zimbra recommends pax over cpio. Also, pax is in the prerequisites of Zimbra on Ubuntu; however, pax is no longer part of a default Red Hat installation after RHEL 6 (or CentOS 6). Once pax is installed, amavis automatically prefers it over cpio. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-41352 |
CVE-2022-40944 | Dairy Farm Shop Management System 1.0 is vulnerable to SQL Injection via sales-report-ds.php file. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-40944 |
CVE-2022-40943 | Dairy Farm Shop Management System 1.0 is vulnerable to SQL Injection via bwdate-report-ds.php file. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-40943 |
CVE-2022-3671 | A vulnerability classified as critical was found in SourceCodester eLearning System 1.0. This vulnerability affects unknown code of the file /admin/students/manage.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-212014 is the identifier assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-3671 |
CVE-2022-44640 | Heimdal before 7.7.1 allows remote attackers to execute arbitrary code because of an invalid free in the ASN.1 codec used by the Key Distribution Center (KDC). | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-44640 |
CVE-2022-48328 | app/Controller/Component/IndexFilterComponent.php in MISP before 2.4.167 mishandles ordered_url_params and additional_delimiters. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-48328 |
CVE-2023-1283 | Code Injection in GitHub repository builderio/qwik prior to 0.21.0. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1283 |
CVE-2023-1177 | Path Traversal: '\\..\\filename' in GitHub repository mlflow/mlflow prior to 2.2.1. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1177 |
CVE-2022-46387 | ConEmu through 220807 and Cmder before 1.3.21 report the title of the terminal, including control characters, which allows an attacker to change the title and then execute it as commands. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-46387 |
CVE-2023-1826 | A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. This affects an unknown part of the file php-ocls\\admin\\system_info\\index.php. The manipulation of the argument img leads to unrestricted upload. It is possible to initiate the attack remotely. The identifier VDB-224841 was assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1826 |
CVE-2023-1942 | A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/?page=user of the component Avatar Handler. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225319. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1942 |
CVE-2023-1951 | A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. Affected by this issue is the function delete_brand of the file /admin/maintenance/brand.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-225338 is the identifier assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1951 |
CVE-2023-1952 | A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been classified as critical. This affects an unknown part of the file /?p=products of the component Product Search. The manipulation of the argument search leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225339. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1952 |
CVE-2023-1955 | A vulnerability classified as critical has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected is an unknown function of the file login.php of the component User Registration. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225342 is the identifier assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1955 |
CVE-2023-1958 | A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. This affects an unknown part of the file /classes/Master.php?f=delete_sub_category. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225345 was assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1958 |
CVE-2023-2658 | A vulnerability, which was classified as critical, has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this issue is some unknown functionality of the file products.php. The manipulation of the argument c leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-228800. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2658 |
CVE-2023-2659 | A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. This affects an unknown part of the file view_product.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228801 was assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2659 |
CVE-2023-2660 | A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. This vulnerability affects unknown code of the file view_categories.php. The manipulation of the argument c leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-228802 is the identifier assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2660 |
CVE-2023-2661 | A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. This issue affects some unknown processing of the file /classes/Master.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228803. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2661 |
CVE-2023-31857 | Sourcecodester Online Computer and Laptop Store 1.0 allows unrestricted file upload and can lead to remote code execution. The vulnerability path is /classes/Users.php?f=save. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-31857 |
CVE-2023-31704 | Sourcecodester Online Computer and Laptop Store 1.0 is vulnerable to Incorrect Access Control, which allows remote attackers to elevate privileges to the administrator's role. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-31704 |
CVE-2023-38997 | A directory traversal vulnerability in the Captive Portal templates of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary system commands as root via a crafted ZIP archive. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-38997 |
CVE-2023-39001 | A command injection vulnerability in the component diag_backup.php of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary commands via a crafted backup configuration file. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-39001 |
CVE-2023-39004 | Insecure permissions in the configuration directory (/conf/) of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allow attackers to access sensitive information (e.g., hashed root password) which could lead to privilege escalation. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-39004 |
CVE-2023-39008 | A command injection vulnerability in the component /api/cron/settings/setJob/ of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary system commands. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-39008 |
CVE-2022-48565 | An XML External Entity (XXE) issue was discovered in Python through 3.9.1. The plistlib module no longer accepts entity declarations in XML plist files to avoid XML vulnerabilities. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-48565 |
CVE-2023-39355 | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Versions of FreeRDP on the 3.x release branch before beta3 are subject to a Use-After-Free in processing `RDPGFX_CMDID_RESETGRAPHICS` packets. If `context->maxPlaneSize` is 0, `context->planesBuffer` will be freed. However, without updating `context->planesBuffer`, this leads to a Use-After-Free exploit vector. In most environments this should only result in a crash. This issue has been addressed in version 3.0.0-beta3 and users of the beta 3.x releases are advised to upgrade. There are no known workarounds for this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-39355 |
CVE-2023-39352 | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an invalid offset validation leading to Out Of Bound Write. This can be triggered when the values `rect->left` and `rect->top` are exactly equal to `surface->width` and `surface->height`. eg. `rect->left` == `surface->width` && `rect->top` == `surface->height`. In practice this should cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-39352 |
CVE-2023-40186 | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an IntegerOverflow leading to Out-Of-Bound Write Vulnerability in the `gdi_CreateSurface` function. This issue affects FreeRDP based clients only. FreeRDP proxies are not affected as image decoding is not done by a proxy. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40186 |
CVE-2023-40567 | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `clear_decompress_bands_data` function in which there is no offset validation. Abuse of this vulnerability may lead to an out of bounds write. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. there are no known workarounds for this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40567 |
CVE-2023-40569 | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Write in the `progressive_decompress` function. This issue is likely down to incorrect calculations of the `nXSrc` and `nYSrc` variables. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. there are no known workarounds for this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40569 |
CVE-2023-39150 | ConEmu before commit 230724 does not sanitize title responses correctly for control characters, potentially leading to arbitrary code execution. This is related to an incomplete fix for CVE-2022-46387. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-39150 |
CVE-2023-42464 | A Type Confusion vulnerability was found in the Spotlight RPC functions in afpd in Netatalk 3.1.x before 3.1.17. When parsing Spotlight RPC packets, one encoded data structure is a key-value style dictionary where the keys are character strings, and the values can be any of the supported types in the underlying protocol. Due to a lack of type checking in callers of the dalloc_value_for_key() function, which returns the object associated with a key, a malicious actor may be able to fully control the value of the pointer and theoretically achieve Remote Code Execution on the host. This issue is similar to CVE-2023-34967. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-42464 |
CVE-2023-39453 | A use-after-free vulnerability exists in the tif_parse_sub_IFD functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to arbitrary code execution. An attacker can deliver this file to trigger this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-39453 |
CVE-2023-5168 | A compromised content process could have provided malicious data to `FilterNodeD2D1` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5168 |
CVE-2023-5176 | Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5176 |
CVE-2023-5221 | A vulnerability classified as critical has been found in ForU CMS. This affects an unknown part of the file /install/index.php. The manipulation of the argument db_name leads to code injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-240363. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5221 |
CVE-2023-5222 | A vulnerability classified as critical was found in Viessmann Vitogate 300 up to 2.1.3.0. This vulnerability affects the function isValidUser of the file /cgi-bin/vitogate.cgi of the component Web Management Interface. The manipulation leads to use of hard-coded password. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240364. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5222 |
CVE-2023-20252 | A vulnerability in the Security Assertion Markup Language (SAML) APIs of Cisco Catalyst SD-WAN Manager Software could allow an unauthenticated, remote attacker to gain unauthorized access to the application as an arbitrary user. This vulnerability is due to improper authentication checks for SAML APIs. An attacker could exploit this vulnerability by sending requests directly to the SAML API. A successful exploit could allow the attacker to generate an authorization token sufficient to gain access to the application. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-20252 |
CVE-2023-5215 | A flaw was found in libnbd. A server can reply with a block size larger than 2^63 (the NBD spec states the size is a 64-bit unsigned value). This issue could lead to an application crash or other unintended behavior for NBD clients that doesn't treat the return value of the nbd_get_size() function correctly. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5215 |
CVE-2023-5053 | Hospital management system version 378c157 allows to bypass authentication. This is possible because the application is vulnerable to SQLI. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5053 |
CVE-2015-10124 | A vulnerability was found in Most Popular Posts Widget Plugin up to 0.8 on WordPress. It has been classified as critical. Affected is the function add_views/show_views of the file functions.php. The manipulation leads to sql injection. It is possible to launch the attack remotely. Upgrading to version 0.9 is able to address this issue. The patch is identified as a99667d11ac8d320006909387b100e9a8b5c12e1. It is recommended to upgrade the affected component. VDB-241026 is the identifier assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2015-10124 |
CVE-2023-4659 | Cross-Site Request Forgery vulnerability, whose exploitation could allow an attacker to perform different actions on the platform as an administrator, simply by changing the token value to "admin". It is also possible to perform POST, GET and DELETE requests without any token value. Therefore, an unprivileged remote user is able to create, delete and modify users within theapplication. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4659 |
CVE-2023-44008 | File Upload vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the File Manager function. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44008 |
CVE-2023-44009 | File Upload vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the Skin Management function. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44009 |
CVE-2023-43891 | Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the Changing Username and Password function. This vulnerability is exploited via a crafted payload. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43891 |
CVE-2023-43892 | Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the Hostname parameter within the WAN settings. This vulnerability is exploited via a crafted payload. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43892 |
CVE-2023-43893 | Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the wakeup_mac parameter in the Wake-On-LAN (WoL) function. This vulnerability is exploited via a crafted payload. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43893 |
CVE-2023-44011 | An issue in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the layout.master skin file at the Skin management component. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44011 |
CVE-2023-43980 | Presto Changeo testsitecreator up to v1.1.1 was discovered to contain a SQL injection vulnerability via the component disable_json.php. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43980 |
CVE-2023-22385 | Memory Corruption in Data Modem while making a MO call or MT VOLTE call. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22385 |
CVE-2023-24855 | Memory corruption in Modem while processing security related configuration before AS Security Exchange. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24855 |
CVE-2023-33028 | Memory corruption in WLAN Firmware while doing a memory copy of pmk cache. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-33028 |
CVE-2023-3656 | cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to 03.A06rks 2023.02.37 are affected by an unauthenticated remote code execution vulnerability. This vulnerability can be triggered by an HTTP endpoint exposed to the network. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-3656 |
CVE-2023-3654 | cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to 03.A06rks 2023.02.37 are affected by a origin bypass via the host header in an HTTP request. This vulnerability can be triggered by an HTTP endpoint exposed to the network. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-3654 |
CVE-2022-47893 | There is a remote code execution vulnerability that affects all versions of NetMan 204. A remote attacker could upload a firmware file containing a webshell, that could allow him to execute arbitrary code as root. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-47893 |
CVE-2023-40830 | Tenda AC6 v15.03.05.19 is vulnerable to Buffer Overflow as the Index parameter does not verify the length. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40830 |
CVE-2023-33268 | An issue was discovered in DTS Monitoring 3.57.0. The parameter port within the SSL Certificate check function is vulnerable to OS command injection (blind). | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-33268 |
CVE-2023-33269 | An issue was discovered in DTS Monitoring 3.57.0. The parameter options within the WGET check function is vulnerable to OS command injection (blind). | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-33269 |
CVE-2023-33270 | An issue was discovered in DTS Monitoring 3.57.0. The parameter url within the Curl check function is vulnerable to OS command injection (blind). | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-33270 |
CVE-2023-33271 | An issue was discovered in DTS Monitoring 3.57.0. The parameter common_name within the SSL Certificate check function is vulnerable to OS command injection (blind). | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-33271 |
CVE-2023-33272 | An issue was discovered in DTS Monitoring 3.57.0. The parameter ip within the Ping check function is vulnerable to OS command injection (blind). | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-33272 |
CVE-2023-33273 | An issue was discovered in DTS Monitoring 3.57.0. The parameter url within the WGET check function is vulnerable to OS command injection (blind). | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-33273 |
CVE-2023-39645 | Improper neutralization of SQL parameter in Theme Volty CMS Payment Icon module for PrestaShop. In the module “Theme Volty CMS Payment Icon” (tvcmspaymenticon) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-39645 |
CVE-2023-44973 | An arbitrary file upload vulnerability in the component /content/templates/ of Emlog Pro v2.2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44973 |
CVE-2023-44974 | An arbitrary file upload vulnerability in the component /admin/plugin.php of Emlog Pro v2.2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44974 |
CVE-2023-39646 | Improper neutralization of SQL parameter in Theme Volty CMS Category Chain Slider module for PrestaShop. In the module “Theme Volty CMS Category Chain Slide"(tvcmscategorychainslider) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-39646 |
CVE-2023-39648 | Improper neutralization of SQL parameter in Theme Volty CMS Testimonial module for PrestaShop. In the module “Theme Volty CMS Testimonial” (tvcmstestimonial) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-39648 |
CVE-2023-39649 | Improper neutralization of SQL parameter in Theme Volty CMS Category Slider module for PrestaShop. In the module “Theme Volty CMS Category Slider” (tvcmscategoryslider) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-39649 |
CVE-2023-39651 | Improper neutralization of SQL parameter in Theme Volty CMS BrandList module for PrestaShop In the module “Theme Volty CMS BrandList” (tvcmsbrandlist) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-39651 |
CVE-2023-39647 | Improper neutralization of SQL parameter in Theme Volty CMS Category Product module for PrestaShop. In the module “Theme Volty CMS Category Product” (tvcmscategoryproduct) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versions. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-39647 |
CVE-2023-37404 | IBM Observability with Instana 1.0.243 through 1.0.254 could allow an attacker on the network to execute arbitrary code on the host after a successful DNS poisoning attack. IBM X-Force ID: 259789. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-37404 |
CVE-2023-30733 | Stack-based Buffer Overflow in vulnerability HDCP trustlet prior to SMR Oct-2023 Release 1 allows attacker to perform code execution. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30733 |
CVE-2023-2809 | Plaintext credential usage vulnerability in Sage 200 Spain 2023.38.001 version, the exploitation of which could allow a remote attacker to extract SQL database credentials from the DLL application. This vulnerability could be linked to known techniques to obtain remote execution of MS SQL commands and escalate privileges on Windows systems because the credentials are stored in plaintext. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2809 |
CVE-2023-4491 | Buffer overflow vulnerability in Easy Address Book Web Server 1.6 version. The exploitation of this vulnerability could allow an attacker to send a very long username string to /searchbook.ghp, asking for the name via a POST request, resulting in arbitrary code execution on the remote machine. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4491 |
CVE-2023-4494 | Stack-based buffer overflow vulnerability in Easy Chat Server 3.1 version. An attacker could send an excessively long username string to the register.ghp file asking for the name via a GET request resulting in arbitrary code execution on the remote machine. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4494 |
CVE-2023-5373 | A vulnerability classified as critical has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected is the function register of the file Master.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-241254 is the identifier assigned to this vulnerability. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5373 |
CVE-2023-22515 | Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue. For more details, please review the linked advisory on this CVE. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22515 |
CVE-2023-5374 | A vulnerability classified as critical was found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this vulnerability is an unknown functionality of the file products.php. The manipulation of the argument c leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-241255. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5374 |
CVE-2022-36276 | TCMAN GIM v8.0.1 is vulnerable to a SQL injection via the 'SqlWhere' parameter inside the function 'BuscarESM'. The exploitation of this vulnerability might allow a remote attacker to directly interact with the database. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-36276 |
CVE-2023-20101 | A vulnerability in Cisco Emergency Responder could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted. This vulnerability is due to the presence of static user credentials for the root account that are typically reserved for use during development. An attacker could exploit this vulnerability by using the account to log in to an affected system. A successful exploit could allow the attacker to log in to the affected system and execute arbitrary commands as the root user. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-20101 |
CVE-2023-5391 | A?CWE-502:?Deserialization of untrusted data?vulnerability exists?that could allow an attacker to execute arbitrary code on the targeted system by sending a specifically crafted packet to the application. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5391 |
CVE-2023-5399 | A?CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')?vulnerability exists?that could cause?a path traversal issue?when?using the File Command. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5399 |
CVE-2023-36619 | Atos Unify OpenScape Session Border Controller through V10 R3.01.03 allows execution of administrative scripts by unauthenticated users. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36619 |
CVE-2023-41094 | TouchLink packets processed after timeout or out of range due to Operation on a Resource after Expiration and Missing Release of Resource after Effective Lifetime may allow a device to be added outside of valid TouchLink range or pairing duration This issue affects Ember ZNet 7.1.x from 7.1.3 through 7.1.5; 7.2.x from 7.2.0 through 7.2.3; Version 7.3 and later are unaffected | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41094 |
CVE-2023-35803 | IQ Engine before 10.6r2 on Extreme Network AP devices has a Buffer Overflow. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-35803 |
CVE-2023-32485 | Dell SmartFabric Storage Software version 1.3 and lower contain an improper input validation vulnerability. A remote unauthenticated attacker may exploit this vulnerability and escalate privileges up to the highest administration level. This is a critical severity vulnerability affecting user authentication. Dell recommends customers to upgrade at the earliest opportunity. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-32485 |
CVE-2023-43981 | Presto Changeo testsitecreator up to 1.1.1 was discovered to contain a deserialization vulnerability via the component delete_excluded_folder.php. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43981 |
CVE-2023-43983 | Presto Changeo attributegrid up to 2.0.3 was discovered to contain a SQL injection vulnerability via the component disable_json.php. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43983 |
CVE-2023-44024 | SQL injection vulnerability in KnowBand Module One Page Checkout, Social Login & Mailchimp (supercheckout) v.8.0.3 and before allows a remote attacker to execute arbitrary code via a crafted request to the updateCheckoutBehaviour function in the supercheckout.php component. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44024 |
CVE-2023-4530 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Turna Advertising Administration Panel allows SQL Injection.This issue affects Advertising Administration Panel: before 1.1. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4530 |
CVE-2023-38703 | PJSIP is a free and open source multimedia communication library written in C with high level API in C, C++, Java, C#, and Python languages. SRTP is a higher level media transport which is stacked upon a lower level media transport such as UDP and ICE. Currently a higher level transport is not synchronized with its lower level transport that may introduce use-after-free issue. This vulnerability affects applications that have SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media transport other than UDP. This vulnerability’s impact may range from unexpected application termination to control flow hijack/memory corruption. The patch is available as a commit in the master branch. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-38703 |
CVE-2023-43058 | IBM Robotic Process Automation 23.0.9 is vulnerable to privilege escalation that affects ownership of projects. IBM X-Force ID: 247527. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43058 |
CVE-2023-44807 | D-Link DIR-820L 1.05B03 has a stack overflow vulnerability in the cancelPing function. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44807 |
CVE-2023-5214 | In Puppet Bolt versions prior to 3.27.4, a path to escalate privileges was identified. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5214 |
CVE-2023-3725 | Potential buffer overflow vulnerability in the Zephyr CAN bus subsystem | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-3725 |
CVE-2023-36380 | A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.11 (only with activated debug support)), CP-8050 MASTER MODULE (All versions < CPCI85 V05.11 (only with activated debug support)). The affected devices contain a hard-coded ID in the SSH `authorized_keys` configuration file. An attacker with knowledge of the corresponding private key could login to the device via SSH. Only devices with activated debug support are affected. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36380 |
CVE-2023-43625 | A vulnerability has been identified in Simcenter Amesim (All versions < V2021.1). The affected application contains a SOAP endpoint that could allow an unauthenticated remote attacker to perform DLL injection and execute arbitrary code in the context of the affected application process. | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43625 |
CVE-2023-35349 | Microsoft Message Queuing Remote Code Execution Vulnerability | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-35349 |
CVE-2023-36434 | Windows IIS Server Elevation of Privilege Vulnerability | 9.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36434 |
CVE-2023-39007 | /ui/cron/item/open in the Cron component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows XSS via openAction in app/controllers/OPNsense/Cron/ItemController.php. | 9.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-39007 |
CVE-2023-39353 | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to a missing offset validation leading to Out Of Bound Read. In the `libfreerdp/codec/rfx.c` file there is no offset validation in `tile->quantIdxY`, `tile->quantIdxCb`, and `tile->quantIdxCr`. As a result crafted input can lead to an out of bounds read access which in turn will cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-39353 |
CVE-2023-39356 | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions a missing offset validation may lead to an Out Of Bound Read in the function `gdi_multi_opaque_rect`. In particular there is no code to validate if the value `multi_opaque_rect->numRectangles` is less than 45. Looping through `multi_opaque_rect->`numRectangles without proper boundary checks can lead to Out-of-Bounds Read errors which will likely lead to a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-39356 |
CVE-2023-40181 | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Integer-Underflow leading to Out-Of-Bound Read in the `zgfx_decompress_segment` function. In the context of `CopyMemory`, it's possible to read data beyond the transmitted packet range and likely cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-40181 |
CVE-2023-40188 | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `general_LumaToYUV444` function. This Out-Of-Bounds Read occurs because processing is done on the `in` variable without checking if it contains data of sufficient length. Insufficient data for the `in` variable may cause errors or crashes. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-40188 |
CVE-2023-20186 | A vulnerability in the Authentication, Authorization, and Accounting (AAA) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to bypass command authorization and copy files to or from the file system of an affected device using the Secure Copy Protocol (SCP). This vulnerability is due to incorrect processing of SCP commands in AAA command authorization checks. An attacker with valid credentials and level 15 privileges could exploit this vulnerability by using SCP to connect to an affected device from an external machine. A successful exploit could allow the attacker to obtain or change the configuration of the affected device and put files on or retrieve files from the affected device. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-20186 |
CVE-2023-5350 | SQL Injection in GitHub repository salesagility/suitecrm prior to 7.14.1. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-5350 |
CVE-2023-44208 | Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40713. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-44208 |
CVE-2023-2306 | Qognify NiceVision versions 3.1 and prior are vulnerable to exposing sensitive information using hard-coded credentials. With these credentials an attacker can retrieve information about the cameras, user information, and modify database records. | 9.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-2306 |
CVE-2023-43656 | matrix-hookshot is a Matrix bot for connecting to external services like GitHub, GitLab, JIRA, and more. Instances that have enabled transformation functions (those that have `generic.allowJsTransformationFunctions` in their config), may be vulnerable to an attack where it is possible to break out of the `vm2` sandbox and as a result Hookshot will be vulnerable to this. This problem is only likely to affect users who have allowed untrusted users to apply their own transformation functions. If you have only enabled a limited set of trusted users, this threat is reduced (though not eliminated). Version 4.5.0 and above of hookshot include a new sandbox library which should better protect users. Users are advised to upgrade. Users unable to upgrade should disable `generic.allowJsTransformationFunctions` in the config. | 9 | https://nvd.nist.gov/vuln/detail/CVE-2023-43656 |
CVE-2023-26218 | The Web Client component of TIBCO Software Inc.'s TIBCO Nimbus contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker to social engineer a legitimate user with network access to execute scripts targeting the affected system or the victim's local system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Nimbus: versions 10.6.0 and below. | 9 | https://nvd.nist.gov/vuln/detail/CVE-2023-26218 |
CVE Number | Description | Base Score | Reference |
---|---|---|---|
CVE-2019-5638 | Rapid7 Nexpose versions 6.5.50 and prior suffer from insufficient session expiration when an administrator performs a security relevant edit on an existing, logged on user. For example, if a user's password is changed by an administrator due to an otherwise unrelated credential leak, that user account's current session is still valid after the password change, potentially allowing the attacker who originally compromised the credential to remain logged in and able to cause further damage. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-5638 |
CVE-2021-1298 | Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-1298 |
CVE-2021-1299 | Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-1299 |
CVE-2021-1302 | Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information that they are not authorized to access. For more information about these vulnerabilities, see the Details section of this advisory. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-1302 |
CVE-2022-28992 | A Cross-Site Request Forgery (CSRF) in Online Banquet Booking System v1.0 allows attackers to change admin credentials via a crafted POST request. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-28992 |
CVE-2022-42898 | PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow), and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug." | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-42898 |
CVE-2023-23492 | The Login with Phone Number WordPress Plugin, version < 1.4.2, is affected by an authenticated SQL injection vulnerability in the 'ID' parameter of its 'lwp_forgot_password' action. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-23492 |
CVE-2023-0493 | Improper Neutralization of Equivalent Special Elements in GitHub repository btcpayserver/btcpayserver prior to 1.7.5. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0493 |
CVE-2023-1647 | Improper Access Control in GitHub repository calcom/cal.com prior to 2.7. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1647 |
CVE-2023-1953 | A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/sales/index.php. The manipulation of the argument date_start/date_end leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225340. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1953 |
CVE-2023-1954 | A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been rated as critical. This issue affects the function save_inventory of the file /admin/product/manage.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225341 was assigned to this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1954 |
CVE-2023-1956 | A vulnerability classified as critical was found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this vulnerability is an unknown functionality of the file /classes/Master.php?f=delete_img of the component Image Handler. The manipulation of the argument path leads to path traversal. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225343. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1956 |
CVE-2023-1957 | A vulnerability, which was classified as critical, has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this issue is some unknown functionality of the file /classes/Master.php?f=save_sub_category of the component Subcategory Handler. The manipulation of the argument sub_category leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225344. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1957 |
CVE-2023-1959 | A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. This vulnerability affects unknown code of the file /classes/Master.php?f=save_category. The manipulation of the argument category leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-225346 is the identifier assigned to this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1959 |
CVE-2023-1960 | A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. This issue affects some unknown processing of the file /classes/Master.php?f=delete_category. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225347. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1960 |
CVE-2023-2242 | A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component GET Parameter Handler. The manipulation of the argument c/s leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-227227. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2242 |
CVE-2023-22648 | A Improper Privilege Management vulnerability in SUSE Rancher causes permission changes in Azure AD not to be reflected to users while they are logged in the Rancher UI. This would cause the users to retain their previous permissions in Rancher, even if they change groups on Azure AD, for example, to a lower privileged group, or are removed from a group, thus retaining their access to Rancher instead of losing it. This issue affects Rancher: from >= 2.6.7 before < 2.6.13, from >= 2.7.0 before < 2.7.4. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22648 |
CVE-2023-32707 | In versions of Splunk Enterprise below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform below version 9.0.2303.100, a low-privileged user who holds a role that has the ‘edit_user’ capability assigned to it can escalate their privileges to that of the admin user by providing specially crafted web requests. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-32707 |
CVE-2023-39417 | IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct (dollar quoting, '', or ""). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-39417 |
CVE-2023-4354 | Heap buffer overflow in Skia in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4354 |
CVE-2023-4355 | Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.96 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4355 |
CVE-2023-38836 | File Upload vulnerability in BoidCMS v.2.0.0 allows a remote attacker to execute arbitrary code by adding a GIF header to bypass MIME type checks. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-38836 |
CVE-2020-24292 | Buffer Overflow vulnerability in load function in PluginICO.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to run arbitrary code via opening of crafted ico file. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-24292 |
CVE-2020-24293 | Buffer Overflow vulnerability in psdThumbnail::Read in PSDParser.cpp in FreeImage 3.19.0 [r1859] allows remote attackers to run arbitrary code via opening of crafted psd file. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-24293 |
CVE-2020-24295 | Buffer Overflow vulnerability in PSDParser.cpp::ReadImageLine() in FreeImage 3.19.0 [r1859] allows remote attackers to ru narbitrary code via use of crafted psd file. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-24295 |
CVE-2021-40263 | A heap overflow vulnerability in FreeImage 1.18.0 via the ofLoad function in PluginTIFF.cpp. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-40263 |
CVE-2020-24165 | An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS). | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-24165 |
CVE-2023-42331 | A file upload vulnerability in EliteCMS v1.01 allows a remote attacker to execute arbitrary code via the manage_uploads.php component. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-42331 |
CVE-2023-5002 | A flaw was found in pgAdmin. This issue occurs when the pgAdmin server HTTP API validates the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. Versions of pgAdmin prior to 7.6 failed to properly control the server code executed on this API, allowing an authenticated user to run arbitrary commands on the server. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5002 |
CVE-2023-35074 | The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, Safari 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-35074 |
CVE-2023-40044 | In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40044 |
CVE-2023-40451 | This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in Safari 17. An attacker with JavaScript execution may be able to execute arbitrary code. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40451 |
CVE-2023-20231 | A vulnerability in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker to perform an injection attack against an affected device. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to execute arbitrary Cisco IOS XE Software CLI commands with level 15 privileges. Note: This vulnerability is exploitable only if the attacker obtains the credentials for a Lobby Ambassador account. This account is not configured by default. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-20231 |
CVE-2023-43320 | An issue in Proxmox Server Solutions GmbH Proxmox VE v.5.4 thru v.8.0, Proxmox Backup Server v.1.1 thru v.3.0, and Proxmox Mail Gateway v.7.1 thru v.8.0 allows a remote authenticated attacker to escalate privileges via bypassing the two-factor authentication component. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43320 |
CVE-2023-5217 | Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5217 |
CVE-2023-43740 | Online Book Store Project v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'image' parameter of admin_edit.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43740 |
CVE-2023-5263 | A vulnerability was found in ZZZCMS 2.1.7 and classified as critical. Affected by this issue is the function restore of the file /admin/save.php of the component Database Backup File Handler. The manipulation leads to permission issues. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240872. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5263 |
CVE-2023-43655 | Composer is a dependency manager for PHP. Users publishing a composer.phar to a public web-accessible server where the composer.phar can be executed as a php file may be subject to a remote code execution vulnerability if PHP also has `register_argc_argv` enabled in php.ini. Versions 2.6.4, 2.2.22 and 1.10.27 patch this vulnerability. Users are advised to upgrade. Users unable to upgrade should make sure `register_argc_argv` is disabled in php.ini, and avoid publishing composer.phar to the web as this is not best practice. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43655 |
CVE-2022-35908 | Cambium Enterprise Wi-Fi System Software before 6.4.2 does not sanitize the ping host argument in device-agent. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-35908 |
CVE-2023-5207 | A vulnerability was discovered in GitLab CE and EE affecting all versions starting 16.0 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. An authenticated attacker could perform arbitrary pipeline execution under the context of another user. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5207 |
CVE-2023-5326 | A vulnerability was found in SATO CL4NX-J Plus 1.13.2-u455_r2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component WebConfig. The manipulation leads to improper authentication. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-241027. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5326 |
CVE-2023-5328 | A vulnerability classified as critical has been found in SATO CL4NX-J Plus 1.13.2-u455_r2. This affects an unknown part of the component Cookie Handler. The manipulation with the input auth=user,level1,settings; web=true leads to improper authentication. Access to the local network is required for this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-241029 was assigned to this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5328 |
CVE-2023-3744 | Server-Side Request Forgery vulnerability in SLims version 9.6.0. This vulnerability could allow an authenticated attacker to send requests to internal services or upload the contents of relevant files via the "scrape_image.php" file in the imageURL parameter. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-3744 |
CVE-2023-43835 | Super Store Finder 3.7 and below is vulnerable to authenticated Arbitrary PHP Code Injection that could lead to Remote Code Execution when settings overwrite config.inc.php content. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43835 |
CVE-2023-43890 | Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the diagnostic tools page. This vulnerability is exploited via a crafted HTTP request. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43890 |
CVE-2023-43268 | Deyue Remote Vehicle Management System v1.1 was discovered to contain a deserialization vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43268 |
CVE-2023-36628 | A flaw exists in VASA which allows users with access to a vSphere/ESXi VMware admin on a FlashArray to gain root access through privilege escalation. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36628 |
CVE-2023-39222 | OS command injection vulnerability in FURUNO SYSTEMS wireless LAN access point devices allows an authenticated user to execute an arbitrary OS command that is not intended to be executed from the web interface by sending a specially crafted request. Affected products and versions are as follows: ACERA 1320 firmware ver.01.26 and earlier, ACERA 1310 firmware ver.01.26 and earlier, ACERA 1210 firmware ver.02.36 and earlier, ACERA 1150i firmware ver.01.35 and earlier, ACERA 1150w firmware ver.01.35 and earlier, ACERA 1110 firmware ver.01.76 and earlier, ACERA 1020 firmware ver.01.86 and earlier, ACERA 1010 firmware ver.01.86 and earlier, ACERA 950 firmware ver.01.60 and earlier, ACERA 850F firmware ver.01.60 and earlier, ACERA 900 firmware ver.02.54 and earlier, ACERA 850M firmware ver.02.06 and earlier, ACERA 810 firmware ver.03.74 and earlier, and ACERA 800ST firmware ver.07.35 and earlier. They are affected when running in ST(Standalone) mode. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-39222 |
CVE-2023-41086 | Cross-site request forgery (CSRF) vulnerability exists in FURUNO SYSTEMS wireless LAN access point devices. If a user views a malicious page while logged in, unintended operations may be performed. Affected products and versions are as follows: ACERA 1210 firmware ver.02.36 and earlier, ACERA 1150i firmware ver.01.35 and earlier, ACERA 1150w firmware ver.01.35 and earlier, ACERA 1110 firmware ver.01.76 and earlier, ACERA 1020 firmware ver.01.86 and earlier, ACERA 1010 firmware ver.01.86 and earlier, ACERA 950 firmware ver.01.60 and earlier, ACERA 850F firmware ver.01.60 and earlier, ACERA 900 firmware ver.02.54 and earlier, ACERA 850M firmware ver.02.06 and earlier, ACERA 810 firmware ver.03.74 and earlier, and ACERA 800ST firmware ver.07.35 and earlier. They are affected when running in ST(Standalone) mode. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41086 |
CVE-2023-42771 | Authentication bypass vulnerability in ACERA 1320 firmware ver.01.26 and earlier, and ACERA 1310 firmware ver.01.26 and earlier allows a network-adjacent unauthenticated attacker who can access the affected product to download configuration files and/or log files, and upload configuration files and/or firmware. They are affected when running in ST(Standalone) mode. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-42771 |
CVE-2023-37891 | Cross-Site Request Forgery (CSRF) vulnerability in OptiMonk OptiMonk: Popups, Personalization & A/B Testing plugin <= 2.0.4 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-37891 |
CVE-2023-37991 | Cross-Site Request Forgery (CSRF) vulnerability in Monchito.Net WP Emoji One plugin <= 0.6.0 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-37991 |
CVE-2023-37992 | Cross-Site Request Forgery (CSRF) vulnerability in PressPage Entertainment Inc. Smarty for WordPress plugin <= 3.1.35 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-37992 |
CVE-2023-37996 | Cross-Site Request Forgery (CSRF) vulnerability in GTmetrix GTmetrix for WordPress plugin <= 0.4.7 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-37996 |
CVE-2023-37998 | Cross-Site Request Forgery (CSRF) vulnerability in Saas Disabler plugin <= 3.0.3 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-37998 |
CVE-2023-38381 | Cross-Site Request Forgery (CSRF) vulnerability in Cyle Conoly WP-FlyBox plugin <= 6.46 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-38381 |
CVE-2022-46841 | Cross-Site Request Forgery (CSRF) vulnerability in Soflyy Oxygen Builder plugin <= 4.4 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-46841 |
CVE-2023-25463 | Cross-Site Request Forgery (CSRF) vulnerability in Gopi Ramasamy WP tell a friend popup form plugin <= 7.1 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25463 |
CVE-2023-37990 | Cross-Site Request Forgery (CSRF) vulnerability in Mike Perelink Pro plugin <= 2.1.4 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-37990 |
CVE-2023-38390 | Cross-Site Request Forgery (CSRF) vulnerability in Anshul Labs Mobile Address Bar Changer plugin <= 3.0 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-38390 |
CVE-2023-38396 | Cross-Site Request Forgery (CSRF) vulnerability in Alain Gonzalez plugin <= 3.1.2 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-38396 |
CVE-2023-38398 | Cross-Site Request Forgery (CSRF) vulnerability in Taboola plugin <= 2.0.1 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-38398 |
CVE-2023-4097 | The file upload functionality is not implemented correctly and allows uploading of any type of file. As a prerequisite, it is necessary for the attacker to log into the application with a valid username. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4097 |
CVE-2022-47891 | All versions of NetMan 204 allow an attacker that knows the MAC and serial number of the device to reset the administrator password via the legitimate recovery function. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-47891 |
CVE-2023-2830 | Cross-Site Request Forgery (CSRF) vulnerability in Trustindex.Io WP Testimonials plugin <= 1.4.2 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2830 |
CVE-2023-39165 | Cross-Site Request Forgery (CSRF) vulnerability in Fetch Designs Sign-up Sheets plugin <= 2.2.8 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-39165 |
CVE-2023-39917 | Cross-Site Request Forgery (CSRF) vulnerability in Photo Gallery Team Photo Gallery by Ays – Responsive Image Gallery plugin <= 5.2.6 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-39917 |
CVE-2023-39923 | Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme The Post Grid plugin <= 7.2.7 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-39923 |
CVE-2023-39989 | Cross-Site Request Forgery (CSRF) vulnerability in 99robots Header Footer Code Manager plugin <= 1.1.34 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-39989 |
CVE-2023-40210 | Cross-Site Request Forgery (CSRF) vulnerability in Sean Barton (Tortoise IT) SB Child List plugin <= 4.5 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40210 |
CVE-2023-4098 | It has been identified that the web application does not correctly filter input parameters, allowing SQL injections, DoS or information disclosure. As a prerequisite, it is necessary to log into the application. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4098 |
CVE-2023-4102 | QSige login SSO does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so. As a prerequisite, it is necessary to log into the application. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4102 |
CVE-2023-4103 | QSige statistics are affected by a remote SQLi vulnerability. It has been identified that the web application does not correctly filter input parameters, allowing SQL injections, DoS or information disclosure. As a prerequisite, it is necessary to log into the application. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4103 |
CVE-2023-2681 | An SQL Injection vulnerability has been found on Jorani version 1.0.0. This vulnerability allows an authenticated remote user, with low privileges, to send queries with malicious SQL code on the "/leaves/validate" path and the “id” parameter, managing to extract arbritary information from the database. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-2681 |
CVE-2023-40199 | Cross-Site Request Forgery (CSRF) vulnerability in CRUDLab WP Like Button plugin <= 1.7.0 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40199 |
CVE-2023-40201 | Cross-Site Request Forgery (CSRF) vulnerability in FuturioWP Futurio Extra plugin <= 1.8.4 versions leads to activation of arbitrary plugin. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40201 |
CVE-2023-40202 | Cross-Site Request Forgery (CSRF) vulnerability in Hannes Etzelstorfer // codemiq WP HTML Mail plugin <= 3.4.1 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40202 |
CVE-2023-0506 | The web service of ByDemes Group Airspace CCTV Web Service in its 2.616.BY00.11 version, contains a privilege escalation vulnerability, detected in the Camera Control Panel, whose exploitation could allow a low-privileged attacker to gain administrator access. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-0506 |
CVE-2023-27435 | Cross-Site Request Forgery (CSRF) vulnerability in Sami Ahmed Siddiqui HTTP Auth plugin <= 0.3.2 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27435 |
CVE-2023-32091 | Cross-Site Request Forgery (CSRF) vulnerability in POEditor plugin <= 0.9.4 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-32091 |
CVE-2023-40558 | Cross-Site Request Forgery (CSRF) vulnerability in eMarket Design YouTube Video Gallery by YouTube Showcase plugin <= 3.3.5 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40558 |
CVE-2023-41244 | Cross-Site Request Forgery (CSRF) vulnerability in Buildfail Localize Remote Images plugin <= 1.0.9 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41244 |
CVE-2023-41693 | Cross-Site Request Forgery (CSRF) vulnerability in edward_plainview MyCryptoCheckout plugin <= 2.125 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41693 |
CVE-2023-4929 | All firmware versions of the NPort 5000 Series are affected by an improper validation of integrity check vulnerability. This vulnerability results from insufficient checks on firmware updates or upgrades, potentially allowing malicious users to manipulate the firmware and gain control of devices. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4929 |
CVE-2023-4817 | This vulnerability allows an authenticated attacker to upload malicious files by bypassing the restrictions of the upload functionality, compromising the entire device. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4817 |
CVE-2023-43176 | A deserialization vulnerability in Afterlogic Aurora Files v9.7.3 allows attackers to execute arbitrary code via supplying a crafted .sabredav file. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43176 |
CVE-2023-25489 | Cross-Site Request Forgery (CSRF) vulnerability in Jeff Sherk Update Theme and Plugins from Zip File plugin <= 2.0.0 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25489 |
CVE-2023-25788 | Cross-Site Request Forgery (CSRF) vulnerability in Saphali Saphali Woocommerce Lite plugin <= 1.8.13 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25788 |
CVE-2023-25980 | Cross-Site Request Forgery (CSRF) vulnerability in CAGE Web Design | Rolf van Gelder Optimize Database after Deleting Revisions plugin <= 5.1 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25980 |
CVE-2023-37995 | Cross-Site Request Forgery (CSRF) vulnerability in Chetan Gole WP-CopyProtect [Protect your blog posts] plugin <= 3.1.0 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-37995 |
CVE-2023-3701 | Aqua Drive, in its 2.4 version, is vulnerable to a relative path traversal vulnerability. By exploiting this vulnerability, an authenticated non privileged user could access/modify stored resources of other users. It could also be possible to access and modify the source and configuration files of the cloud disk platform, affecting the integrity and availability of the entire platform. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-3701 |
CVE-2023-4997 | Improper authorisation of regular users in ProIntegra Uptime DC software (versions below 2.0.0.33940) allows them to change passwords of all other users including administrators leading to a privilege escalation. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4997 |
CVE-2023-25025 | Cross-Site Request Forgery (CSRF) vulnerability in Chetan Gole WP-CopyProtect [Protect your blog posts] plugin <= 3.1.0 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25025 |
CVE-2023-27433 | Cross-Site Request Forgery (CSRF) vulnerability in YAS Global Team Make Paths Relative plugin <= 1.3.0 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27433 |
CVE-2023-40561 | Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Enhanced Ecommerce Google Analytics for WooCommerce plugin <= 3.7.1 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40561 |
CVE-2023-40559 | Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Dynamic Pricing and Discount Rules for WooCommerce plugin <= 2.4.0 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40559 |
CVE-2023-42809 | Redisson is a Java Redis client that uses the Netty framework. Prior to version 3.22.0, some of the messages received from the Redis server contain Java objects that the client deserializes without further validation. Attackers that manage to trick clients into communicating with a malicious server can include especially crafted objects in its responses that, once deserialized by the client, force it to execute arbitrary code. This can be abused to take control of the machine the client is running in. Version 3.22.0 contains a patch for this issue. Some post-fix advice is available. Do NOT use `Kryo5Codec` as deserialization codec, as it is still vulnerable to arbitrary object deserialization due to the `setRegistrationRequired(false)` call. On the contrary, `KryoCodec` is safe to use. The fix applied to `SerializationCodec` only consists of adding an optional allowlist of class names, even though making this behavior the default is recommended. When instantiating `SerializationCodec` please use the `SerializationCodec(ClassLoader classLoader, Set<String> allowedClasses)` constructor to restrict the allowed classes for deserialization. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-42809 |
CVE-2023-36618 | Atos Unify OpenScape Session Border Controller through V10 R3.01.03 allows execution of OS commands as root user by low-privileged authenticated users. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36618 |
CVE-2023-43321 | File Upload vulnerability in Digital China Networks DCFW-1800-SDC v.3.0 allows an authenticated attacker to execute arbitrary code via the wget function in the /sbin/cloudadmin.sh component. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43321 |
CVE-2023-43068 | Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability in the restricted shell in SSH. An authenticated remote attacker could potentially exploit this vulnerability, leading to execute arbitrary commands. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43068 |
CVE-2023-4401 | Dell SmartFabric Storage Software v1.4 (and earlier) contains an OS Command Injection Vulnerability in the CLI use of the ‘more’ command. A local or remote authenticated attacker could potentially exploit this vulnerability, leading to the ability to gain root-level access. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4401 |
CVE-2023-5346 | Type confusion in V8 in Google Chrome prior to 117.0.5938.149 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5346 |
CVE-2023-43284 | An issue in D-Link Wireless MU-MIMO Gigabit AC1200 Router DIR-846 firmware version 100A53DBR-Retail allows a remote attacker to execute arbitrary code. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43284 |
CVE-2022-47175 | Cross-Site Request Forgery (CSRF) vulnerability in P Royal Royal Elementor Addons and Templates plugin <= 1.3.75 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-47175 |
CVE-2023-25033 | Cross-Site Request Forgery (CSRF) vulnerability in Sumo Social Share Boost plugin <= 4.5 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25033 |
CVE-2023-25480 | Cross-Site Request Forgery (CSRF) vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin <= 1.24.1 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-25480 |
CVE-2023-27448 | Cross-Site Request Forgery (CSRF) vulnerability in MakeStories Team MakeStories (for Google Web Stories) plugin <= 2.8.0 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27448 |
CVE-2023-27615 | Cross-Site Request Forgery (CSRF) vulnerability in Dipak C. Gajjar WP Super Minify plugin <= 1.5.1 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-27615 |
CVE-2023-40008 | Cross-Site Request Forgery (CSRF) vulnerability in Gangesh Matta Simple Org Chart plugin <= 2.3.4 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40008 |
CVE-2023-40671 | Cross-Site Request Forgery (CSRF) vulnerability in ??wp DX-auto-save-images plugin <= 1.4.0 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40671 |
CVE-2023-28791 | Cross-Site Request Forgery (CSRF) vulnerability in Gangesh Matta Simple Org Chart plugin <= 2.3.4 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28791 |
CVE-2023-29235 | Cross-Site Request Forgery (CSRF) vulnerability in Fugu Maintenance Switch plugin <= 1.5.2 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-29235 |
CVE-2023-40607 | Cross-Site Request Forgery (CSRF) vulnerability in CLUEVO CLUEVO LMS, E-Learning Platform plugin <= 1.10.0 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40607 |
CVE-2023-41650 | Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Remove/hide Author, Date, Category Like Entry-Meta plugin <= 2.1 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41650 |
CVE-2023-41654 | Cross-Site Request Forgery (CSRF) vulnerability in Andreas Heigl authLdap plugin <= 2.5.8 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41654 |
CVE-2023-41732 | Cross-Site Request Forgery (CSRF) vulnerability in CodePeople CP Blocks plugin <= 1.0.20 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41732 |
CVE-2023-41801 | Cross-Site Request Forgery (CSRF) vulnerability in AWP Classifieds Team Ad Directory & Listings by AWP Classifieds plugin <= 4.3 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41801 |
CVE-2023-41950 | Cross-Site Request Forgery (CSRF) vulnerability in Laposta - Roel Bousardt Laposta Signup Basic plugin <= 1.4.1 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41950 |
CVE-2023-44146 | Cross-Site Request Forgery (CSRF) vulnerability in Checkfront Inc. Checkfront Online Booking System plugin <= 3.6 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44146 |
CVE-2023-39928 | A use-after-free vulnerability exists in the MediaRecorder API of Webkit WebKitGTK 2.40.5. A specially crafted web page can abuse this vulnerability to cause memory corruption and potentially arbitrary code execution. A user would need to to visit a malicious webpage to trigger this vulnerability. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-39928 |
CVE-2023-44233 | Cross-Site Request Forgery (CSRF) vulnerability in FooPlugins Best WordPress Gallery Plugin – FooGallery plugin <= 2.2.44 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44233 |
CVE-2023-44243 | Cross-Site Request Forgery (CSRF) vulnerability in Dylan Blokhuis Instant CSS plugin <= 1.2.1 versions. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44243 |
CVE-2023-44061 | File Upload vulnerability in Simple and Nice Shopping Cart Script v.1.0 allows a remote attacker to execute arbitrary code via the upload function in the edit profile component. | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44061 |
CVE-2023-36414 | Azure Identity SDK Remote Code Execution Vulnerability | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36414 |
CVE-2023-36415 | Azure Identity SDK Remote Code Execution Vulnerability | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36415 |
CVE-2023-36419 | Azure HDInsight Apache Oozie Workflow Scheduler Elevation of Privilege Vulnerability | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36419 |
CVE-2023-36577 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | 8.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36577 |
CVE-2023-43746 | When running in Appliance mode, an authenticated user assigned the Administrator role may be able to bypass Appliance mode restrictions, utilizing BIG-IP external monitor on a BIG-IP system. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 8.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-43746 |
CVE-2021-1273 | Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | 8.6 | https://nvd.nist.gov/vuln/detail/CVE-2021-1273 |
CVE-2021-1274 | Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | 8.6 | https://nvd.nist.gov/vuln/detail/CVE-2021-1274 |
CVE-2021-1279 | Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | 8.6 | https://nvd.nist.gov/vuln/detail/CVE-2021-1279 |
CVE-2023-4571 | In Splunk IT Service Intelligence (ITSI) versions below below 4.13.3, 4.15.3, or 4.17.1, a malicious actor can inject American National Standards Institute (ANSI) escape codes into Splunk ITSI log files that, when a vulnerable terminal application reads them, can run malicious code in the vulnerable application. This attack requires a user to use a terminal application that translates ANSI escape codes to read the malicious log file locally in the vulnerable terminal. The vulnerability also requires additional user interaction to succeed. The vulnerability does not directly affect Splunk ITSI. The indirect impact on Splunk ITSI can vary significantly depending on the permissions in the vulnerable terminal application, as well as where and how the user reads the malicious log file. For example, users can copy the malicious file from Splunk ITSI and read it on their local machine. | 8.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-4571 |
CVE-2023-43662 | ShokoServer is a media server which specializes in organizing anime. In affected versions the `/api/Image/WithPath` endpoint is accessible without authentication and is supposed to return default server images. The endpoint accepts the parameter `serverImagePath`, which is not sanitized in any way before being passed to `System.IO.File.OpenRead`, which results in an arbitrary file read. This issue may lead to an arbitrary file read which is exacerbated in the windows installer which installs the ShokoServer as administrator. Any unauthenticated attacker may be able to access sensitive information and read files stored on the server. The `/api/Image/WithPath` endpoint has been removed in commit `6c57ba0f0` which will be included in subsequent releases. Users should limit access to the `/api/Image/WithPath` endpoint or manually patch their installations until a patched release is made. This issue was discovered by the GitHub Security lab and is also indexed as GHSL-2023-191. | 8.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-43662 |
CVE-2023-3037 | Improper authorization vulnerability in HelpDezk Community affecting version 1.1.10. This vulnerability could allow a remote attacker to access the platform without authentication and retrieve personal data via the jsonGrid parameter. | 8.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-3037 |
CVE-2023-22374 | A format string vulnerability exists in iControl SOAP that allows an authenticated attacker to crash the iControl SOAP CGI process or, potentially execute arbitrary code. In appliance mode BIG-IP, a successful exploit of this vulnerability can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 8.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-22374 |
CVE-2023-36569 | Microsoft Office Elevation of Privilege Vulnerability | 8.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-36569 |
CVE-2020-13398 | An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) write vulnerability has been detected in crypto_rsa_common in libfreerdp/crypto/crypto.c. | 8.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-13398 |
CVE-2023-35796 | A vulnerability has been identified in SINEMA Server V14 (All versions). The affected application improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could perform a stored cross-site scripting (XSS) attack that may lead to arbitrary code execution with `SYSTEM` privileges on the application server. (ZDI-CAN-19823) | 8.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-35796 |
CVE-2023-22382 | Weak configuration in Automotive while VM is processing a listener request from TEE. | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-22382 |
CVE-2023-4100 | Allows an attacker to perform XSS attacks stored on certain resources. Exploiting this vulnerability can lead to a DoS condition, among other actions. | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-4100 |
CVE-2023-39191 | An improper input validation flaw was found in the eBPF subsystem in the Linux kernel. The issue occurs due to a lack of proper validation of dynamic pointers within user-supplied eBPF programs prior to executing them. This may allow an attacker with CAP_BPF privileges to escalate privileges and execute arbitrary code in the context of the kernel. | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-39191 |
CVE-2023-5441 | NULL Pointer Dereference in GitHub repository vim/vim prior to 20d161ace307e28690229b68584f2d84556f8960. | 8.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-5441 |
CVE-2023-21886 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.42 and prior to 7.0.6. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H). | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-21886 |
CVE-2022-48566 | An issue was discovered in compare_digest in Lib/hmac.py in Python through 3.9.1. Constant-time-defeating optimisations were possible in the accumulator variable in hmac.compare_digest. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-48566 |
CVE-2023-4427 | Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-4427 |
CVE-2023-41915 | OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-41915 |
CVE-2023-4853 | A flaw was found in Quarkus where HTTP security policies are not sanitizing certain character permutations correctly when accepting requests, resulting in incorrect evaluation of permissions. This issue could allow an attacker to bypass the security policy altogether, resulting in unauthorized endpoint access and possibly a denial of service. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-4853 |
CVE-2023-43976 | An issue in CatoNetworks CatoClient before v.5.4.0 allows attackers to escalate privileges and winning the race condition (TOCTOU) via the PrivilegedHelperTool component. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-43976 |
CVE-2023-1832 | An improper access control flaw was found in Candlepin. An attacker can create data scoped under another customer/tenant, which can result in loss of confidentiality and availability for the affected customer/tenant. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-1832 |
CVE-2023-43804 | urllib3 is a user-friendly HTTP client library for Python. urllib3 doesn't treat the `Cookie` HTTP header special or provide any helpers for managing cookies over HTTP, that is the responsibility of the user. However, it is possible for a user to specify a `Cookie` header and unknowingly leak information via HTTP redirects to a different origin if that user doesn't disable redirects explicitly. This issue has been patched in urllib3 version 1.26.17 or 2.0.5. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-43804 |
CVE-2023-42448 | Hydra is the layer-two scalability solution for Cardano. Prior to version 0.13.0, the specification states that the contestation period in the datum of the UTxO at the head validator must stay unchanged as the state progresses from Open to Closed (Close transaction), but no such check appears to be performed in the `checkClose` function of the head validator. This would allow a malicious participant to modify the contestation deadline of the head to either allow them to fanout the head without giving another participant the chance to contest, or prevent any participant from ever redistributing the funds locked in the head via a fan-out. Version 0.13.0 contains a patch for this issue. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-42448 |
CVE-2023-42449 | Hydra is the two-layer scalability solution for Cardano. Prior to version 0.13.0, it is possible for a malicious head initializer to extract one or more PTs for the head they are initializing due to incorrect data validation logic in the head token minting policy which then results in an flawed check for burning the head ST in the `initial` validator. This is possible because it is not checked in `HeadTokens.hs` that the datums of the outputs at the `initial` validator are equal to the real head ID, and it is also not checked in the `off-chain code`. During the `Initial` state of the protocol, if the malicious initializer removes a PT from the Hydra scripts it becomes impossible for any other participant to reclaim any funds they have attempted to commit into the head, as to do so the Abort transaction must burn all the PTs for the head, but they cannot burn the PT which the attacker controls and so cannot satisfy this requirement. That means the initializer can lock the other participants committed funds forever or until they choose to return the PT (ransom). The malicious initializer can also use the PT to spoof that they have committed a particular TxO when progressing the head into the `Open` state. For example, they could say they committed a TxO residing at their address containing 100 ADA, but in fact this 100 ADA was not moved into the head, and thus in order for an other participant to perform the fanout they will be forced to pay the attacker the 100 ADA out of their own funds, as the fanout transaction must pay all the committed TxOs (even though the attacker did not really commit that TxO). They can do this by placing the PT in a UTxO with a well-formed `Commit` datum with whatever contents they like, then use this UTxO in the `collectCom` transaction. There may be other possible ways to abuse having control of a PT. Version 0.13.0 fixes this issue. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-42449 |
CVE-2023-40537 | An authenticated user's session cookie may remain valid for a limited time after logging out from the BIG-IP Configuration utility on a multi-blade VIPRION platform. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-40537 |
CVE-2023-38166 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-38166 |
CVE-2023-41765 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-41765 |
CVE-2023-41767 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-41767 |
CVE-2023-41768 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-41768 |
CVE-2023-41769 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-41769 |
CVE-2023-41770 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-41770 |
CVE-2023-41771 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-41771 |
CVE-2023-41773 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-41773 |
CVE-2023-41774 | Layer 2 Tunneling Protocol Remote Code Execution Vulnerability | 8.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-41774 |
CVE-2023-22647 | An Improper Privilege Management vulnerability in SUSE Rancher allowed standard users to leverage their existing permissions to manipulate Kubernetes secrets in the local cluster, resulting in the secret being deleted, but their read-level permissions to the secret being preserved. When this operation was followed-up by other specially crafted commands, it could result in the user gaining access to tokens belonging to service accounts in the local cluster. This issue affects Rancher: from >= 2.6.0 before < 2.6.13, from >= 2.7.0 before < 2.7.4. | 8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22647 |
CVE-2023-36778 | Microsoft Exchange Server Remote Code Execution Vulnerability | 8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36778 |
CVE-2018-10878 | A flaw was found in the Linux kernel's ext4 filesystem. A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-10878 |
CVE-2019-0053 | Insufficient validation of environment variables in the telnet client supplied in Junos OS can lead to stack-based buffer overflows, which can be exploited to bypass veriexec restrictions on Junos OS. A stack-based overflow is present in the handling of environment variables when connecting via the telnet client to remote telnet servers. This issue only affects the telnet client — accessible from the CLI or shell — in Junos OS. Inbound telnet services are not affected by this issue. This issue affects: Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S13; 12.3X48 versions prior to 12.3X48-D80; 14.1X53 versions prior to 14.1X53-D130, 14.1X53-D49; 15.1 versions prior to 15.1F6-S12, 15.1R7-S4; 15.1X49 versions prior to 15.1X49-D170; 15.1X53 versions prior to 15.1X53-D237, 15.1X53-D496, 15.1X53-D591, 15.1X53-D69; 16.1 versions prior to 16.1R3-S11, 16.1R7-S4; 16.2 versions prior to 16.2R2-S9; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R2-S7, 17.2R3-S1; 17.3 versions prior to 17.3R3-S4; 17.4 versions prior to 17.4R1-S6, 17.4R2-S3, 17.4R3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S3; 18.2 versions prior to 18.2R1-S5, 18.2R2-S2, 18.2R3; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R1-S3, 18.3R2; 18.4 versions prior to 18.4R1-S2, 18.4R2. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-0053 |
CVE-2019-19726 | OpenBSD through 6.6 allows local users to escalate to root because a check for LD_LIBRARY_PATH in setuid programs can be defeated by setting a very small RLIMIT_DATA resource limit. When executing chpass or passwd (which are setuid root), _dl_setup_env in ld.so tries to strip LD_LIBRARY_PATH from the environment, but fails when it cannot allocate memory. Thus, the attacker is able to execute their own library code as root. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2019-19726 |
CVE-2021-1260 | Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-1260 |
CVE-2021-1261 | Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-1261 |
CVE-2021-1262 | Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-1262 |
CVE-2021-1263 | Multiple vulnerabilities in Cisco SD-WAN products could allow an authenticated attacker to perform command injection attacks against an affected device, which could allow the attacker to take certain actions with root privileges on the device. For more information about these vulnerabilities, see the Details section of this advisory. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-1263 |
CVE-2021-21551 | Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2021-21551 |
CVE-2022-20716 | A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to gain escalated privileges. This vulnerability is due to improper access control on files within the affected system. A local attacker could exploit this vulnerability by modifying certain files on the vulnerable device. If successful, the attacker could gain escalated privileges and take actions on the system with the privileges of the root user. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-20716 |
CVE-2022-24287 | A vulnerability has been identified in SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions < V9.0 SP3 UC06), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP1 UC01), SIMATIC WinCC Runtime Professional V16 and earlier (All versions), SIMATIC WinCC Runtime Professional V17 (All versions < V17 Upd4), SIMATIC WinCC V7.3 (All versions), SIMATIC WinCC V7.4 (All versions < V7.4 SP 1 Update 21), SIMATIC WinCC V7.5 (All versions < V7.5 SP 2 Update 8). A missing printer configuration on the host could allow an authenticated attacker to escape the WinCC Kiosk Mode. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-24287 |
CVE-2018-25078 | man-db before 2.8.5 on Gentoo allows local users (with access to the man user account) to gain root privileges because /usr/bin/mandb is executed by root but not owned by root. (Also, the owner can strip the setuid and setgid bits.) | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2018-25078 |
CVE-2023-1829 | A use-after-free vulnerability in the Linux Kernel traffic control index filter (tcindex) can be exploited to achieve local privilege escalation. The tcindex_delete function which does not properly deactivate filters in case of a perfect hashes while deleting the underlying structure which can later lead to double freeing the structure. A local attacker user can use this vulnerability to elevate its privileges to root. We recommend upgrading past commit 8c710f75256bb3cf05ac7b1672c82b92c43f3d28. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1829 |
CVE-2023-3111 | A use after free vulnerability was found in prepare_to_relocate in fs/btrfs/relocation.c in btrfs in the Linux Kernel. This possible flaw can be triggered by calling btrfs_ioctl_balance() before calling btrfs_ioctl_defrag(). | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-3111 |
CVE-2023-3269 | A vulnerability exists in the memory management subsystem of the Linux kernel. The lock handling for accessing and updating virtual memory areas (VMAs) is incorrect, leading to use-after-free problems. This issue can be successfully exploited to execute arbitrary kernel code, escalate containers, and gain root privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-3269 |
CVE-2023-4004 | A use-after-free flaw was found in the Linux kernel's netfilter in the way a user triggers the nft_pipapo_remove function with the element, without a NFT_SET_EXT_KEY_END. This issue could allow a local user to crash the system or potentially escalate their privileges on the system. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4004 |
CVE-2023-4128 | A use-after-free flaw was found in net/sched/cls_fw.c in classifiers (cls_fw, cls_u32, and cls_route) in the Linux Kernel. This flaw allows a local attacker to perform a local privilege escalation due to incorrect handling of the existing filter, leading to a kernel information leak issue. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4128 |
CVE-2023-40303 | GNU inetutils through 2.4 may allow privilege escalation because of unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary user control the activities of the process. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40303 |
CVE-2023-21235 | In onCreate of LockSettingsActivity.java, there is a possible way set a new lockscreen PIN without entering the existing PIN due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21235 |
CVE-2022-45703 | Heap buffer overflow vulnerability in binutils readelf before 2.40 via function display_debug_section in file readelf.c. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-45703 |
CVE-2023-4504 | Due to failure in validating the length provided by an attacker-crafted PPD PostScript document, CUPS and libppd are susceptible to a heap-based buffer overflow and possibly code execution. This issue has been fixed in CUPS version 2.4.7, released in September of 2023. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4504 |
CVE-2023-32377 | A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-32377 |
CVE-2023-32396 | This issue was addressed with improved checks. This issue is fixed in Xcode 15, tvOS 17, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to gain elevated privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-32396 |
CVE-2023-40409 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17. An app may be able to execute arbitrary code with kernel privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-40409 |
CVE-2023-41174 | The issue was addressed with improved memory handling. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10. An app may be able to execute arbitrary code with kernel privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41174 |
CVE-2023-41984 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41984 |
CVE-2023-41995 | A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to execute arbitrary code with kernel privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41995 |
CVE-2023-44464 | pretix before 2023.7.2 allows Pillow to parse EPS files. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44464 |
CVE-2023-37605 | Buffer Overflow vulnerability in baramundi software GmbH EMM Agent 23.1.50 and before allows an attacker to cause a denial of service via a crafted request to the password parameter. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-37605 |
CVE-2023-43361 | Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local attacker to execute arbitrary code and cause a denial of service during the conversion of wav files to ogg files. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43361 |
CVE-2023-5345 | A use-after-free vulnerability in the Linux kernel's fs/smb/client component can be exploited to achieve local privilege escalation. In case of an error in smb3_fs_context_parse_param, ctx->password was freed but the field was not set to NULL which could lead to double free. We recommend upgrading past commit e6e43b8aa7cd3c3af686caf0c2e11819a886d705. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-5345 |
CVE-2023-21673 | Improper Access to the VM resource manager can lead to Memory Corruption. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21673 |
CVE-2023-22384 | Memory Corruption in VR Service while sending data using Fast Message Queue (FMQ). | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22384 |
CVE-2023-24844 | Memory Corruption in Core while invoking a call to Access Control core library with hardware protected address range. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24844 |
CVE-2023-24850 | Memory Corruption in HLOS while importing a cryptographic key into KeyMaster Trusted Application. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24850 |
CVE-2023-24853 | Memory Corruption in HLOS while registering for key provisioning notify. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-24853 |
CVE-2023-28539 | Memory corruption in WLAN Host when the firmware invokes multiple WMI Service Available command. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-28539 |
CVE-2023-33029 | Memory corruption in DSP Service during a remote call from HLOS to DSP. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-33029 |
CVE-2023-33034 | Memory corruption while parsing the ADSP response command. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-33034 |
CVE-2023-33035 | Memory corruption while invoking callback function of AFE from ADSP. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-33035 |
CVE-2023-33039 | Memory corruption in Automotive Display while destroying the image handle created using connected display driver. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-33039 |
CVE-2023-44217 | A local privilege escalation vulnerability in SonicWall Net Extender MSI client for Windows 10.2.336 and earlier versions allows a local low-privileged user to gain system privileges through running repair functionality. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44217 |
CVE-2023-44218 | A flaw within the SonicWall NetExtender Pre-Logon feature enables an unauthorized user to gain access to the host Windows operating system with 'SYSTEM' level privileges, leading to a local privilege escalation (LPE) vulnerability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44218 |
CVE-2023-4911 | A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4911 |
CVE-2023-30692 | Improper input validation vulnerability in Evaluator prior to SMR Oct-2023 Release 1 allows local attackers to launch privileged activities. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30692 |
CVE-2023-30738 | An improper input validation in UEFI Firmware prior to Firmware update Oct-2023 Release in Galaxy Book, Galaxy Book Pro, Galaxy Book Pro 360 and Galaxy Book Odyssey allows local attacker to execute SMM memory corruption. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30738 |
CVE-2023-22618 | If Security Hardening guide rules are not followed, then Nokia WaveLite products allow a local user to create new users with administrative privileges by manipulating a web request. This affects (for example) WaveLite Metro 200 and Fan, WaveLite Metro 200 OPS and Fans, WaveLite Metro 200 and F2B fans, WaveLite Metro 200 OPS and F2B fans, WaveLite Metro 200 NE and F2B fans, and WaveLite Metro 200 NE OPS and F2B fans. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-22618 |
CVE-2023-3665 | A code injection vulnerability in Trellix ENS 10.7.0 April 2023 release and earlier, allowed a local user to disable the ENS AMSI component via environment variables, leading to denial of service and or the execution of arbitrary code. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-3665 |
CVE-2023-4237 | A flaw was found in the Ansible Automation Platform. When creating a new keypair, the ec2_key module prints out the private key directly to the standard output. This flaw allows an attacker to fetch those keys from the log files, compromising the system's confidentiality, integrity, and availability. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4237 |
CVE-2023-43838 | An arbitrary file upload vulnerability in Personal Management System v1.4.64 allows attackers to execute arbitrary code via uploading a crafted SVG file into a user profile's avatar. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43838 |
CVE-2023-42824 | The issue was addressed with improved checks. This issue is fixed in iOS 17.0.3 and iPadOS 17.0.3, iOS 16.7.1 and iPadOS 16.7.1. A local attacker may be able to elevate their privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 16.6. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-42824 |
CVE-2023-44209 | Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 29051. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44209 |
CVE-2023-43799 | Altair is a GraphQL Client. Prior to version 5.2.5, the Altair GraphQL Client Desktop Application does not sanitize external URLs before passing them to the underlying system. Moreover, Altair GraphQL Client also does not isolate the context of the renderer process. This affects versions of the software running on MacOS, Windows, and Linux. Version 5.2.5 fixes this issue. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43799 |
CVE-2023-43069 | Dell SmartFabric Storage Software v1.4 (and earlier) contain(s) an OS Command Injection Vulnerability in the CLI. An authenticated local attacker could potentially exploit this vulnerability, leading to possible injection of parameters to curl or docker. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43069 |
CVE-2023-43072 | Dell SmartFabric Storage Software v1.4 (and earlier) contains an improper access control vulnerability in the CLI. A local possibly unauthenticated attacker could potentially exploit this vulnerability, leading to ability to execute arbritrary shell commands. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43072 |
CVE-2023-36123 | Directory Traversal vulnerability in Hex-Dragon Plain Craft Launcher 2 version Alpha 1.3.9, allows local attackers to execute arbitrary code and gain sensitive information. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36123 |
CVE-2022-30527 | A vulnerability has been identified in SINEC NMS (All versions < V2.0). The affected application assigns improper access rights to specific folders containing executable files and libraries. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-30527 |
CVE-2023-30900 | A vulnerability has been identified in Xpedition Layout Browser (All versions < VX.2.14). Affected application contains a stack overflow vulnerability when parsing a PCB file. An attacker can leverage this vulnerability to execute code in the context of the current process. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-30900 |
CVE-2023-44081 | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44081 |
CVE-2023-44082 | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44082 |
CVE-2023-44083 | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44083 |
CVE-2023-44084 | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44084 |
CVE-2023-44085 | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44085 |
CVE-2023-44086 | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44086 |
CVE-2023-44087 | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44087 |
CVE-2023-45204 | A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain a type confusion vulnerability while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21268) | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45204 |
CVE-2023-45205 | A vulnerability has been identified in SICAM PAS/PQS (All versions >= V8.00 < V8.20). The affected application is installed with specific files and folders with insecure permissions. This could allow an authenticated local attacker to inject arbitrary code and escalate privileges to `NT AUTHORITY/SYSTEM`. | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45205 |
CVE-2023-45601 | A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.262), Parasolid V35.1 (All versions < V35.1.250), Parasolid V36.0 (All versions < V36.0.169), Tecnomatix Plant Simulation V2201 (All versions < V2201.0009), Tecnomatix Plant Simulation V2302 (All versions < V2302.0003). The affected applications contain a stack overflow vulnerability while parsing specially crafted IGS files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21290) | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-45601 |
CVE-2023-43611 | The BIG-IP Edge Client Installer on macOS does not follow best practices for elevating privileges during the installation process. This vulnerability is due to an incomplete fix for CVE-2023-38418. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43611 |
CVE-2023-36417 | Microsoft SQL ODBC Driver Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36417 |
CVE-2023-36418 | Azure RTOS GUIX Studio Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36418 |
CVE-2023-36436 | Windows MSHTML Platform Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36436 |
CVE-2023-36557 | PrintHTML API Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36557 |
CVE-2023-36593 | Microsoft Message Queuing Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36593 |
CVE-2023-36594 | Windows Graphics Component Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36594 |
CVE-2023-36598 | Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36598 |
CVE-2023-36701 | Microsoft Resilient File System (ReFS) Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36701 |
CVE-2023-36702 | Microsoft DirectMusic Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36702 |
CVE-2023-36704 | Windows Setup Files Cleanup Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36704 |
CVE-2023-36710 | Windows Media Foundation Core Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36710 |
CVE-2023-36711 | Windows Runtime C++ Template Library Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36711 |
CVE-2023-36712 | Windows Kernel Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36712 |
CVE-2023-36718 | Microsoft Virtual Trusted Platform Module Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36718 |
CVE-2023-36723 | Windows Container Manager Service Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36723 |
CVE-2023-36725 | Windows Kernel Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36725 |
CVE-2023-36726 | Windows Internet Key Exchange (IKE) Extension Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36726 |
CVE-2023-36729 | Named Pipe File System Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36729 |
CVE-2023-36730 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36730 |
CVE-2023-36731 | Win32k Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36731 |
CVE-2023-36732 | Win32k Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36732 |
CVE-2023-36737 | Azure Network Watcher VM Agent Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36737 |
CVE-2023-36743 | Win32k Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36743 |
CVE-2023-36785 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36785 |
CVE-2023-36790 | Windows RDP Encoder Mirror Driver Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36790 |
CVE-2023-41766 | Windows Client Server Run-time Subsystem (CSRSS) Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41766 |
CVE-2023-41772 | Win32k Elevation of Privilege Vulnerability | 7.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41772 |
CVE-2022-34821 | A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (All versions < V7.2), RUGGEDCOM RM1224 LTE(4G) NAM (All versions < V7.2), SCALANCE M804PB (All versions < V7.2), SCALANCE M812-1 ADSL-Router (Annex A) (All versions < V7.2), SCALANCE M812-1 ADSL-Router (Annex B) (All versions < V7.2), SCALANCE M816-1 ADSL-Router (Annex A) (All versions < V7.2), SCALANCE M816-1 ADSL-Router (Annex B) (All versions < V7.2), SCALANCE M826-2 SHDSL-Router (All versions < V7.2), SCALANCE M874-2 (All versions < V7.2), SCALANCE M874-3 (All versions < V7.2), SCALANCE M876-3 (EVDO) (All versions < V7.2), SCALANCE M876-3 (ROK) (All versions < V7.2), SCALANCE M876-4 (All versions < V7.2), SCALANCE M876-4 (EU) (All versions < V7.2), SCALANCE M876-4 (NAM) (All versions < V7.2), SCALANCE MUM853-1 (EU) (All versions < V7.2), SCALANCE MUM856-1 (EU) (All versions < V7.2), SCALANCE MUM856-1 (RoW) (All versions < V7.2), SCALANCE S615 (All versions < V7.2), SCALANCE S615 EEC (All versions < V7.2), SCALANCE SC622-2C (All versions < V2.3), SCALANCE SC622-2C (All versions >= V2.3 < V3.0), SCALANCE SC626-2C (All versions < V2.3), SCALANCE SC626-2C (All versions >= V2.3 < V3.0), SCALANCE SC632-2C (All versions < V2.3), SCALANCE SC632-2C (All versions >= V2.3 < V3.0), SCALANCE SC636-2C (All versions < V2.3), SCALANCE SC636-2C (All versions >= V2.3 < V3.0), SCALANCE SC642-2C (All versions < V2.3), SCALANCE SC642-2C (All versions >= V2.3 < V3.0), SCALANCE SC646-2C (All versions < V2.3), SCALANCE SC646-2C (All versions >= V2.3 < V3.0), SCALANCE WAM763-1 (All versions), SCALANCE WAM766-1 (EU) (All versions), SCALANCE WAM766-1 (US) (All versions), SCALANCE WAM766-1 EEC (EU) (All versions), SCALANCE WAM766-1 EEC (US) (All versions), SCALANCE WUM763-1 (All versions), SCALANCE WUM763-1 (All versions), SCALANCE WUM766-1 (EU) (All versions), SCALANCE WUM766-1 (US) (All versions), SIMATIC CP 1242-7 V2 (All versions < V3.3.46), SIMATIC CP 1243-1 (All versions < V3.3.46), SIMATIC CP 1243-7 LTE EU (All versions < V3.3.46), SIMATIC CP 1243-7 LTE US (All versions < V3.3.46), SIMATIC CP 1243-8 IRC (All versions < V3.3.46), SIMATIC CP 1542SP-1 IRC (All versions >= V2.0 < V2.2.28), SIMATIC CP 1543-1 (All versions < V3.0.22), SIMATIC CP 1543SP-1 (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC (All versions >= V2.0 < V2.2.28), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (All versions >= V2.0 < V2.2.28), SIPLUS NET CP 1242-7 V2 (All versions < V3.3.46), SIPLUS NET CP 1543-1 (All versions < V3.0.22), SIPLUS S7-1200 CP 1243-1 (All versions < V3.3.46), SIPLUS S7-1200 CP 1243-1 RAIL (All versions < V3.3.46). By injecting code to specific configuration options for OpenVPN, an attacker could execute arbitrary code with elevated privileges. | 7.6 | https://nvd.nist.gov/vuln/detail/CVE-2022-34821 |
CVE-2016-1000338 | In Bouncy Castle JCE Provider version 1.55 and earlier the DSA does not fully validate ASN.1 encoding of signature on verification. It is possible to inject extra elements in the sequence making up the signature and still have it validate, which in some cases may allow the introduction of 'invisible' data into a signed structure. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2016-1000338 |
CVE-2019-11324 | The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use of the ssl_context, ca_certs, or ca_certs_dir argument. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-11324 |
CVE-2019-14232 | An issue was discovered in Django 1.11.x before 1.11.23, 2.1.x before 2.1.11, and 2.2.x before 2.2.4. If django.utils.text.Truncator's chars() and words() methods were passed the html=True argument, they were extremely slow to evaluate certain inputs due to a catastrophic backtracking vulnerability in a regular expression. The chars() and words() methods are used to implement the truncatechars_html and truncatewords_html template filters, which were thus vulnerable. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-14232 |
CVE-2020-4031 | In FreeRDP before version 2.1.2, there is a use-after-free in gdi_SelectObject. All FreeRDP clients using compatibility mode with /relax-order-checks are affected. This is fixed in version 2.1.2. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-4031 |
CVE-2021-1278 | Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-1278 |
CVE-2021-1241 | Multiple vulnerabilities in Cisco SD-WAN products could allow an unauthenticated, remote attacker to execute denial of service (DoS) attacks against an affected device. For more information about these vulnerabilities, see the Details section of this advisory. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-1241 |
CVE-2020-27632 | In SIMATIC MV400 family versions prior to v7.0.6, the ISN generator is initialized with a constant value and has constant increments. An attacker could predict and hijack TCP sessions. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-27632 |
CVE-2022-23223 | On Apache ShenYu versions 2.4.0 and 2.4.1, and endpoint existed that disclosed the passwords of all users. Users are recommended to upgrade to version 2.4.2 or later. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-23223 |
CVE-2022-29534 | An issue was discovered in MISP before 2.4.158. In UsersController.php, password confirmation can be bypassed via vectors involving an "Accept: application/json" header. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-29534 |
CVE-2022-34180 | Jenkins Embeddable Build Status Plugin 2.0.3 and earlier does not correctly perform the ViewStatus permission check in the HTTP endpoint it provides for "unprotected" status badge access, allowing attackers without any permissions to obtain the build status badge icon for any attacker-specified job and/or build. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34180 |
CVE-2022-41916 | Heimdal is an implementation of ASN.1/DER, PKIX, and Kerberos. Versions prior to 7.7.1 are vulnerable to a denial of service vulnerability in Heimdal's PKI certificate validation library, affecting the KDC (via PKINIT) and kinit (via PKINIT), as well as any third-party applications using Heimdal's libhx509. Users should upgrade to Heimdal 7.7.1 or 7.8. There are no known workarounds for this issue. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-41916 |
CVE-2021-44758 | Heimdal before 7.7.1 allows attackers to cause a NULL pointer dereference in a SPNEGO acceptor via a preferred_mech_type of GSS_C_NO_OID and a nonzero initial_response value to send_accept. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-44758 |
CVE-2022-46285 | A flaw was found in libXpm. This issue occurs when parsing a file with a comment not closed; the end-of-file condition will not be detected, leading to an infinite loop and resulting in a Denial of Service in the application linked to the library. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-46285 |
CVE-2022-46663 | In GNU Less before 609, crafted data can result in "less -R" not filtering ANSI escape sequences sent to the terminal. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-46663 |
CVE-2022-45142 | The fix for CVE-2022-3437 included changing memcmp to be constant time and a workaround for a compiler bug by adding "!= 0" comparisons to the result of memcmp. When these patches were backported to the heimdal-7.7.1 and heimdal-7.8.0 branches (and possibly other branches) a logic inversion sneaked in causing the validation of message integrity codes in gssapi/arcfour to be inverted. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-45142 |
CVE-2023-32067 | c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patched in version 1.19.1. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-32067 |
CVE-2023-39003 | OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 was discovered to contain insecure permissions in the directory /tmp. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-39003 |
CVE-2023-39005 | Insecure permissions exist for configd.socket in OPNsense Community Edition before 23.7 and Business Edition before 23.4.2. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-39005 |
CVE-2020-22218 | An issue was discovered in function _libssh2_packet_add in libssh2 1.10.0 allows attackers to access out of bounds memory. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-22218 |
CVE-2020-35342 | GNU Binutils before 2.34 has an uninitialized-heap vulnerability in function tic4x_print_cond (file opcodes/tic4x-dis.c) which could allow attackers to make an information leak. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-35342 |
CVE-2023-41105 | An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-41105 |
CVE-2023-32559 | A privilege escalation vulnerability exists in the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. The use of the deprecated API `process.binding()` can bypass the policy mechanism by requiring internal modules and eventually take advantage of `process.binding('spawn_sync')` run arbitrary code, outside of the limits defined in a `policy.json` file. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-32559 |
CVE-2021-32050 | Some MongoDB Drivers may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when specific authentication-related commands are executed. Without due care, an application may inadvertently expose this sensitive information, e.g., by writing it to a log file. This issue only arises if an application enables the command listener feature (this is not enabled by default). This issue affects the MongoDB C Driver 1.0.0 prior to 1.17.7, MongoDB PHP Driver 1.0.0 prior to 1.9.2, MongoDB Swift Driver 1.0.0 prior to 1.1.1, MongoDB Node.js Driver 3.6 prior to 3.6.10, MongoDB Node.js Driver 4.0 prior to 4.17.0 and MongoDB Node.js Driver 5.0 prior to 5.8.0. This issue also affects users of the MongoDB C++ Driver dependent on the C driver 1.0.0 prior to 1.17.7 (C++ driver prior to 3.7.0). | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-32050 |
CVE-2023-40589 | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. In affected versions there is a Global-Buffer-Overflow in the ncrush_decompress function. Feeding crafted input into this function can trigger the overflow which has only been shown to cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this issue. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40589 |
CVE-2023-39350 | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. This issue affects Clients only. Integer underflow leading to DOS (e.g. abort due to `WINPR_ASSERT` with default compilation flags). When an insufficient blockLen is provided, and proper length validation is not performed, an Integer Underflow occurs, leading to a Denial of Service (DOS) vulnerability. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-39350 |
CVE-2023-39351 | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions of FreeRDP are subject to a Null Pointer Dereference leading a crash in the RemoteFX (rfx) handling. Inside the `rfx_process_message_tileset` function, the program allocates tiles using `rfx_allocate_tiles` for the number of numTiles. If the initialization process of tiles is not completed for various reasons, tiles will have a NULL pointer. Which may be accessed in further processing and would cause a program crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-39351 |
CVE-2023-39354 | FreeRDP is a free implementation of the Remote Desktop Protocol (RDP), released under the Apache license. Affected versions are subject to an Out-Of-Bounds Read in the `nsc_rle_decompress_data` function. The Out-Of-Bounds Read occurs because it processes `context->Planes` without checking if it contains data of sufficient length. Should an attacker be able to leverage this vulnerability they may be able to cause a crash. This issue has been addressed in versions 2.11.0 and 3.0.0-beta3. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-39354 |
CVE-2023-4540 | Improper Handling of Exceptional Conditions vulnerability in Daurnimator lua-http library allows Excessive Allocation and a denial of service (DoS) attack to be executed by sending a properly crafted request to the server. This issue affects lua-http: all versions before commit ddab283. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-4540 |
CVE-2023-41594 | Dairy Farm Shop Management System Using PHP and MySQL v1.1 was discovered to contain multiple SQL injection vulnerabilities in the Login function via the Username and Password parameters. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-41594 |
CVE-2023-30995 | IBM Aspera Faspex 4.0 through 4.4.2 and 5.0 through 5.0.5 could allow a malicious actor to bypass IP whitelist restrictions using a specially crafted HTTP request. IBM X-Force ID: 254268. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-30995 |
CVE-2023-4278 | The MasterStudy LMS WordPress Plugin WordPress plugin before 3.0.18 does not have proper checks in place during registration allowing anyone to register on the site as an instructor. They can then add courses and/or posts. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-4278 |
CVE-2023-28831 | The OPC UA implementations (ANSI C and C++) in affected products contain an integer overflow vulnerability that could cause the application to run into an infinite loop during certificate validation. This could allow an unauthenticated remote attacker to create a denial of service condition by sending a specially crafted certificate. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28831 |
CVE-2023-43783 | Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/cadence-wineasio.reg Temporary File. The filename is used even if it has been created by a local adversary before Cadence started. The adversary can leverage this to create or overwrite files via a symlink attack. In some kernel configurations, code injection into the Wine registry is possible. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43783 |
CVE-2023-5156 | A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5156 |
CVE-2023-20187 | A vulnerability in the Multicast Leaf Recycle Elimination (mLRE) feature of Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to incorrect handling of certain IPv6 multicast packets when they are fanned out more than seven times on an affected device. An attacker could exploit this vulnerability by sending a specific IPv6 multicast or IPv6 multicast VPN (MVPNv6) packet through the affected device. A successful exploit could allow the attacker to cause a reload of the affected device, resulting in a DoS condition. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-20187 |
CVE-2023-20226 | A vulnerability in Application Quality of Experience (AppQoE) and Unified Threat Defense (UTD) on Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. This vulnerability is due to the mishandling of a crafted packet stream through the AppQoE or UTD application. An attacker could exploit this vulnerability by sending a crafted packet stream through an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-20226 |
CVE-2023-20227 | A vulnerability in the Layer 2 Tunneling Protocol (L2TP) feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of certain L2TP packets. An attacker could exploit this vulnerability by sending crafted L2TP packets to an affected device. A successful exploit could allow the attacker to cause the device to reload unexpectedly, resulting in a DoS condition. Note: Only traffic directed to the affected system can be used to exploit this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-20227 |
CVE-2023-5256 | In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation. This vulnerability only affects sites with the JSON:API module enabled, and can be mitigated by uninstalling JSON:API. The core REST and contributed GraphQL modules are not affected. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5256 |
CVE-2023-39410 | When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system. This issue affects Java applications using Apache Avro Java SDK up to and including 1.11.2. Users should update to apache-avro version 1.11.3 which addresses this issue. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-39410 |
CVE-2023-5296 | A vulnerability was found in Xinhu RockOA 1.1/2.3.2/15.X3amdi and classified as problematic. Affected by this issue is some unknown functionality of the file api.php?m=reimplat&a=index of the component Password Handler. The manipulation leads to weak password recovery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-240926 is the identifier assigned to this vulnerability. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5296 |
CVE-2023-5297 | A vulnerability was found in Xinhu RockOA 2.3.2. It has been classified as problematic. This affects the function start of the file task.php?m=sys|runt&a=beifen. The manipulation leads to exposure of backup file to an unauthorized control sphere. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240927. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5297 |
CVE-2023-44488 | VP9 in libvpx before 1.13.1 mishandles widths, leading to a crash related to encoding. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-44488 |
CVE-2023-3768 | Incorrect data input validation vulnerability, which could allow an attacker with access to the network to implement fuzzing techniques that would allow him to gain knowledge about specially crafted packets that would create a DoS condition through the MMS protocol when initiating communication, achieving a complete system reboot of the device and its services. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-3768 |
CVE-2023-5106 | An issue has been discovered in Ultimate-licensed GitLab EE affecting all versions starting 13.12 prior to 16.2.8, 16.3.0 prior to 16.3.5, and 16.4.0 prior to 16.4.1 that could allow an attacker to impersonate users in CI pipelines through direct transfer group imports. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5106 |
CVE-2023-41580 | Phpipam before v1.5.2 was discovered to contain a LDAP injection vulnerability via the dname parameter at /users/ad-search-result.php. This vulnerability allows attackers to enumerate arbitrary fields in the LDAP server and access sensitive data via a crafted POST request. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-41580 |
CVE-2023-3769 | Incorrect data input validation vulnerability, which could allow an attacker with access to the network to implement fuzzing techniques that would allow him to gain knowledge about specially crafted packets that would create a DoS condition through the MMS protocol when initiating communication, achieving a complete system reboot of the device and its services. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-3769 |
CVE-2023-3592 | In Mosquitto before 2.0.16, a memory leak occurs when clients send v5 CONNECT packets with a will message that contains invalid property types. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-3592 |
CVE-2023-5344 | Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5344 |
CVE-2023-3967 | Allocation of Resources Without Limits or Throttling vulnerability in Hitachi Ops Center Common Services on Linux allows DoS.This issue affects Hitachi Ops Center Common Services: before 10.9.3-00. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-3967 |
CVE-2023-26150 | Versions of the package asyncua before 0.9.96 are vulnerable to Improper Authentication such that it is possible to access Address Space without encryption and authentication. **Note:** This issue is a result of missing checks for services that require an active session. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-26150 |
CVE-2023-26151 | Versions of the package asyncua before 0.9.96 are vulnerable to Denial of Service (DoS) such that an attacker can send a malformed packet and as a result, the server will enter into an infinite loop and consume excessive memory. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-26151 |
CVE-2023-26152 | All versions of the package static-server are vulnerable to Directory Traversal due to improper input sanitization passed via the validPath function of server.js. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-26152 |
CVE-2023-24843 | Transient DOS in Modem while triggering a camping on an 5G cell. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24843 |
CVE-2023-24847 | Transient DOS in Modem while allocating DSM items. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24847 |
CVE-2023-24848 | Information Disclosure in Data Modem while performing a VoLTE call with an undefined RTCP FB line value. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24848 |
CVE-2023-24849 | Information Disclosure in data Modem while parsing an FMTP line in an SDP message. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-24849 |
CVE-2023-28540 | Cryptographic issue in Data Modem due to improper authentication during TLS handshake. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28540 |
CVE-2023-33026 | Transient DOS in WLAN Firmware while parsing a NAN management frame. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-33026 |
CVE-2023-33027 | Transient DOS in WLAN Firmware while parsing rsn ies. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-33027 |
CVE-2023-3655 | cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to 03.A06rks 2023.02.37 are affected by a dangerous methods, that allows to leak the database (system settings, user accounts,...). This vulnerability can be triggered by an HTTP endpoint exposed to the network. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-3655 |
CVE-2022-47892 | All versions of NetMan 204 could allow an unauthenticated remote attacker to read a file (config.cgi) containing sensitive information, like credentials. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-47892 |
CVE-2023-3349 | Information exposure vulnerability in IBERMATICA RPS 2019, which exploitation could allow an unauthenticated user to retrieve sensitive information, such as usernames, IP addresses or SQL queries sent to the application. By accessing the URL /RPS2019Service/status.html, the application enables the logging mechanism by generating the log file, which can be downloaded. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-3349 |
CVE-2023-3350 | A Cryptographic Issue vulnerability has been found on IBERMATICA RPS, affecting version 2019. By firstly downloading the log file, an attacker could retrieve the SQL query sent to the application in plaint text. This log file contains the password hashes coded with AES-CBC-128 bits algorithm, which can be decrypted with a .NET function, obtaining the username's password in plain text. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-3350 |
CVE-2023-4882 | DOS vulnerability that could allow an attacker to register a new VNF (Virtual Network Function) value. This action could trigger the args_assets() function defined in the arg-log.php file, which would then execute the args-abort.c file, causing the service to crash. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-4882 |
CVE-2023-4883 | Invalid pointer release vulnerability. Exploitation of this vulnerability could allow an attacker to interrupt the correct operation of the service by sending a specially crafted json string to the VNF (Virtual Network Function), and triggering the ogs_sbi_message_free function, which could cause a service outage. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-4883 |
CVE-2023-4884 | An attacker could send an HTTP request to an Open5GS endpoint and retrieve the information stored on the device due to the lack of Authentication. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-4884 |
CVE-2023-5255 | For certificates that utilize the auto-renew feature in Puppet Server, a flaw exists which prevents the certificates from being revoked. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5255 |
CVE-2022-22447 | IBM Disconnected Log Collector 1.0 through 1.8.2 is vulnerable to potential security misconfigurations that could disclose unintended information. IBM X-Force ID: 224648. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-22447 |
CVE-2023-30727 | Improper access control vulnerability in SecSettings prior to SMR Oct-2023 Release 1 allows attackers to enable Wi-Fi and connect arbitrary Wi-Fi without User Interaction. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-30727 |
CVE-2023-1584 | A flaw was found in Quarkus. Quarkus OIDC can leak both ID and access tokens in the authorization code flow when an insecure HTTP protocol is used, which can allow attackers to access sensitive user data directly from the ID token or by using the access token to access user data from OIDC provider services. Please note that passwords are not stored in access tokens. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-1584 |
CVE-2023-3512 | Relative path traversal vulnerability in Setelsa Security's ConacWin CB, in its 3.8.2.2 version and earlier, the exploitation of which could allow an attacker to perform an arbitrary download of files from the system via the "Download file" parameter. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-3512 |
CVE-2023-3038 | SQL injection vulnerability in HelpDezk Community affecting version 1.1.10. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the rows parameter of the jsonGrid route and extract all the information stored in the application. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-3038 |
CVE-2023-3361 | A flaw was found in Red Hat OpenShift Data Science. When exporting a pipeline from the Elyra notebook pipeline editor as Python DSL or YAML, it reads S3 credentials from the cluster (ds pipeline server) and saves them in plain text in the generated output instead of an ID for a Kubernetes secret. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-3361 |
CVE-2023-43809 | Soft Serve is a self-hostable Git server for the command line. Prior to version 0.6.2, a security vulnerability in Soft Serve could allow an unauthenticated, remote attacker to bypass public key authentication when keyboard-interactive SSH authentication is active, through the `allow-keyless` setting, and the public key requires additional client-side verification for example using FIDO2 or GPG. This is due to insufficient validation procedures of the public key step during SSH request handshake, granting unauthorized access if the keyboard-interaction mode is utilized. An attacker could exploit this vulnerability by presenting manipulated SSH requests using keyboard-interactive authentication mode. This could potentially result in unauthorized access to the Soft Serve. Users should upgrade to the latest Soft Serve version `v0.6.2` to receive the patch for this issue. To workaround this vulnerability without upgrading, users can temporarily disable Keyboard-Interactive SSH Authentication using the `allow-keyless` setting. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43809 |
CVE-2023-44828 | D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the CurrentPassword parameter in the CheckPasswdSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-44828 |
CVE-2023-44829 | D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the AdminPassword parameter in the SetDeviceSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-44829 |
CVE-2023-44830 | D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the EndTime parameter in the SetParentsControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-44830 |
CVE-2023-44831 | D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Type parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-44831 |
CVE-2023-44832 | D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the MacAddress parameter in the SetWanSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-44832 |
CVE-2023-44833 | D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the GuardInt parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-44833 |
CVE-2023-44834 | D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the StartTime parameter in the SetParentsControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-44834 |
CVE-2023-44835 | D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Mac parameter in the SetParentsControlInfo function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-44835 |
CVE-2023-44836 | D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the SSID parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-44836 |
CVE-2023-44837 | D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Password parameter in the SetWanSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-44837 |
CVE-2023-44838 | D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the TXPower parameter in the SetWLanRadioSettings function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-44838 |
CVE-2023-44839 | D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Encryption parameter in the SetWLanRadioSecurity function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-44839 |
CVE-2022-33160 | IBM Security Directory Suite 8.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 228568. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-33160 |
CVE-2023-42796 | A vulnerability has been identified in CP-8031 MASTER MODULE (All versions < CPCI85 V05.11), CP-8050 MASTER MODULE (All versions < CPCI85 V05.11). The web server of affected devices fails to properly sanitize user input for the /sicweb-ajax/tmproot/ endpoint. This could allow an authenticated remote attacker to traverse directories on the system and download arbitrary files. By exploring active session IDs, the vulnerability could potentially be leveraged to escalate privileges to the administrator role. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-42796 |
CVE-2023-40534 | When a client-side HTTP/2 profile and the HTTP MRF Router option are enabled for a virtual server, and an iRule using the HTTP_REQUEST event or Local Traffic Policy are associated with the virtual server, undisclosed requests can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40534 |
CVE-2023-40542 | When TCP Verified Accept is enabled on a TCP profile that is configured on a Virtual Server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40542 |
CVE-2023-41085 | When IPSec is configured on a Virtual Server, undisclosed traffic can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-41085 |
CVE-2023-36431 | Microsoft Message Queuing Denial of Service Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-36431 |
CVE-2023-36435 | Microsoft QUIC Denial of Service Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-36435 |
CVE-2023-36438 | Windows TCP/IP Information Disclosure Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-36438 |
CVE-2023-36567 | Windows Deployment Services Information Disclosure Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-36567 |
CVE-2023-36579 | Microsoft Message Queuing Denial of Service Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-36579 |
CVE-2023-36581 | Microsoft Message Queuing Denial of Service Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-36581 |
CVE-2023-36585 | Active Template Library Denial of Service Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-36585 |
CVE-2023-36602 | Windows TCP/IP Denial of Service Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-36602 |
CVE-2023-36603 | Windows TCP/IP Denial of Service Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-36603 |
CVE-2023-36606 | Microsoft Message Queuing Denial of Service Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-36606 |
CVE-2023-36703 | DHCP Server Service Denial of Service Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-36703 |
CVE-2023-36709 | Microsoft AllJoyn API Denial of Service Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-36709 |
CVE-2023-36720 | Windows Mixed Reality Developer Tools Denial of Service Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-36720 |
CVE-2023-38171 | Microsoft QUIC Denial of Service Vulnerability | 7.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-38171 |
CVE-2023-4586 | A vulnerability was found in the Hot Rod client. This security issue occurs as the Hot Rod client does not enable hostname validation when using TLS, possibly resulting in a man-in-the-middle (MITM) attack. | 7.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-4586 |
CVE-2023-45226 | The BIG-IP SPK TMM (Traffic Management Module) f5-debug-sidecar and f5-debug-sshd containers contains hardcoded credentials that may allow an attacker with the ability to intercept traffic to impersonate the SPK Secure Shell (SSH) server on those containers. This is only exposed when ssh debug is enabled. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated | 7.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-45226 |
CVE-2023-36605 | Windows Named Pipe Filesystem Elevation of Privilege Vulnerability | 7.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-36605 |
CVE-2015-8955 | arch/arm64/kernel/perf_event.c in the Linux kernel before 4.1 on arm64 platforms allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via vectors involving events that are mishandled during a span of multiple HW PMUs. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2015-8955 |
CVE-2022-25311 | A vulnerability has been identified in SINEC NMS (All versions >= V1.0.3 < V2.0), SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). The affected software do not properly check privileges between users during the same web browser session, creating an unintended sphere of control. This could allow an authenticated low privileged user to achieve privilege escalation. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-25311 |
CVE-2023-5450 | An insufficient verification of data vulnerability exists in BIG-IP Edge Client Installer on macOS that may allow an attacker elevation of privileges during the installation process. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-5450 |
CVE-2023-36420 | Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-36420 |
CVE-2023-36561 | Azure DevOps Server Elevation of Privilege Vulnerability | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-36561 |
CVE-2023-36570 | Microsoft Message Queuing Remote Code Execution Vulnerability | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-36570 |
CVE-2023-36571 | Microsoft Message Queuing Remote Code Execution Vulnerability | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-36571 |
CVE-2023-36572 | Microsoft Message Queuing Remote Code Execution Vulnerability | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-36572 |
CVE-2023-36573 | Microsoft Message Queuing Remote Code Execution Vulnerability | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-36573 |
CVE-2023-36574 | Microsoft Message Queuing Remote Code Execution Vulnerability | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-36574 |
CVE-2023-36575 | Microsoft Message Queuing Remote Code Execution Vulnerability | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-36575 |
CVE-2023-36578 | Microsoft Message Queuing Remote Code Execution Vulnerability | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-36578 |
CVE-2023-36582 | Microsoft Message Queuing Remote Code Execution Vulnerability | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-36582 |
CVE-2023-36583 | Microsoft Message Queuing Remote Code Execution Vulnerability | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-36583 |
CVE-2023-36589 | Microsoft Message Queuing Remote Code Execution Vulnerability | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-36589 |
CVE-2023-36590 | Microsoft Message Queuing Remote Code Execution Vulnerability | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-36590 |
CVE-2023-36591 | Microsoft Message Queuing Remote Code Execution Vulnerability | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-36591 |
CVE-2023-36592 | Microsoft Message Queuing Remote Code Execution Vulnerability | 7.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-36592 |
CVE-2022-24282 | A vulnerability has been identified in SINEC NMS (All versions >= V1.0.3 < V2.0), SINEC NMS (All versions < V1.0.3), SINEMA Server V14 (All versions). The affected system allows to upload JSON objects that are deserialized to Java objects. Due to insecure deserialization of user-supplied content by the affected software, a privileged attacker could exploit this vulnerability by sending a maliciously crafted serialized Java object. This could allow the attacker to execute arbitrary code on the device with root privileges. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2022-24282 |
CVE-2023-1985 | A vulnerability, which was classified as critical, has been found in SourceCodester Online Computer and Laptop Store 1.0. This issue affects the function save_brand of the file /classes/Master.php?f=save_brand. The manipulation of the argument name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-225533 was assigned to this vulnerability. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-1985 |
CVE-2023-1986 | A vulnerability, which was classified as critical, was found in SourceCodester Online Computer and Laptop Store 1.0. Affected is the function delete_order of the file /classes/master.php?f=delete_order. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-225534 is the identifier assigned to this vulnerability. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-1986 |
CVE-2023-1987 | A vulnerability has been found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. Affected by this vulnerability is the function update_order_status of the file /classes/Master.php?f=update_order_status. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-225535. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-1987 |
CVE-2023-39362 | Cacti is an open source operational monitoring and fault management framework. In Cacti 1.2.24, under certain conditions, an authenticated privileged user, can use a malicious string in the SNMP options of a Device, performing command injection and obtaining remote code execution on the underlying server. The `lib/snmp.php` file has a set of functions, with similar behavior, that accept in input some variables and place them into an `exec` call without a proper escape or validation. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-39362 |
CVE-2023-32972 | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and later QTS 5.1.0.2444 build 20230629 and later QTS 4.5.4.2467 build 20230718 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.0.2424 build 20230609 and later QuTS hero h4.5.4.2476 build 20230728 and later QuTScloud c5.1.0.2498 and later | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-32972 |
CVE-2023-42768 | When a non-admin user has been assigned an administrator role via an iControl REST PUT request and later the user's role is reverted back to a non-admin role via the Configuration utility, tmsh, or iControl REST. BIG-IP non-admin user can still have access to iControl REST admin resource. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-42768 |
CVE-2023-36780 | Skype for Business Remote Code Execution Vulnerability | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-36780 |
CVE-2023-36786 | Skype for Business Remote Code Execution Vulnerability | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-36786 |
CVE-2023-36789 | Skype for Business Remote Code Execution Vulnerability | 7.2 | https://nvd.nist.gov/vuln/detail/CVE-2023-36789 |
CVE-2020-13396 | An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in ntlm_read_ChallengeMessage in winpr/libwinpr/sspi/NTLM/ntlm_message.c. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-13396 |
CVE-2022-0850 | A vulnerability was found in linux kernel, where an information leak occurs via ext4_extent_header to userspace. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-0850 |
CVE-2022-3202 | A NULL pointer dereference flaw in diFree in fs/jfs/inode.c in Journaled File System (JFS)in the Linux kernel. This could allow a local attacker to crash the system or leak kernel internal information. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-3202 |
CVE-2022-41858 | A flaw was found in the Linux kernel. A NULL pointer dereference may occur while a slip driver is in progress to detach in sl_tx_timeout in drivers/net/slip/slip.c. This issue could allow an attacker to crash the system or leak internal kernel information. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-41858 |
CVE-2023-24518 | A Cross-site Request Forgery (CSRF) vulnerability in Pandora FMS allows an attacker to force authenticated users to send a request to a web application they are currently authenticated against. This issue affects Pandora FMS version 767 and earlier versions on all platforms. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-24518 |
CVE-2023-5369 | Before correction, the copy_file_range system call checked only for the CAP_READ and CAP_WRITE capabilities on the input and output file descriptors, respectively. Using an offset is logically equivalent to seeking, and the system call must additionally require the CAP_SEEK capability. This incorrect privilege check enabled sandboxed processes with only read or write but no seek capability on a file descriptor to read data from or write data to an arbitrary location within the file corresponding to that file descriptor. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-5369 |
CVE-2023-5377 | Out-of-bounds Read in GitHub repository gpac/gpac prior to v2.2.2-DEV. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-5377 |
CVE-2023-2422 | A flaw was found in Keycloak. A Keycloak server configured to support mTLS authentication for OAuth/OpenID clients does not properly verify the client certificate chain. A client that possesses a proper certificate can authorize itself as any other client, therefore, access data that belongs to other clients. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-2422 |
CVE-2023-44211 | Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 31637. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-44211 |
CVE-2023-44212 | Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 31477. | 7.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-44212 |
CVE-2019-11486 | The Siemens R3964 line discipline driver in drivers/tty/n_r3964.c in the Linux kernel before 5.0.8 has multiple race conditions. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2019-11486 |
CVE-2020-25668 | A flaw was found in Linux Kernel because access to the global variable fg_console is not properly synchronized leading to a use after free in con_font_op. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2020-25668 |
CVE-2021-4083 | A read-after-free memory flaw was found in the Linux kernel's garbage collection for Unix domain socket file handlers in the way users call close() and fget() simultaneously and can potentially trigger a race condition. This flaw allows a local user to crash the system or escalate their privileges on the system. This flaw affects Linux kernel versions prior to 5.16-rc4. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2021-4083 |
CVE-2021-3640 | A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system. | 7 | https://nvd.nist.gov/vuln/detail/CVE-2021-3640 |
CVE-2023-36565 | Microsoft Office Graphics Elevation of Privilege Vulnerability | 7 | https://nvd.nist.gov/vuln/detail/CVE-2023-36565 |
CVE-2023-36568 | Microsoft Office Click-To-Run Elevation of Privilege Vulnerability | 7 | https://nvd.nist.gov/vuln/detail/CVE-2023-36568 |
CVE-2023-36721 | Windows Error Reporting Service Elevation of Privilege Vulnerability | 7 | https://nvd.nist.gov/vuln/detail/CVE-2023-36721 |
CVE-2023-36776 | Win32k Elevation of Privilege Vulnerability | 7 | https://nvd.nist.gov/vuln/detail/CVE-2023-36776 |
CVE-2023-36902 | Windows Runtime Remote Code Execution Vulnerability | 7 | https://nvd.nist.gov/vuln/detail/CVE-2023-36902 |
CVE-2023-38159 | Windows Graphics Component Elevation of Privilege Vulnerability | 7 | https://nvd.nist.gov/vuln/detail/CVE-2023-38159 |
CVE-2020-11039 | In FreeRDP less than or equal to 2.0.0, when using a manipulated server with USB redirection enabled (nearly) arbitrary memory can be read and written due to integer overflows in length checks. This has been patched in 2.1.0. | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2020-11039 |
CVE-2023-36697 | Microsoft Message Queuing Remote Code Execution Vulnerability | 6.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-36697 |
CVE-2020-27777 | A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down (usually due to Secure Boot) guest system running on top of PowerVM or KVM hypervisors (pseries platform) a root like local user could use this flaw to further increase their privileges to that of a running kernel. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2020-27777 |
CVE-2021-28972 | In drivers/pci/hotplug/rpadlpar_sysfs.c in the Linux kernel through 5.11.8, the RPA PCI Hotplug driver has a user-tolerable buffer overflow when writing a new device name to the driver from userspace, allowing userspace to write data to the kernel stack frame directly. This occurs because add_slot_store and remove_slot_store mishandle drc_name '\\0' termination, aka CID-cc7a0bb058b8. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2021-28972 |
CVE-2023-37194 | A vulnerability has been identified in SIMATIC CP 1604 (All versions), SIMATIC CP 1616 (All versions), SIMATIC CP 1623 (All versions), SIMATIC CP 1626 (All versions), SIMATIC CP 1628 (All versions). The kernel memory of affected devices is exposed to user-mode via direct memory access (DMA) which could allow a local attacker with administrative privileges to execute arbitrary code on the host system without any restrictions. | 6.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-37194 |
CVE-2023-20109 | A vulnerability in the Cisco Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute arbitrary code on an affected device or cause the device to crash. This vulnerability is due to insufficient validation of attributes in the Group Domain of Interpretation (GDOI) and G-IKEv2 protocols of the GET VPN feature. An attacker could exploit this vulnerability by either compromising an installed key server or modifying the configuration of a group member to point to a key server that is controlled by the attacker. A successful exploit could allow the attacker to execute arbitrary code and gain full control of the affected system or cause the affected system to reload, resulting in a denial of service (DoS) condition. For more information, see the Details ["#details"] section of this advisory. | 6.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-20109 |
CVE-2023-38640 | A vulnerability has been identified in SICAM PAS/PQS (All versions >= V8.00 < V8.22). The affected application is installed with specific files and folders with insecure permissions. This could allow an authenticated local attacker to read and modify configuration data in the context of the application process. | 6.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-38640 |
CVE-2020-11017 | In FreeRDP less than or equal to 2.0.0, by providing manipulated input a malicious client can create a double free condition and crash the server. This is fixed in version 2.1.0. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-11017 |
CVE-2020-11018 | In FreeRDP less than or equal to 2.0.0, a possible resource exhaustion vulnerability can be performed. Malicious clients could trigger out of bound reads causing memory allocation with random size. This has been fixed in 2.1.0. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-11018 |
CVE-2020-11019 | In FreeRDP less than or equal to 2.0.0, when running with logger set to "WLOG_TRACE", a possible crash of application could occur due to a read of an invalid array index. Data could be printed as string to local terminal. This has been fixed in 2.1.0. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-11019 |
CVE-2020-11096 | In FreeRDP before version 2.1.2, there is a global OOB read in update_read_cache_bitmap_v3_order. As a workaround, one can disable bitmap cache with -bitmap-cache (default). This is fixed in version 2.1.2. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-11096 |
CVE-2020-11098 | In FreeRDP before version 2.1.2, there is an out-of-bound read in glyph_cache_put. This affects all FreeRDP clients with `+glyph-cache` option enabled This is fixed in version 2.1.2. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-11098 |
CVE-2020-11099 | In FreeRDP before version 2.1.2, there is an out of bounds read in license_read_new_or_upgrade_license_packet. A manipulated license packet can lead to out of bound reads to an internal buffer. This is fixed in version 2.1.2. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-11099 |
CVE-2020-4030 | In FreeRDP before version 2.1.2, there is an out of bounds read in TrioParse. Logging might bypass string length checks due to an integer overflow. This is fixed in version 2.1.2. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-4030 |
CVE-2020-4033 | In FreeRDP before version 2.1.2, there is an out of bounds read in RLEDECOMPRESS. All FreeRDP based clients with sessions with color depth < 32 are affected. This is fixed in version 2.1.2. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-4033 |
CVE-2020-26137 | urllib3 before 1.25.9 allows CRLF injection if the attacker controls the HTTP request method, as demonstrated by inserting CR and LF control characters in the first argument of putrequest(). NOTE: this is similar to CVE-2020-26116. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-26137 |
CVE-2021-1304 | Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization and modify the configuration of an affected system, gain access to sensitive information, and view information that they are not authorized to access. For more information about these vulnerabilities, see the Details section of this advisory. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-1304 |
CVE-2022-25187 | Jenkins Support Core Plugin 2.79 and earlier does not redact some sensitive information in the support bundle. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-25187 |
CVE-2022-27211 | A missing permission check in Jenkins Kubernetes Continuous Deploy Plugin 2.3.1 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-27211 |
CVE-2022-46144 | A vulnerability has been identified in SCALANCE SC622-2C (All versions < V2.3), SCALANCE SC622-2C (All versions >= V2.3 < V3.0), SCALANCE SC626-2C (All versions < V2.3), SCALANCE SC626-2C (All versions >= V2.3 < V3.0), SCALANCE SC632-2C (All versions < V2.3), SCALANCE SC632-2C (All versions >= V2.3 < V3.0), SCALANCE SC636-2C (All versions < V2.3), SCALANCE SC636-2C (All versions >= V2.3 < V3.0), SCALANCE SC642-2C (All versions < V2.3), SCALANCE SC642-2C (All versions >= V2.3 < V3.0), SCALANCE SC646-2C (All versions < V2.3), SCALANCE SC646-2C (All versions >= V2.3 < V3.0). Affected devices do not properly process CLI commands after a user forcefully quitted the SSH connection. This could allow an authenticated attacker to make the CLI via SSH or serial interface irresponsive. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-46144 |
CVE-2022-3437 | A heap-based buffer overflow vulnerability was found in Samba within the GSSAPI unwrap_des() and unwrap_des3() routines of Heimdal. The DES and Triple-DES decryption routines in the Heimdal GSSAPI library allow a length-limited write buffer overflow on malloc() allocated memory when presented with a maliciously small packet. This flaw allows a remote user to send specially crafted malicious data to the application, possibly resulting in a denial of service (DoS) attack. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-3437 |
CVE-2023-22283 | On versions beginning in 7.1.5 to before 7.2.3.1, a DLL hijacking vulnerability exists in the BIG-IP Edge Client for Windows. User interaction and administrative privileges are required to exploit this vulnerability because the victim user needs to run the executable on the system and the attacker requires administrative privileges for modifying the files in the trusted search path. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-22283 |
CVE-2023-2307 | Cross-Site Request Forgery (CSRF) in GitHub repository builderio/qwik prior to 0.104.0. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2307 |
CVE-2023-26782 | An issue discovered in mccms 2.6.1 allows remote attackers to cause a denial of service via Backend management interface ->System Configuration->Cache Configuration->Cache security characters. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-26782 |
CVE-2023-31147 | c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom() are unavailable, c-ares uses rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand() so will generate predictable output. Input from the random number generator is fed into a non-compilant RC4 implementation and may not be as strong as the original RC4 implementation. No attempt is made to look for modern OS-provided CSPRNGs like arc4random() that is widely available. This issue has been fixed in version 1.19.1. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-31147 |
CVE-2023-3932 | An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. It was possible for an attacker to run pipeline jobs as an arbitrary user via scheduled security scan policies. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-3932 |
CVE-2023-3180 | A flaw was found in the QEMU virtual crypto device while handling data encryption/decryption requests in virtio_crypto_handle_sym_req. There is no check for the value of `src_len` and `dst_len` in virtio_crypto_sym_op_helper, potentially leading to a heap buffer overflow when the two values differ. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-3180 |
CVE-2023-38999 | A Cross-Site Request Forgery (CSRF) in the System Halt API (/system/halt) of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to cause a Denial of Service (DoS) via a crafted GET request. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-38999 |
CVE-2020-19185 | Buffer Overflow vulnerability in one_one_mapping function in progs/dump_entry.c:1373 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-19185 |
CVE-2020-19186 | Buffer Overflow vulnerability in _nc_find_entry function in tinfo/comp_hash.c:66 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-19186 |
CVE-2020-19187 | Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1100 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-19187 |
CVE-2020-19188 | Buffer Overflow vulnerability in fmt_entry function in progs/dump_entry.c:1116 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-19188 |
CVE-2020-19189 | Buffer Overflow vulnerability in postprocess_terminfo function in tinfo/parse_entry.c:997 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-19189 |
CVE-2020-19190 | Buffer Overflow vulnerability in _nc_find_entry in tinfo/comp_hash.c:70 in ncurses 6.1 allows remote attackers to cause a denial of service via crafted command. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-19190 |
CVE-2021-40266 | FreeImage before 1.18.0, ReadPalette function in PluginTIFF.cpp is vulnerabile to null pointer dereference. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2021-40266 |
CVE-2023-4527 | A flaw was found in glibc. When the getaddrinfo function is called with the AF_UNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP larger than 2048 bytes can potentially disclose stack contents through the function returned address data, and may cause a crash. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-4527 |
CVE-2023-5169 | A compromised content process could have provided malicious data in a `PathRecording` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5169 |
CVE-2023-5171 | During Ion compilation, a Garbage Collection could have resulted in a use-after-free condition, allowing an attacker to write two NUL bytes, and cause a potentially exploitable crash. This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5171 |
CVE-2023-20202 | A vulnerability in the Wireless Network Control daemon (wncd) of Cisco IOS XE Software for Wireless LAN Controllers could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. This vulnerability is due to improper memory management. An attacker could exploit this vulnerability by sending a series of network requests to an affected device. A successful exploit could allow the attacker to cause the wncd process to consume available memory and eventually cause the device to reload, resulting in a DoS condition. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-20202 |
CVE-2023-42822 | xrdp is an open source remote desktop protocol server. Access to the font glyphs in xrdp_painter.c is not bounds-checked . Since some of this data is controllable by the user, this can result in an out-of-bounds read within the xrdp executable. The vulnerability allows an out-of-bounds read within a potentially privileged process. On non-Debian platforms, xrdp tends to run as root. Potentially an out-of-bounds write can follow the out-of-bounds read. There is no denial-of-service impact, providing xrdp is running in forking mode. This issue has been addressed in release 0.9.23.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-42822 |
CVE-2023-3024 | Forcing the Bluetooth LE stack to segment 'prepare write response' packets can lead to an out-of-bounds memory access. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-3024 |
CVE-2023-5324 | A vulnerability has been found in eeroOS up to 6.16.4-11 and classified as critical. This vulnerability affects unknown code of the component Ethernet Interface. The manipulation leads to denial of service. The attack needs to be approached within the local network. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-241024. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5324 |
CVE-2023-5327 | A vulnerability was found in SATO CL4NX-J Plus 1.13.2-u455_r2. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /rest/dir/. The manipulation of the argument full leads to path traversal. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-241028. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5327 |
CVE-2023-43836 | There is a SQL injection vulnerability in the Jizhicms 2.4.9 backend, which users can use to obtain database information | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43836 |
CVE-2023-4099 | The QSige Monitor application does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so. As a prerequisite, it is necessary to log into the application. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-4099 |
CVE-2023-4101 | The QSige login SSO does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so. As a prerequisite, it is necessary to log into the application. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-4101 |
CVE-2023-32791 | Cross-Site Request Forgery (CSRF) vulnerability in NXLog Manager 5.6.5633 version. This vulnerability allows an attacker to manipulate and delete user accounts within the platform by sending a specifically crafted query to the server. The vulnerability is based on the lack of proper validation of the origin of incoming requests. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-32791 |
CVE-2023-32792 | Cross-Site Request Forgery (CSRF) vulnerability in NXLog Manager 5.6.5633 version. This vulnerability allows an attacker to eliminate roles within the platform by sending a specifically crafted query to the server. The vulnerability is based on the absence of proper validation of the origin of incoming requests. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-32792 |
CVE-2023-39159 | Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Fraud Prevention For Woocommerce plugin <= 2.1.5 versions. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-39159 |
CVE-2023-40009 | Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Pipes plugin <= 1.4.0 versions. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40009 |
CVE-2023-40198 | Cross-Site Request Forgery (CSRF) vulnerability in Antsanchez Easy Cookie Law plugin <= 3.1 versions. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40198 |
CVE-2023-40212 | Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Product Attachment for WooCommerce plugin <= 2.1.8 versions. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40212 |
CVE-2023-42508 | JFrog Artifactory prior to version 7.66.0 is vulnerable to specific endpoint abuse with a specially crafted payload, which can lead to unauthenticated users being able to send emails with manipulated email body. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-42508 |
CVE-2023-5353 | Improper Access Control in GitHub repository salesagility/suitecrm prior to 7.14.1. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5353 |
CVE-2023-2544 | Authorization bypass vulnerability in UPV PEIX, affecting the component "pdf_curri_new.php". Through a POST request, an authenticated user could change the ID parameter to retrieve all the stored information of other registered users. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-2544 |
CVE-2023-39158 | Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Banner Management For WooCommerce plugin <= 2.4.2 versions. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-39158 |
CVE-2023-5368 | On an msdosfs filesystem, the 'truncate' or 'ftruncate' system calls under certain circumstances populate the additional space in the file with unallocated data from the underlying disk device, rather than zero bytes. This may permit a user with write access to files on a msdosfs filesystem to read unintended data (e.g. from a previously deleted file). | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5368 |
CVE-2023-40376 | IBM UrbanCode Deploy (UCD) 7.1 - 7.1.2.12, 7.2 through 7.2.3.5, and 7.3 through 7.3.2.0 under certain configurations could allow an authenticated user to make changes to environment variables due to improper authentication controls. IBM X-Force ID: 263581. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40376 |
CVE-2023-5371 | RTPS dissector memory leak in Wireshark 4.0.0 to 4.0.8 and 3.6.0 to 3.6.16 allows denial of service via packet injection or crafted capture file | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5371 |
CVE-2023-43793 | Misskey is an open source, decentralized social media platform. Prior to version 2023.9.0, by editing the URL, a user can bypass the authentication of the Bull dashboard, which is the job queue management UI, and access it. Version 2023.9.0 contains a fix. There are no known workarounds. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43793 |
CVE-2023-43070 | Dell SmartFabric Storage Software v1.4 (and earlier) contains a Path Traversal Vulnerability in the HTTP interface. A remote authenticated attacker could potentially exploit this vulnerability, leading to modify or write arbitrary files to arbitrary locations in the license container. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43070 |
CVE-2023-43073 | Dell SmartFabric Storage Software v1.4 (and earlier) contains an Improper Input Validation vulnerability in RADIUS configuration. An authenticated remote attacker could potentially exploit this vulnerability, leading to gaining unauthorized access to data. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43073 |
CVE-2023-40745 | LibTIFF is vulnerable to an integer overflow. This flaw allows remote attackers to cause a denial of service (application crash) or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-40745 |
CVE-2023-41175 | A vulnerability was found in libtiff due to multiple potential integer overflows in raw2tiff.c. This flaw allows remote attackers to cause a denial of service or possibly execute an arbitrary code via a crafted tiff image, which triggers a heap-based buffer overflow. | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-41175 |
CVE-2023-23365 | A path traversal vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow authenticated users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following version: Music Station 5.3.22 and later | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-23365 |
CVE-2023-23366 | A path traversal vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow authenticated users to read the contents of unexpected files and expose sensitive data via a network. We have already fixed the vulnerability in the following version: Music Station 5.3.22 and later | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-23366 |
CVE-2023-29348 | Windows Remote Desktop Gateway (RD Gateway) Information Disclosure Vulnerability | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-29348 |
CVE-2023-36429 | Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-36429 |
CVE-2023-36433 | Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-36433 |
CVE-2023-36563 | Microsoft WordPad Information Disclosure Vulnerability | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-36563 |
CVE-2023-36564 | Windows Search Security Feature Bypass Vulnerability | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-36564 |
CVE-2023-36566 | Microsoft Common Data Model SDK Denial of Service Vulnerability | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-36566 |
CVE-2023-36596 | Remote Procedure Call Information Disclosure Vulnerability | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-36596 |
CVE-2023-36706 | Windows Deployment Services Information Disclosure Vulnerability | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-36706 |
CVE-2023-36707 | Windows Deployment Services Denial of Service Vulnerability | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-36707 |
CVE-2023-36717 | Windows Virtual Trusted Platform Module Denial of Service Vulnerability | 6.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-36717 |
CVE-2023-31130 | c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed in 1.19.1. | 6.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-31130 |
CVE-2023-5467 | The GEO my WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 6.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5467 |
CVE-2023-5468 | The Slick Contact Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'dcscf-link' shortcode in versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 6.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5468 |
CVE-2023-4380 | A logic flaw exists in Ansible. Whenever a private project is created with incorrect credentials, they are logged in plaintext. This flaw allows an attacker to retrieve the credentials from the log, resulting in the loss of confidentiality, integrity, and availability. | 6.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-4380 |
CVE-2019-11236 | In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2019-11236 |
CVE-2020-6215 | SAP NetWeaver AS ABAP Business Server Pages Test Application IT00, versions 700, 701, 702, 730, 731, 740, 750, 751, 752, 753, 754, allows an attacker to redirect users to a malicious site due to insufficient URL validation and steal credentials of the victim, leading to URL Redirection vulnerability. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2020-6215 |
CVE-2022-25321 | An issue was discovered in Cerebrate through 1.4. XSS could occur in the bookmarks component. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-25321 |
CVE-2023-0028 | Cross-site Scripting (XSS) - Stored in GitHub repository linagora/twake prior to 2023.Q1.1200+. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-0028 |
CVE-2023-0748 | Open Redirect in GitHub repository btcpayserver/btcpayserver prior to 1.7.6. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-0748 |
CVE-2023-28439 | CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered affecting Iframe Dialog and Media Embed packages. The vulnerability may trigger a JavaScript code after fulfilling special conditions: using one of the affected packages on a web page with missing proper Content Security Policy configuration; initializing the editor on an element and using an element other than `<textarea>` as a base; and destroying the editor instance. This vulnerability might affect a small percentage of integrators that depend on dynamic editor initialization/destroy mechanism. A fix is available in CKEditor4 version 4.21.0. In some rare cases, a security fix may be considered a breaking change. Starting from version 4.21.0, the Iframe Dialog plugin applies the `sandbox` attribute by default, which restricts JavaScript code execution in the iframe element. To change this behavior, configure the `config.iframe_attributes` option. Also starting from version 4.21.0, the Media Embed plugin regenerates the entire content of the embed widget by default. To change this behavior, configure the `config.embed_keepOriginalContent` option. Those who choose to enable either of the more permissive options or who cannot upgrade to a patched version should properly configure Content Security Policy to avoid any potential security issues that may arise from embedding iframe elements on their web page. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-28439 |
CVE-2023-1857 | A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/?page=product/manage_product&id=2. The manipulation of the argument Product Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-224996. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-1857 |
CVE-2023-1961 | A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/?page=system_info. The manipulation of the argument System Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225348. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-1961 |
CVE-2023-2657 | A vulnerability classified as problematic was found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this vulnerability is an unknown functionality of the file products.php. The manipulation of the argument search leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228799. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-2657 |
CVE-2023-34666 | Cross-site scripting (XSS) vulnerability in Phpgurukul Cyber Cafe Management System 1.0 allows remote attackers to inject arbitrary web script or HTML via the admin username parameter. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-34666 |
CVE-2023-38998 | An open redirect in the Login page of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to redirect a victim user to an arbitrary web site via a crafted URL. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-38998 |
CVE-2023-39000 | A reflected cross-site scripting (XSS) vulnerability in the component /ui/diagnostics/log/core/ of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to inject arbitrary JavaScript via the URL path. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-39000 |
CVE-2023-39002 | A cross-site scripting (XSS) vulnerability in the act parameter of system_certmanager.php in OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-39002 |
CVE-2023-5084 | Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.8.8. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-5084 |
CVE-2023-44043 | A reflected cross-site scripting (XSS) vulnerability in /install/index.php of Black Cat CMS 1.4.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website title parameter. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-44043 |
CVE-2023-41856 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ClickToTweet.Com Click To Tweet plugin <= 2.0.14 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-41856 |
CVE-2023-44244 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FooPlugins FooGallery plugin <= 2.2.44 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-44244 |
CVE-2023-44474 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in MD Jakir Hosen Tiger Forms – Drag and Drop Form Builder plugin <= 2.0.0 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-44474 |
CVE-2023-44144 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Dreamfox Payment gateway per Product for WooCommerce plugin <= 3.2.7 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-44144 |
CVE-2023-44245 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Leap Contractor Contact Form Website to Workflow Tool plugin <= 4.0.0 versions. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-44245 |
CVE-2023-44012 | Cross Site Scripting vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the helpkey parameter in the Help.aspx component. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-44012 |
CVE-2023-0828 | Cross-site Scripting (XSS) vulnerability in Syslog Section of Pandora FMS allows attacker to cause that users cookie value will be transferred to the attackers users server. This issue affects Pandora FMS v767 version and prior versions on all platforms. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-0828 |
CVE-2023-32790 | Cross-Site Scripting (XSS) vulnerability in NXLog Manager 5.6.5633 version. This vulnerability allows an attacker to inject a malicious JavaScript payload into the 'Full Name' field during a user edit, due to improper sanitization of the input parameter. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-32790 |
CVE-2023-40519 | A cross-site scripting (XSS) vulnerability in the bpk-common/auth/login/index.html login portal in Broadpeak Centralized Accounts Management Auth Agent 01.01.00.19219575_ee9195b0, 01.01.01.30097902_fd999e76, and 00.12.01.9565588_1254b459 allows remote attackers to inject arbitrary web script or HTML via the disconnectMessage parameter. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-40519 |
CVE-2023-5375 | Open Redirect in GitHub repository mosparo/mosparo prior to 1.0.2. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-5375 |
CVE-2023-4090 | Cross-site Scripting (XSS) reflected vulnerability on WideStand until 5.3.5 version, which generates one of the meta tags directly using the content of the queried URL, which would allow an attacker to inject HTML/Javascript code into the response. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-4090 |
CVE-2023-4492 | Vulnerability in Easy Address Book Web Server 1.6 version, affecting the parameters (firstname, homephone, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate and workzip) of the /addrbook.ghp file, allowing an attacker to inject a JavaScript payload specially designed to run when the application is loaded | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-4492 |
CVE-2023-4495 | Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability stored via /registresult.htm (POST method), in the Resume parameter. The XSS is loaded from /register.ghp. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-4495 |
CVE-2023-4496 | Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability stored via /body2.ghp (POST method), in the mtowho parameter. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-4496 |
CVE-2023-4497 | Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability stored via /registresult.htm (POST method), in the Icon parameter. The XSS is loaded from /users.ghp. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-4497 |
CVE-2022-36277 | The 'sReferencia', 'sDescripcion', 'txtCodigo' and 'txtDescripcion' parameters, in the frmGestionStock.aspx and frmEditServicio.aspx files in TCMAN GIM v8.0.1, could allow an attacker to perform persistent XSS attacks. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2022-36277 |
CVE-2023-27121 | A cross-site scripting (XSS) vulnerability in the component /framework/cron/action/humanize of Pleasant Solutions Pleasant Password Server v7.11.41.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cronString parameter. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-27121 |
CVE-2023-42808 | Common Voice is the web app for Mozilla Common Voice, a platform for collecting speech donations in order to create public domain datasets for training voice recognition-related tools. Version 1.88.2 is vulnerable to reflected Cross-Site Scripting given that user-controlled data flows to a path expression (path of a network request). This issue may lead to reflected Cross-Site Scripting (XSS) in the context of Common Voice’s server origin. As of time of publication, it is unknown whether any patches or workarounds exist. | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-42808 |
CVE-2023-36416 | Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | 6.1 | https://nvd.nist.gov/vuln/detail/CVE-2023-36416 |
CVE-2023-0330 | A vulnerability in the lsi53c895a device affects the latest version of qemu. A DMA-MMIO reentrancy problem may lead to memory corruption bugs like stack overflow or use-after-free. | 6 | https://nvd.nist.gov/vuln/detail/CVE-2023-0330 |
CVE-2020-11042 | In FreeRDP greater than 1.1 and before 2.0.0, there is an out-of-bounds read in update_read_icon_info. It allows reading a attacker-defined amount of client memory (32bit unsigned -> 4GB) to an intermediate buffer. This can be used to crash the client or store information for later retrieval. This has been patched in 2.0.0. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2020-11042 |
CVE-2020-11047 | In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bounds read in autodetect_recv_bandwidth_measure_results. A malicious server can extract up to 8 bytes of client memory with a manipulated message by providing a short input and reading the measurement result data. This has been patched in 2.0.0. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2020-11047 |
CVE-2023-32570 | VideoLAN dav1d before 1.2.0 has a thread_task.c race condition that can lead to an application crash, related to dav1d_decode_frame_exit. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-32570 |
CVE-2023-4813 | A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-4813 |
CVE-2023-4806 | A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-4806 |
CVE-2023-4885 | Man in the Middle vulnerability, which could allow an attacker to intercept VNF (Virtual Network Function) communications resulting in the exposure of sensitive information. | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-4885 |
CVE-2022-4132 | A flaw was found in JSS. A memory leak in JSS requires non-standard configuration but is a low-effort DoS vector if configured that way (repeatedly hitting the login page). | 5.9 | https://nvd.nist.gov/vuln/detail/CVE-2022-4132 |
CVE-2023-5257 | A vulnerability was found in WhiteHSBG JNDIExploit 1.4 on Windows. It has been rated as problematic. Affected by this issue is the function handleFileRequest of the file src/main/java/com/feihong/ldap/HTTPServer.java. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. VDB-240866 is the identifier assigned to this vulnerability. | 5.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-5257 |
CVE-2023-43627 | Path traversal vulnerability in ACERA 1320 firmware ver.01.26 and earlier, and ACERA 1310 firmware ver.01.26 and earlier allows a network-adjacent authenticated attacker to alter critical information such as system files by sending a specially crafted request. They are affected when running in ST(Standalone) mode. | 5.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-43627 |
CVE-2023-38537 | A race condition in a network transport subsystem led to a heap use-after-free issue in established or unsilenced incoming audio/video calls that could have resulted in app termination or unexpected control flow with very low probability. | 5.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-38537 |
CVE-2019-6293 | An issue was discovered in the function mark_beginning_as_normal in nfa.c in flex 2.6.4. There is a stack exhaustion problem caused by the mark_beginning_as_normal function making recursive calls to itself in certain scenarios involving lots of '*' characters. Remote attackers could leverage this vulnerability to cause a denial-of-service. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2019-6293 |
CVE-2020-13397 | An issue was discovered in FreeRDP before 2.1.1. An out-of-bounds (OOB) read vulnerability has been detected in security_fips_decrypt in libfreerdp/core/security.c due to an uninitialized value. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-13397 |
CVE-2020-11089 | In FreeRDP before 2.1.0, there is an out-of-bound read in irp functions (parallel_process_irp_create, serial_process_irp_create, drive_process_irp_write, printer_process_irp_write, rdpei_recv_pdu, serial_process_irp_write). This has been fixed in 2.1.0. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-11089 |
CVE-2023-21898 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.42 and prior to 7.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. Note: Applies to VirtualBox VMs running Windows 7 and later. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21898 |
CVE-2023-21899 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.42 and prior to 7.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. Note: Applies to VirtualBox VMs running Windows 7 and later. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-21899 |
CVE-2023-20588 | A division-by-zero error on some AMD processors can potentially return speculative data resulting in loss of confidentiality. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-20588 |
CVE-2022-35205 | An issue was discovered in Binutils readelf 2.38.50, reachable assertion failure in function display_debug_names allows attackers to cause a denial of service. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-35205 |
CVE-2022-48063 | GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function load_separate_debug_files at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-48063 |
CVE-2022-48064 | GNU Binutils before 2.40 was discovered to contain an excessive memory consumption vulnerability via the function bfd_dwarf2_find_nearest_line_with_alt at dwarf2.c. The attacker could supply a crafted ELF file and cause a DNS attack. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-48064 |
CVE-2022-48065 | GNU Binutils before 2.40 was discovered to contain a memory leak vulnerability var the function find_abstract_instance in dwarf2.c. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-48065 |
CVE-2023-43782 | Cadence through 0.9.2 2023-08-21 uses an Insecure /tmp/.cadence-aloop-daemon.x Temporary File. The file is used even if it has been created by a local adversary before Cadence started. The adversary can then delete the file, disrupting Cadence. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43782 |
CVE-2023-23495 | A permissions issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14. An app may be able to access sensitive user data. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-23495 |
CVE-2023-32361 | The issue was addressed with improved handling of caches. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An app may be able to access user-sensitive data. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-32361 |
CVE-2023-32421 | A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14. An app may be able to observe unprotected user data. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-32421 |
CVE-2023-41078 | An authorization issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14. An app may be able to bypass certain Privacy preferences. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-41078 |
CVE-2023-41079 | The issue was addressed with improved permissions logic. This issue is fixed in macOS Sonoma 14. An app may be able to bypass Privacy preferences. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-41079 |
CVE-2023-41232 | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.7, iOS 17 and iPadOS 17, macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. An app may be able to disclose kernel memory. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-41232 |
CVE-2023-41968 | This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.6, tvOS 17, macOS Monterey 12.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to read arbitrary files. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-41968 |
CVE-2023-41980 | A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to bypass Privacy preferences. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-41980 |
CVE-2023-41986 | The issue was addressed with improved checks. This issue is fixed in iOS 17 and iPadOS 17, macOS Sonoma 14. An app may be able to modify protected parts of the file system. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-41986 |
CVE-2023-41996 | The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6. Apps that fail verification checks may still launch. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-41996 |
CVE-2023-4211 | A local non-privileged user can make improper GPU memory processing operations to gain access to already freed memory. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-4211 |
CVE-2023-3335 | Insertion of Sensitive Information into Log File vulnerability in Hitachi Ops Center Administrator on Linux allows local users to gain sensive information.This issue affects Hitachi Ops Center Administrator: before 10.9.3-00. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-3335 |
CVE-2023-28571 | Information disclosure in WLAN HOST while processing the WLAN scan descriptor list during roaming scan. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-28571 |
CVE-2023-43898 | Nothings stb 2.28 was discovered to contain a Null Pointer Dereference via the function stbi__convert_format. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted pic file. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43898 |
CVE-2023-30734 | Improper access control vulnerability in Samsung Health prior to version 6.24.3.007 allows attackers to access sensitive information via implicit intent. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-30734 |
CVE-2023-30737 | Improper access control vulnerability in Samsung Health prior to version 6.24.3.007 allows attackers to access sensitive information via implicit intent. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-30737 |
CVE-2023-5370 | On CPU 0 the check for the SMCCC workaround is called before SMCCC support has been initialized. This resulted in no speculative execution workarounds being installed on CPU 0. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-5370 |
CVE-2023-4037 | Blind SQL injection vulnerability in the Conacwin 3.7.1.2 web interface, the exploitation of which could allow a local attacker to obtain sensitive data stored in the database by sending a specially crafted SQL query to the xml parameter. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-4037 |
CVE-2023-3428 | A heap-based buffer overflow vulnerability was found in coders/tiff.c in ImageMagick. This issue may allow a local attacker to trick the user into opening a specially crafted file, resulting in an application crash and denial of service. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-3428 |
CVE-2023-3576 | A memory leak flaw was found in Libtiff's tiffcrop utility. This issue occurs when tiffcrop operates on a TIFF image file, allowing an attacker to pass a crafted TIFF image file to tiffcrop utility, which causes this memory leak issue, resulting an application crash, eventually leading to a denial of service. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-3576 |
CVE-2023-44210 | Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 29258. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-44210 |
CVE-2023-44213 | Sensitive information disclosure due to excessive collection of system information. The following products are affected: Acronis Agent (Windows) before build 35739. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-44213 |
CVE-2023-44214 | Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-44214 |
CVE-2023-45240 | Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-45240 |
CVE-2023-45241 | Sensitive information leak through log files. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-45241 |
CVE-2023-45242 | Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-45242 |
CVE-2023-45243 | Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35739. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-45243 |
CVE-2023-45245 | Sensitive information disclosure due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 36119. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-45245 |
CVE-2022-34355 | IBM Jazz Foundation (IBM Engineering Lifecycle Management 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2) could disclose sensitive version information to a user that could be used in further attacks against the system. IBM X-Force ID: 230498. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2022-34355 |
CVE-2023-41253 | When on BIG-IP DNS or BIG-IP LTM enabled with DNS Services License, and a TSIG key is created, it is logged in plaintext in the audit log. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-41253 |
CVE-2023-43485 | When TACACS+ audit forwarding is configured on BIG-IP or BIG-IQ system, sharedsecret is logged in plaintext in the audit log. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-43485 |
CVE-2023-36576 | Windows Kernel Information Disclosure Vulnerability | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-36576 |
CVE-2023-36713 | Windows Common Log File System Driver Information Disclosure Vulnerability | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-36713 |
CVE-2023-36724 | Windows Power Management Service Information Disclosure Vulnerability | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-36724 |
CVE-2023-36728 | Microsoft SQL Server Denial of Service Vulnerability | 5.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-36728 |
CVE-2019-14870 | All Samba versions 4.x.x before 4.9.17, 4.10.x before 4.10.11 and 4.11.x before 4.11.3 have an issue, where the S4U (MS-SFU) Kerberos delegation model includes a feature allowing for a subset of clients to be opted out of constrained delegation in any way, either S4U2Self or regular Kerberos authentication, by forcing all tickets for these clients to be non-forwardable. In AD this is implemented by a user attribute delegation_not_allowed (aka not-delegated), which translates to disallow-forwardable. However the Samba AD DC does not do that for S4U2Self and does set the forwardable flag even if the impersonated client has the not-delegated flag set. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2019-14870 |
CVE-2020-11038 | In FreeRDP less than or equal to 2.0.0, an Integer Overflow to Buffer Overflow exists. When using /video redirection, a manipulated server can instruct the client to allocate a buffer with a smaller size than requested due to an integer overflow in size calculation. With later messages, the server can manipulate the client to write data out of bound to the previously allocated buffer. This has been patched in 2.1.0. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-11038 |
CVE-2020-11086 | In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_ntlm_v2_client_challenge that reads up to 28 bytes out-of-bound to an internal structure. This has been fixed in 2.1.0. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-11086 |
CVE-2020-11087 | In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_AuthenticateMessage. This has been fixed in 2.1.0. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-11087 |
CVE-2020-11088 | In FreeRDP less than or equal to 2.0.0, there is an out-of-bound read in ntlm_read_NegotiateMessage. This has been fixed in 2.1.0. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-11088 |
CVE-2020-11095 | In FreeRDP before version 2.1.2, an out of bound reads occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. This is fixed in version 2.1.2. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-11095 |
CVE-2020-11097 | In FreeRDP before version 2.1.2, an out of bounds read occurs resulting in accessing a memory location that is outside of the boundaries of the static array PRIMARY_DRAWING_ORDER_FIELD_BYTES. This is fixed in version 2.1.2. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2020-11097 |
CVE-2022-29529 | An issue was discovered in MISP before 2.4.158. There is stored XSS via the LinOTP login field. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-29529 |
CVE-2022-29530 | An issue was discovered in MISP before 2.4.158. There is stored XSS in the galaxy clusters. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-29530 |
CVE-2022-29531 | An issue was discovered in MISP before 2.4.158. There is stored XSS in the event graph via a tag name. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2022-29531 |
CVE-2023-0747 | Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.6. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-0747 |
CVE-2023-0879 | Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.12. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-0879 |
CVE-2023-39006 | The Crash Reporter (crash_reporter.php) component of OPNsense Community Edition before 23.7 and Business Edition before 23.4.2 mishandles input sanitization. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-39006 |
CVE-2023-40577 | Alertmanager handles alerts sent by client applications such as the Prometheus server. An attacker with the permission to perform POST requests on the /api/v1/alerts endpoint could be able to execute arbitrary JavaScript code on the users of Prometheus Alertmanager. This issue has been fixed in Alertmanager version 0.2.51. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-40577 |
CVE-2023-20179 | A vulnerability in the web-based management interface of Cisco Catalyst SD-WAN Manager, formerly Cisco SD-WAN vManage, could allow an authenticated, remote attacker to inject HTML content. This vulnerability is due to improper validation of user-supplied data in element fields. An attacker could exploit this vulnerability by submitting malicious content within requests and persuading a user to view a page that contains injected content. A successful exploit could allow the attacker to modify pages within the web-based management interface, possibly leading to further browser-based attacks against users of the application. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-20179 |
CVE-2023-43871 | A File upload vulnerability in WBCE v.1.6.1 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS). | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43871 |
CVE-2023-43702 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "tracking_number" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43702 |
CVE-2023-43703 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "product_info[][name]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43703 |
CVE-2023-43704 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "title" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43704 |
CVE-2023-43705 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "translation_value[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43705 |
CVE-2023-43706 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "email_templates_key" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43706 |
CVE-2023-43707 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "CatalogsPageDescriptionForm[1][name] " parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43707 |
CVE-2023-43708 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "configuration_title[1](MODULE_PAYMENT_SAGE_PAY_SERVER_TEXT_TITLE)" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43708 |
CVE-2023-43709 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "configuration_title[1](MODULE)" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43709 |
CVE-2023-43710 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "configuration_title[1][MODULE_SHIPPING_PERCENT_TEXT_TITLE]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43710 |
CVE-2023-43711 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "admin_firstname" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43711 |
CVE-2023-43712 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "access_levels_name" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43712 |
CVE-2023-43713 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability, which allows attackers to inject JS via the "title" parameter, in the "/admin/admin-menu/add-submit" endpoint, which can lead to unauthorized execution of scripts in a user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43713 |
CVE-2023-43714 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "SKIP_CART_PAGE_TITLE[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43714 |
CVE-2023-43715 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "ENTRY_FIRST_NAME_MIN_LENGTH_TITLE[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43715 |
CVE-2023-43716 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "MAX_DISPLAY_NEW_PRODUCTS_TITLE[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43716 |
CVE-2023-43717 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "MSEARCH_HIGHLIGHT_ENABLE_TITLE[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43717 |
CVE-2023-43718 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "MSEARCH_ENABLE_TITLE[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43718 |
CVE-2023-43719 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "SHIPPING_GENDER_TITLE[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43719 |
CVE-2023-43720 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "BILLING_GENDER_TITLE[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43720 |
CVE-2023-43721 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "PACKING_SLIPS_SUMMARY_TITLE[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43721 |
CVE-2023-43722 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "orders_status_groups_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43722 |
CVE-2023-43723 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "orders_status_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43723 |
CVE-2023-43724 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "derb6zmklgtjuhh2cn5chn2qjbm2stgmfa4.oastify.comscription[1][name]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43724 |
CVE-2023-43725 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "orders_products_status_name_long[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43725 |
CVE-2023-43726 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "orders_products_status_manual_name_long[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43726 |
CVE-2023-43727 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "stock_indication_text[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43727 |
CVE-2023-43728 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "stock_delivery_terms_text[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43728 |
CVE-2023-43729 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "xsell_type_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43729 |
CVE-2023-43730 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "countries_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43730 |
CVE-2023-43731 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "zone_name" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43731 |
CVE-2023-43732 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "tax_class_title" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43732 |
CVE-2023-43733 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "company_address" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43733 |
CVE-2023-43734 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "name" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43734 |
CVE-2023-43735 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "formats_titles[7]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43735 |
CVE-2023-5111 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "featured_type_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5111 |
CVE-2023-5112 | Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability. This vulnerability allows attackers to inject JS through the "specials_type_name[1]" parameter, potentially leading to unauthorized execution of scripts within a user's web browser. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5112 |
CVE-2023-41847 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WEN Solutions Notice Bar plugin <= 3.1.0 versions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-41847 |
CVE-2023-44145 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in jesweb.Dev Anchor Episodes Index (Spotify for Podcasters) plugin <= 2.1.7 versions. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-44145 |
CVE-2023-43267 | A cross-site scripting (XSS) vulnerability in the publish article function of emlog pro v2.1.14 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title field. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43267 |
CVE-2023-43297 | An issue in animal-art-lab v13.6.1 allows attackers to send crafted notifications via leakage of the channel access token. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43297 |
CVE-2023-39429 | Cross-site scripting vulnerability in FURUNO SYSTEMS wireless LAN access point devices allows an authenticated user to inject an arbitrary script via a crafted configuration. Affected products and versions are as follows: ACERA 1210 firmware ver.02.36 and earlier, ACERA 1150i firmware ver.01.35 and earlier, ACERA 1150w firmware ver.01.35 and earlier, ACERA 1110 firmware ver.01.76 and earlier, ACERA 1020 firmware ver.01.86 and earlier, ACERA 1010 firmware ver.01.86 and earlier, ACERA 950 firmware ver.01.60 and earlier, ACERA 850F firmware ver.01.60 and earlier, ACERA 900 firmware ver.02.54 and earlier, ACERA 850M firmware ver.02.06 and earlier, ACERA 810 firmware ver.03.74 and earlier, and ACERA 800ST firmware ver.07.35 and earlier. They are affected when running in ST(Standalone) mode. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-39429 |
CVE-2023-5334 | The WP Responsive header image slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'sp_responsiveslider' shortcode in versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5334 |
CVE-2023-5351 | Cross-site Scripting (XSS) - Stored in GitHub repository salesagility/suitecrm prior to 7.14.1. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5351 |
CVE-2023-32669 | Authorization bypass vulnerability in BuddyBoss 2.2.9 version, the exploitation of which could allow an authenticated user to access and rename other users' albums. This vulnerability can be exploited by changing the album identification (id). | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-32669 |
CVE-2023-32670 | Cross-Site Scripting vulnerability in BuddyBoss 2.2.9 version , which could allow a local attacker with basic privileges to execute a malicious payload through the "[name]=image.jpg" parameter, allowing to assign a persistent javascript payload that would be triggered when the associated image is loaded. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-32670 |
CVE-2023-43951 | SSCMS 7.2.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Column Management component. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43951 |
CVE-2023-43952 | SSCMS 7.2.2 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Material Management component. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43952 |
CVE-2023-43953 | SSCMS 7.2.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Content Management component. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43953 |
CVE-2023-35905 | IBM FileNet Content Manager 5.5.8, 5.5.10, and 5.5.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 259384. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-35905 |
CVE-2023-5291 | The Blog Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'AWL-BlogFilter' shortcode in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5291 |
CVE-2023-5357 | The Instagram for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5357 |
CVE-2023-30736 | Improper authorization in PushMsgReceiver of Samsung Assistant prior to version 8.7.00.1 allows attacker to execute javascript interface. To trigger this vulnerability, user interaction is required. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-30736 |
CVE-2023-44272 | A cross-site scripting vulnerability exists in Citadel versions prior to 994. When a malicious user sends an instant message with some JavaScript code, the script may be executed on the web browser of the victim user. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-44272 |
CVE-2023-4493 | Stored Cross-Site Scripting in Easy Address Book Web Server 1.6 version, through the users_admin.ghp file that affects multiple parameters such as (firstname, homephone, lastname, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate, workzip). This vulnerability allows a remote attacker to store a malicious JavaScript payload in the application to be executed when the page is loaded, resulting in an integrity impact. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-4493 |
CVE-2023-40684 | IBM Content Navigator 3.0.11, 3.0.13, and 3.0.14 with IBM Daeja ViewOne Virtual is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 264019. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-40684 |
CVE-2023-3971 | An HTML injection flaw was found in Controller in the user interface settings. This flaw allows an attacker to capture credentials by creating a custom login page by injecting HTML, resulting in a complete compromise. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-3971 |
CVE-2023-44075 | Cross Site Scripting vulnerability in Small CRM in PHP v.3.0 allows a remote attacker to execute arbitrary code via a crafted payload to the Address parameter. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-44075 |
CVE-2023-43071 | Dell SmartFabric Storage Software v1.4 (and earlier) contains possible vulnerabilities for HTML injection or CVS formula injection which might escalate to cross-site scripting attacks in HTML pages in the GUI. A remote authenticated attacker could potentially exploit these issues, leading to various injection type attacks. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43071 |
CVE-2023-43343 | Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Files - Description parameter in the Pages Menu component. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-43343 |
CVE-2023-44761 | Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS v.9.2.1 allow a local attacker to execute arbitrary code via a crafted script to the Forms of the Data objects. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-44761 |
CVE-2023-44762 | A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to the Tags from Settings - Tags. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-44762 |
CVE-2023-44764 | A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to the SITE parameter from installation or in the Settings. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-44764 |
CVE-2023-44765 | A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to Plural Handle of the Data Objects from System & Settings. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-44765 |
CVE-2023-44766 | A Cross Site Scripting (XSS) vulnerability in Concrete CMS v.9.2.1 allows an attacker to execute arbitrary code via a crafted script to the SEO - Extra from Page Settings. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-44766 |
CVE-2023-44770 | A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows an attacker to execute arbitrary code via a crafted script to the Organizer - Spare alias. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-44770 |
CVE-2023-44771 | A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows a local attacker to execute arbitrary code via a crafted script to the Page Layout. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-44771 |
CVE-2023-5452 | Cross-site Scripting (XSS) - Stored in GitHub repository snipe/snipe-it prior to v6.2.2. | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-5452 |
CVE-2023-36584 | Windows Mark of the Web Security Feature Bypass Vulnerability | 5.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-36584 |
CVE-2019-5640 | Rapid7 Nexpose versions prior to 6.6.114 suffer from an information exposure issue whereby, when the user's session has ended due to inactivity, an attacker can use the inspect element browser feature to remove the login panel and view the details available in the last webpage visited by previous user | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2019-5640 |
CVE-2022-25319 | An issue was discovered in Cerebrate through 1.4. Endpoints could be open even when not enabled. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-25319 |
CVE-2022-39046 | An issue was discovered in the GNU C Library (glibc) 2.36. When the syslog function is passed a crafted input string larger than 1024 bytes, it reads uninitialized memory from the heap and prints it to the target log file, potentially revealing a portion of the contents of the heap. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-39046 |
CVE-2023-24594 | When an SSL profile is configured on a Virtual Server, undisclosed traffic can cause an increase in CPU or SSL accelerator resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-24594 |
CVE-2023-32675 | Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In contracts with more than one regular nonpayable function, it is possible to send funds to the default function, even if the default function is marked `nonpayable`. This applies to contracts compiled with vyper versions prior to 0.3.8. This issue was fixed by the removal of the global `calldatasize` check in commit `02339dfda`. Users are advised to upgrade to version 0.3.8. Users unable to upgrade should avoid use of nonpayable default functions. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-32675 |
CVE-2023-40217 | An issue was discovered in Python before 3.8.18, 3.9.x before 3.9.18, 3.10.x before 3.10.13, and 3.11.x before 3.11.5. It primarily affects servers (such as HTTP servers) that use TLS client authentication. If a TLS server-side socket is created, receives data into the socket buffer, and then is closed quickly, there is a brief window where the SSLSocket instance will detect the socket as "not connected" and won't initiate a handshake, but buffered data will still be readable from the socket buffer. This data will not be authenticated if the server-side TLS peer is expecting client certificate authentication, and is indistinguishable from valid TLS stream data. Data is limited in size to the amount that will fit in the buffer. (The TLS connection cannot directly be used for data exfiltration because the vulnerable code path requires that the connection be closed on initialization of the SSLSocket.) | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-40217 |
CVE-2023-44216 | PVRIC (PowerVR Image Compression) on Imagination 2018 and later GPU devices offers software-transparent compression that enables cross-origin pixel-stealing attacks against feTurbulence and feBlend in the SVG Filter specification, aka a GPU.zip issue. For example, attackers can sometimes accurately determine text contained on a web page from one origin if they control a resource from a different origin. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-44216 |
CVE-2023-20251 | A vulnerability in the memory buffer of Cisco Wireless LAN Controller (WLC) AireOS Software could allow an unauthenticated, adjacent attacker to cause memory leaks that could eventually lead to a device reboot. This vulnerability is due to memory leaks caused by multiple clients connecting under specific conditions. An attacker could exploit this vulnerability by causing multiple wireless clients to attempt to connect to an access point (AP) on an affected device. A successful exploit could allow the attacker to cause the affected device to reboot after a significant amount of time, resulting in a denial of service (DoS) condition. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-20251 |
CVE-2023-44270 | An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being included in a comment. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-44270 |
CVE-2023-0809 | In Mosquitto before 2.0.16, excessive memory is allocated based on malicious initial packets that are not CONNECT packets. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-0809 |
CVE-2023-44463 | An issue was discovered in pretix before 2023.7.1. Incorrect parsing of configuration files causes the application to trust unchecked X-Forwarded-For headers even though it has not been configured to do so. This can lead to IP address spoofing by users of the application. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-44463 |
CVE-2023-3213 | The WP Mail SMTP Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the is_print_page function in versions up to, and including, 3.8.0. This makes it possible for unauthenticated attackers to disclose potentially sensitive email information. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-3213 |
CVE-2023-3153 | A flaw was found in Open Virtual Network where the service monitor MAC does not properly rate limit. This issue could allow an attacker to cause a denial of service, including on deployments with CoPP enabled and properly configured. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-3153 |
CVE-2022-43906 | IBM Security Guardium 11.5 could disclose sensitive information due to a missing or insecure SameSite attribute for a sensitive cookie. IBM X-Force ID: 240897. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-43906 |
CVE-2023-4469 | The Profile Extra Fields by BestWebSoft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the prflxtrflds_export_file function in versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to expose potentially sensitive user data, including data entered into custom fields. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-4469 |
CVE-2023-43623 | A vulnerability has been identified in Mendix Forgot Password (Mendix 10 compatible) (All versions < V5.4.0), Mendix Forgot Password (Mendix 7 compatible) (All versions < V3.7.3), Mendix Forgot Password (Mendix 8 compatible) (All versions < V4.1.3), Mendix Forgot Password (Mendix 9 compatible) (All versions < V5.4.0). Applications using the affected module are vulnerable to user enumeration due to distinguishable responses. This could allow an unauthenticated remote attacker to determine if a user is valid or not, enabling a brute force attack with valid users. | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-43623 |
CVE-2023-41763 | Skype for Business Elevation of Privilege Vulnerability | 5.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-41763 |
CVE-2023-38538 | A race condition in an event subsystem led to a heap use-after-free issue in established audio/video calls that could have resulted in app termination or unexpected control flow with very low probability. | 5 | https://nvd.nist.gov/vuln/detail/CVE-2023-38538 |
CVE-2023-32572 | A flaw exists in FlashArray Purity wherein under limited circumstances, an array administrator can alter the retention lock of a pgroup and disable pgroup SafeMode protection. | 4.9 | https://nvd.nist.gov/vuln/detail/CVE-2023-32572 |
CVE-2022-29532 | An issue was discovered in MISP before 2.4.158. There is XSS in the cerebrate view if one administrator puts a javascript\: URL in the URL field, and another administrator clicks on it. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-29532 |
CVE-2022-0598 | The Login with phone number WordPress plugin before 1.3.8 does not sanitise and escape plugin settings which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2022-0598 |
CVE-2023-1988 | A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/?page=maintenance/brand. The manipulation of the argument Brand Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225536. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-1988 |
CVE-2023-41800 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in UniConsent UniConsent CMP for GDPR CPRA GPP TCF plugin <= 1.4.2 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41800 |
CVE-2023-41855 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Regpacks Regpack plugin <= 0.1 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41855 |
CVE-2023-41859 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ashok Rane Order Delivery Date for WP e-Commerce plugin <= 1.2 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-41859 |
CVE-2023-44479 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jim Krill WP Jump Menu plugin <= 3.6.4 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44479 |
CVE-2023-44239 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jobin Jose WWM Social Share On Image Hover plugin <= 2.2 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44239 |
CVE-2023-44262 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Renzo Johnson Blocks plugin <= 1.6.41 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44262 |
CVE-2023-44263 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Riyaz Social Metrics plugin <= 2.2 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44263 |
CVE-2023-44228 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Onclick show popup plugin <= 8.1 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44228 |
CVE-2023-44230 | Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Popup contact form plugin <= 7.1 versions. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44230 |
CVE-2023-3196 | This vulnerability could allow an attacker to store a malicious JavaScript payload in the login footer and login page description parameters within the administration panel. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-3196 |
CVE-2023-4564 | This vulnerability could allow an attacker to store a malicious JavaScript payload in the broadcast message parameter within the admin panel. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-4564 |
CVE-2023-44389 | Zope is an open-source web application server. The title property, available on most Zope objects, can be used to store script code that is executed while viewing the affected object in the Zope Management Interface (ZMI). All versions of Zope 4 and Zope 5 are affected. Patches will be released with Zope versions 4.8.11 and 5.8.6. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-44389 |
CVE-2023-43877 | Rite CMS 3.0 has Multiple Cross-Site scripting (XSS) vulnerabilities that allow attackers to execute arbitrary code via a payload crafted in the Home Page fields in the Administration menu. | 4.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-43877 |
CVE-2023-41979 | A race condition was addressed with improved locking. This issue is fixed in macOS Sonoma 14. An app may be able to modify protected parts of the file system. | 4.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-41979 |
CVE-2023-20268 | A vulnerability in the packet processing functionality of Cisco access point (AP) software could allow an unauthenticated, adjacent attacker to exhaust resources on an affected device. This vulnerability is due to insufficient management of resources when handling certain types of traffic. An attacker could exploit this vulnerability by sending a series of specific wireless packets to an affected device. A successful exploit could allow the attacker to consume resources on an affected device. A sustained attack could lead to the disruption of the Control and Provisioning of Wireless Access Points (CAPWAP) tunnel and intermittent loss of wireless client traffic. | 4.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-20268 |
CVE-2023-42756 | A flaw was found in the Netfilter subsystem of the Linux kernel. A race condition between IPSET_CMD_ADD and IPSET_CMD_SWAP can lead to a kernel panic due to the invocation of `__ip_set_put` on a wrong `set`. This issue may allow a local user to crash the system. | 4.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-42756 |
CVE-2023-33200 | A local non-privileged user can make improper GPU processing operations to exploit a software race condition. If the system’s memory is carefully prepared by the user, then this in turn could give them access to already freed memory. | 4.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-33200 |
CVE-2023-34970 | A local non-privileged user can make improper GPU processing operations to access a limited amount outside of buffer bounds or to exploit a software race condition. If the system’s memory is carefully prepared by the user, then this in turn could give them access to already freed memory | 4.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-34970 |
CVE-2023-4732 | A flaw was found in pfn_swap_entry_to_page in memory management subsystem in the Linux Kernel. In this flaw, an attacker with a local user privilege may cause a denial of service problem due to a BUG statement referencing pmd_t x. | 4.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-4732 |
CVE-2023-44315 | A vulnerability has been identified in SINEC NMS (All versions < V2.0). The affected application improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could prepare a stored cross-site scripting (XSS) attack that may lead to unintentional modification of application data by legitimate users. | 4.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-44315 |
CVE-2023-30731 | Logic error in package installation via debugger command prior to SMR Oct-2023 Release 1 allows physical attacker to install an application that has different build type. | 4.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-30731 |
CVE-2021-1233 | A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to access sensitive information on an affected device. The vulnerability is due to insufficient input validation of requests that are sent to the iperf tool. An attacker could exploit this vulnerability by sending a crafted request to the iperf tool, which is included in Cisco SD-WAN Software. A successful exploit could allow the attacker to obtain any file from the filesystem of an affected device. | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2021-1233 |
CVE-2023-21884 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.42 and prior to 7.0.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-21884 |
CVE-2023-41981 | The issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.6, tvOS 17, iOS 16.7 and iPadOS 16.7, watchOS 10, iOS 17 and iPadOS 17, macOS Sonoma 14. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations. | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-41981 |
CVE-2023-4886 | A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and truststore, were found to be world readable. | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-4886 |
CVE-2023-37195 | A vulnerability has been identified in SIMATIC CP 1604 (All versions), SIMATIC CP 1616 (All versions), SIMATIC CP 1623 (All versions), SIMATIC CP 1626 (All versions), SIMATIC CP 1628 (All versions). Affected devices insufficiently control continuous mapping of direct memory access (DMA) requests. This could allow local attackers with administrative privileges to cause a denial of service situation on the host. A physical power cycle is required to get the system working again. | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-37195 |
CVE-2023-39447 | When BIG-IP APM Guided Configurations are configured, undisclosed sensitive information may be logged in restnoded log. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-39447 |
CVE-2023-45219 | Exposure of Sensitive Information vulnerability exist in an undisclosed BIG-IP TMOS shell (tmsh) command which may allow an authenticated attacker with resource administrator role privileges to view sensitive information. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-45219 |
CVE-2023-36722 | Active Directory Domain Services Information Disclosure Vulnerability | 4.4 | https://nvd.nist.gov/vuln/detail/CVE-2023-36722 |
CVE-2020-4032 | In FreeRDP before version 2.1.2, there is an integer casting vulnerability in update_recv_secondary_order. All clients with +glyph-cache /relax-order-checks are affected. This is fixed in version 2.1.2. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-4032 |
CVE-2022-41230 | Jenkins Build-Publisher Plugin 1.22 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to obtain names and URLs of Jenkins servers that the plugin is configured to publish builds to, as well as builds pending for publication to those Jenkins servers. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2022-41230 |
CVE-2023-28406 | A directory traversal vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which may allow an authenticated attacker to read files with .xml extension. Access to restricted information is limited and the attacker does not control what information is obtained. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-28406 |
CVE-2023-30534 | Cacti is an open source operational monitoring and fault management framework. There are two instances of insecure deserialization in Cacti version 1.2.24. While a viable gadget chain exists in Cacti’s vendor directory (phpseclib), the necessary gadgets are not included, making them inaccessible and the insecure deserializations not exploitable. Each instance of insecure deserialization is due to using the unserialize function without sanitizing the user input. Cacti has a “safe” deserialization that attempts to sanitize the content and check for specific values before calling unserialize, but it isn’t used in these instances. The vulnerable code lies in graphs_new.php, specifically within the host_new_graphs_save function. This issue has been addressed in version 1.2.25. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-30534 |
CVE-2023-35984 | The issue was addressed with improved checks. This issue is fixed in tvOS 17, iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. An attacker in physical proximity can cause a limited out of bounds write. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-35984 |
CVE-2023-42453 | Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Users were able to forge read receipts for any event (if they knew the room ID and event ID). Note that the users were not able to view the events, but simply mark it as read. This could be confusing as clients will show the event as read by the user, even if they are not in the room. This issue has been patched in version 1.93.0. Users are advised to upgrade. There are no known workarounds for this issue. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-42453 |
CVE-2023-44469 | A Server-Side Request Forgery issue in the OpenID Connect Issuer in LemonLDAP::NG before 2.17.1 allows authenticated remote attackers to send GET requests to arbitrary URLs through the request_uri authorization parameter. This is similar to CVE-2020-10770. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-44469 |
CVE-2023-5160 | Mattermost fails to check the Show Full Name option at the /api/v4/teams/TEAM_ID/top/team_members endpoint allowing a member to get the full name of another user even if the Show Full Name option was disabled | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-5160 |
CVE-2023-3770 | Incorrect validation vulnerability of the data entered, allowing an attacker with access to the network on which the affected device is located to use the discovery port protocol (1925/UDP) to obtain device-specific information without the need for authentication. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-3770 |
CVE-2023-31042 | A flaw exists in FlashBlade Purity whereby an authenticated user with access to FlashBlade’s object store protocol can impact the availability of the system’s data access and replication protocols. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-31042 |
CVE-2023-41964 | The BIG-IP and BIG-IQ systems do not encrypt some sensitive information written to Database (DB) variables. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 4.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-41964 |
CVE-2023-21885 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.42 and prior to 7.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. Note: Applies to Windows only. CVSS 3.1 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N). | 3.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21885 |
CVE-2023-21889 | Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 6.1.42 and prior to 7.0.6. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N). | 3.8 | https://nvd.nist.gov/vuln/detail/CVE-2023-21889 |
CVE-2023-31124 | c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand() as a fallback which could allow an attacker to take advantage of the lack of entropy by not using a CSPRNG. This issue was patched in version 1.19.1. | 3.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-31124 |
CVE-2023-41335 | Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. When users update their passwords, the new credentials may be briefly held in the server database. While this doesn't grant the server any added capabilities—it already learns the users' passwords as part of the authentication process—it does disrupt the expectation that passwords won't be stored in the database. As a result, these passwords could inadvertently be captured in database backups for a longer duration. These temporarily stored passwords are automatically erased after a 48-hour window. This issue has been addressed in version 1.93.0. Users are advised to upgrade. There are no known workarounds for this issue. | 3.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-41335 |
CVE-2023-36698 | Windows Kernel Security Feature Bypass Vulnerability | 3.6 | https://nvd.nist.gov/vuln/detail/CVE-2023-36698 |
CVE-2020-11085 | In FreeRDP before 2.1.0, there is an out-of-bounds read in cliprdr_read_format_list. Clipboard format data read (by client or server) might read data out-of-bounds. This has been fixed in 2.1.0. | 3.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-11085 |
CVE-2020-15103 | In FreeRDP less than or equal to 2.1.2, an integer overflow exists due to missing input sanitation in rdpegfx channel. All FreeRDP clients are affected. The input rectangles from the server are not checked against local surface coordinates and blindly accepted. A malicious server can send data that will crash the client later on (invalid length arguments to a `memcpy`) This has been fixed in 2.2.0. As a workaround, stop using command line arguments /gfx, /gfx-h264 and /network:auto | 3.5 | https://nvd.nist.gov/vuln/detail/CVE-2020-15103 |
CVE-2023-0919 | Missing Authentication for Critical Function in GitHub repository kareadita/kavita prior to 0.7.0. | 3.5 | https://nvd.nist.gov/vuln/detail/CVE-2023-0919 |
CVE-2020-11045 | In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bound read in in update_read_bitmap_data that allows client memory to be read to an image buffer. The result displayed on screen as colour. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2020-11045 |
CVE-2023-29497 | A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14. An app may be able to access calendar data saved to a temporary directory. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-29497 |
CVE-2023-30732 | Improper access control in system property prior to SMR Oct-2023 Release 1 allows local attacker to get CPU serial number. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-30732 |
CVE-2023-30735 | Improper Preservation of Permissions vulnerability in SAssistant prior to version 8.7 allows local attackers to access backup data in SAssistant. | 3.3 | https://nvd.nist.gov/vuln/detail/CVE-2023-30735 |
CVE-2020-11041 | In FreeRDP less than or equal to 2.0.0, an outside controlled array index is used unchecked for data used as configuration for sound backend (alsa, oss, pulse, ...). The most likely outcome is a crash of the client instance followed by no or distorted sound or a session disconnect. If a user cannot upgrade to the patched version, a workaround is to disable sound for the session. This has been patched in 2.1.0. | 2.7 | https://nvd.nist.gov/vuln/detail/CVE-2020-11041 |
CVE-2020-11040 | In FreeRDP less than or equal to 2.0.0, there is an out-of-bound data read from memory in clear_decompress_subcode_rlex, visualized on screen as color. This has been patched in 2.1.0. | 2.7 | https://nvd.nist.gov/vuln/detail/CVE-2020-11040 |
CVE-2020-11043 | In FreeRDP less than or equal to 2.0.0, there is an out-of-bounds read in rfx_process_message_tileset. Invalid data fed to RFX decoder results in garbage on screen (as colors). This has been patched in 2.1.0. | 2.7 | https://nvd.nist.gov/vuln/detail/CVE-2020-11043 |
CVE-2022-35919 | MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. In affected versions all 'admin' users authorized for `admin:ServerUpdate` can selectively trigger an error that in response, returns the content of the path requested. Any normal OS system would allow access to contents at any arbitrary paths that are readable by MinIO process. Users are advised to upgrade. Users unable to upgrade may disable ServerUpdate API by denying the `admin:ServerUpdate` action for your admin users via IAM policies. | 2.7 | https://nvd.nist.gov/vuln/detail/CVE-2022-35919 |
CVE-2023-28372 | A flaw exists in FlashBlade Purity (OE) Version 4.1.0 whereby a user with privileges to extend an object’s retention period can affect the availability of the object lock. | 2.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-28372 |
CVE-2023-36627 | A flaw exists in FlashBlade Purity whereby a user with access to an administrative account on a FlashBlade that is configured with timezone-dependent snapshot schedules can configure a timezone to prevent the schedule from functioning properly. | 2.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-36627 |
CVE-2023-28373 | A flaw exists in FlashArray Purity whereby an array administrator by configuring an external key manager can affect the availability of data on the system including snapshots protected by SafeMode. | 2.7 | https://nvd.nist.gov/vuln/detail/CVE-2023-28373 |
CVE-2020-11044 | In FreeRDP greater than 1.2 and before 2.0.0, a double free in update_read_cache_bitmap_v3_order crashes the client application if corrupted data from a manipulated server is parsed. This has been patched in 2.0.0. | 2.2 | https://nvd.nist.gov/vuln/detail/CVE-2020-11044 |
CVE-2020-11046 | In FreeRDP after 1.0 and before 2.0.0, there is a stream out-of-bounds seek in update_read_synchronize that could lead to a later out-of-bounds read. | 2.2 | https://nvd.nist.gov/vuln/detail/CVE-2020-11046 |
CVE-2020-11048 | In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bounds read. It only allows to abort a session. No data extraction is possible. This has been fixed in 2.0.0. | 2.2 | https://nvd.nist.gov/vuln/detail/CVE-2020-11048 |
CVE-2020-11049 | In FreeRDP after 1.1 and before 2.0.0, there is an out-of-bound read of client memory that is then passed on to the protocol parser. This has been patched in 2.0.0. | 2.2 | https://nvd.nist.gov/vuln/detail/CVE-2020-11049 |
CVE-2020-11058 | In FreeRDP after 1.1 and before 2.0.0, a stream out-of-bounds seek in rdp_read_font_capability_set could lead to a later out-of-bounds read. As a result, a manipulated client or server might force a disconnect due to an invalid data read. This has been fixed in 2.0.0. | 2.2 | https://nvd.nist.gov/vuln/detail/CVE-2020-11058 |
CVE-2006-0459 | flex.skl in Will Estes and John Millaway Fast Lexical Analyzer Generator (flex) before 2.5.33 does not allocate enough memory for grammars containing (1) REJECT statements or (2) trailing context rules, which causes flex to generate code that contains a buffer overflow that might allow context-dependent attackers to execute arbitrary code. | – | https://nvd.nist.gov/vuln/detail/CVE-2006-0459 |
CVE-2013-1860 | Heap-based buffer overflow in the wdm_in_callback function in drivers/usb/class/cdc-wdm.c in the Linux kernel before 3.8.4 allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted cdc-wdm USB device. | – | https://nvd.nist.gov/vuln/detail/CVE-2013-1860 |
CVE-2015-8104 | The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c. | – | https://nvd.nist.gov/vuln/detail/CVE-2015-8104 |
CVE-2023-30690 | Improper input validation vulnerability in Duo prior to SMR Oct-2023 Release 1 allows local attackers to launch privileged activities. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30690 |
CVE-2023-43261 | An information disclosure in Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 allows attackers to access sensitive router components. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43261 |
CVE-2023-5113 | Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are potentially vulnerable to denial of service due to WS-Print request and potential injections of Cross Site Scripting via jQuery-UI. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5113 |
CVE-2021-3784 | Garuda Linux performs an insecure user creation and authentication that allows any user to impersonate the created account. By creating users from the 'Garuda settings manager', an insecure procedure is performed that keeps the created user without an assigned password during some seconds. This could allow a potential attacker to exploit this vulnerability in order to authenticate without knowing the password. | – | https://nvd.nist.gov/vuln/detail/CVE-2021-3784 |
CVE-2023-20235 | A vulnerability in the on-device application development workflow feature for the Cisco IOx application hosting infrastructure in Cisco IOS XE Software could allow an authenticated, remote attacker to access the underlying operating system as the root user. This vulnerability exists because Docker containers with the privileged runtime option are not blocked when they are in application development mode. An attacker could exploit this vulnerability by using the Docker CLI to access an affected device. The application development workflow is meant to be used only on development systems and not in production systems. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20235 |
CVE-2023-20259 | A vulnerability in an API endpoint of multiple Cisco Unified Communications Products could allow an unauthenticated, remote attacker to cause high CPU utilization, which could impact access to the web-based management interface and cause delays with call processing. This API is not used for device management and is unlikely to be used in normal operations of the device. This vulnerability is due to improper API authentication and incomplete validation of the API request. An attacker could exploit this vulnerability by sending a crafted HTTP request to a specific API on the device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition due to high CPU utilization, which could negatively impact user traffic and management access. When the attack stops, the device will recover without manual intervention. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-20259 |
CVE-2023-5402 | A?CWE-269: Improper Privilege Management vulnerability exists?that could cause?a local privilege escalation?when the transfer command is used. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5402 |
CVE-2023-38701 | Hydra is the layer-two scalability solution for Cardano. Users of the Hydra head protocol send the UTxOs they wish to commit into the Hydra head first to the `commit` validator, where they remain until they are either collected into the `head` validator or the protocol initialisation is aborted and the value in the committed UTxOs is returned to the users who committed them. Prior to version 0.12.0, the `commit` validator contains a flawed check when the `ViaAbort` redeemer is used, which allows any user to spend any UTxO which is at the validator arbitrarily, meaning an attacker can steal the funds that users are trying to commit into the head validator. The intended behavior is that the funds must be returned to the user which committed the funds and can only be performed by a participant of the head. The `initial` validator also is similarly affected as the same flawed check is performed for the `ViaAbort` redeemer. Due to this issue, an attacker can steal any funds that user's try to commit into a Hydra head. Also, an attacker can prevent any Hydra head from being successfully opened. It does not allow an attacker to take funds which have been successfully collected into and currently reside in the `head` validator. Version 0.12.0 contains a fix for this issue. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-38701 |
CVE-2023-43805 | Nexkey is a fork of Misskey, an open source, decentralized social media platform. Prior to version 12.121.9, incomplete URL validation can allow users to bypass authentication for access to the job queue dashboard. Version 12.121.9 contains a fix for this issue. As a workaround, it may be possible to avoid this by blocking access using tools such as Cloudflare's WAF. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43805 |
CVE-2023-40299 | Kong Insomnia 2023.4.0 on macOS allows attackers to execute code and access restricted files, or make requests for TCC permissions, by using the DYLD_INSERT_LIBRARIES environment variable. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40299 |
CVE-2023-26236 | An issue was discovered in WatchGuard EPDR 8.0.21.0002. Due to a weak implementation of message handling between WatchGuard EPDR processes, it is possible to perform a Local Privilege Escalation on Windows by sending a crafted message to a named pipe. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26236 |
CVE-2023-26237 | An issue was discovered in WatchGuard EPDR 8.0.21.0002. It is possible to bypass the defensive capabilities by adding a registry key as SYSTEM. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26237 |
CVE-2023-26238 | An issue was discovered in WatchGuard EPDR 8.0.21.0002. It is possible to enable or disable defensive capabilities by sending a crafted message to a named pipe. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26238 |
CVE-2023-26239 | An issue was discovered in WatchGuard EPDR 8.0.21.0002. Due to a weak implementation of a password check, it is possible to obtain credentials to access the management console as a non-privileged user. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26239 |
CVE-2023-45198 | ftpd before "NetBSD-ftpd 20230930" can leak information about the host filesystem before authentication via an MLSD or MLST command. tnftpd (the portable version of NetBSD ftpd) before 20231001 is also vulnerable. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45198 |
CVE-2023-45159 | 1E Client installer can perform arbitrary file deletion on protected files. A non-privileged user could provide a symbolic link or Windows junction to point to a protected directory in the installer that the 1E Client would then clear on service startup. A hotfix is available Q23092 that forces the 1E Client to check for a symbolic link or junction and if it finds one refuses to use that path and instead creates a path involving a random GUID. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45159 |
CVE-2022-4145 | A content spoofing flaw was found in OpenShift's OAuth endpoint. This flaw allows a remote, unauthenticated attacker to inject text into a webpage, enabling the obfuscation of a phishing operation. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-4145 |
CVE-2022-3248 | A flaw was found in OpenShift API, as admission checks do not enforce "custom-host" permissions. This issue could allow an attacker to violate the boundaries, as permissions will not be applied. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-3248 |
CVE-2023-44390 | HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. The vulnerability occurs in configurations where foreign content is allowed, i.e. either `svg` or `math` are in the list of allowed elements. In the case an application sanitizes user input with a vulnerable configuration, an attacker could bypass the sanitization and inject arbitrary HTML, including JavaScript code. Note that in the default configuration the vulnerability is not present. The vulnerability has been fixed in versions 8.0.723 and 8.1.722-beta (preview version). | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44390 |
CVE-2023-45160 | In the affected version of the 1E Client, an ordinary user could subvert downloaded instruction resource files, e.g., to substitute a harmful script. by replacing a resource script file created by an instruction at run time with a malicious script. This has been fixed in patch Q23094 as the 1E Client's temporary directory is now locked down | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45160 |
CVE-2023-4570 | An improper access restriction in NI MeasurementLink Python services could allow an attacker on an adjacent network to reach services exposed on localhost. These services were previously thought to be unreachable outside of the node. This affects measurement plug-ins written in Python using version 1.1.0 of the ni-measurementlink-service Python package and all previous versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-4570 |
CVE-2023-44386 | Vapor is an HTTP web framework for Swift. There is a denial of service vulnerability impacting all users of affected versions of Vapor. The HTTP1 error handler closed connections when HTTP parse errors occur instead of passing them on. The issue is fixed as of Vapor release 4.84.2. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44386 |
CVE-2023-44387 | Gradle is a build tool with a focus on build automation and support for multi-language development. When copying or archiving symlinked files, Gradle resolves them but applies the permissions of the symlink itself instead of the permissions of the linked file to the resulting file. This leads to files having too much permissions given that symlinks usually are world readable and writeable. While it is unlikely this results in a direct vulnerability for the impacted build, it may open up attack vectors depending on where build artifacts end up being copied to or un-archived. In versions 7.6.3, 8.4 and above, Gradle will now properly use the permissions of the file pointed at by the symlink to set permissions of the copied or archived file. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44387 |
CVE-2023-5423 | A vulnerability has been found in SourceCodester Online Pizza Ordering System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/ajax.php?action=confirm_order. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The identifier of this vulnerability is VDB-241384. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5423 |
CVE-2023-42754 | A NULL pointer dereference flaw was found in the Linux kernel ipv4 stack. The socket buffer (skb) was assumed to be associated with a device before calling __ip_options_compile, which is not always the case if the skb is re-routed by ipvs. This issue may allow a local user with CAP_NET_ADMIN privileges to crash the system. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42754 |
CVE-2023-42755 | A flaw was found in the IPv4 Resource Reservation Protocol (RSVP) classifier in the Linux kernel. The xprt pointer may go beyond the linear part of the skb, leading to an out-of-bounds read in the `rsvp_classify` function. This issue may allow a local user to crash the system and cause a denial of service. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42755 |
CVE-2023-43260 | Milesight UR5X, UR32L, UR32, UR35, UR41 before v35.3.0.7 was discovered to contain a cross-site scripting (XSS) vulnerability via the admin panel. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43260 |
CVE-2023-40920 | Prixan prixanconnect up to v1.62 was discovered to contain a SQL injection vulnerability via the component CartsGuruCatalogModuleFrontController::importProducts(). | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40920 |
CVE-2023-39323 | Line directives ("//line") can be used to bypass the restrictions on "//go:cgo_" directives, allowing blocked linker and compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when running "go build". The line directive requires the absolute path of the file in which the directive lives, which makes exploiting this issue significantly more complex. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-39323 |
CVE-2023-43269 | pigcms up to 7.0 was discovered to contain an arbitrary file upload vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43269 |
CVE-2015-10125 | A vulnerability classified as problematic has been found in WP Ultimate CSV Importer Plugin 3.7.2 on WordPress. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 3.7.3 is able to address this issue. The identifier of the patch is 13c30af721d3f989caac72dd0f56cf0dc40fad7e. It is recommended to upgrade the affected component. The identifier VDB-241317 was assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2015-10125 |
CVE-2023-26153 | Versions of the package geokit-rails before 2.5.0 are vulnerable to Command Injection due to unsafe deserialisation of YAML within the 'geo_location' cookie. This issue can be exploited remotely via a malicious cookie value. **Note:** An attacker can use this vulnerability to execute commands on the host system. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26153 |
CVE-2023-40556 | Cross-Site Request Forgery (CSRF) vulnerability in Greg Ross Schedule Posts Calendar plugin <= 5.2 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40556 |
CVE-2015-10126 | A vulnerability classified as critical was found in Easy2Map Photos Plugin 1.0.1 on WordPress. This vulnerability affects unknown code. The manipulation leads to sql injection. The attack can be initiated remotely. Upgrading to version 1.1.0 is able to address this issue. The patch is identified as 503d9ee2482d27c065f78d9546f076a406189908. It is recommended to upgrade the affected component. VDB-241318 is the identifier assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2015-10126 |
CVE-2023-45244 | Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 35895. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45244 |
CVE-2023-44758 | GDidees CMS 3.0 is affected by a Cross-Site Scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload to the Page Title. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44758 |
CVE-2023-45246 | Sensitive information disclosure and manipulation due to improper authentication. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 36343. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45246 |
CVE-2023-36465 | Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. The `templates` module doesn't enforce the correct permissions, allowing any logged-in user to access to this functionality in the administration panel. An attacker could use this vulnerability to change, create or delete templates of surveys. This issue has been patched in version 0.26.8 and 0.27.4. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-36465 |
CVE-2023-35897 | IBM Spectrum Protect Client and IBM Storage Protect for Virtual Environments 8.1.0.0 through 8.1.19.0 could allow a local user to execute arbitrary code on the system using a specially crafted file, caused by a DLL hijacking flaw. IBM X-Force ID: 259246. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-35897 |
CVE-2023-42445 | Gradle is a build tool with a focus on build automation and support for multi-language development. In some cases, when Gradle parses XML files, resolving XML external entities is not disabled. Combined with an Out Of Band XXE attack (OOB-XXE), just parsing XML can lead to exfiltration of local text files to a remote server. Gradle parses XML files for several purposes. Most of the time, Gradle parses XML files it generated or were already present locally. Only Ivy XML descriptors and Maven POM files can be fetched from remote repositories and parsed by Gradle. In Gradle 7.6.3 and 8.4, resolving XML external entities has been disabled for all use cases to protect against this vulnerability. Gradle will now refuse to parse XML files that have XML external entities. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42445 |
CVE-2023-43810 | OpenTelemetry, also known as OTel for short, is a vendor-neutral open-source Observability framework for instrumenting, generating, collecting, and exporting telemetry data such as traces, metrics, logs. Autoinstrumentation out of the box adds the label `http_method` that has unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent. HTTP method for requests can be easily set by an attacker to be random and long. In order to be affected program has to be instrumented for HTTP handlers and does not filter any unknown HTTP methods on the level of CDN, LB, previous middleware, etc. This issue has been patched in version 0.41b0. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43810 |
CVE-2023-41659 | Cross-Site Request Forgery (CSRF) vulnerability in Jules Colle, BDWM Responsive Gallery Grid plugin <= 2.3.10 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-41659 |
CVE-2023-23370 | An insufficiently protected credentials vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to gain access to user accounts and access sensitive data used by the user account via unspecified vectors. We have already fixed the vulnerability in the following version: QVPN Windows 2.1.0.0518 and later | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23370 |
CVE-2023-23371 | A cleartext transmission of sensitive information vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local authenticated administrators to read sensitive data via unspecified vectors. We have already fixed the vulnerability in the following version: QVPN Windows 2.2.0.0823 and later | – | https://nvd.nist.gov/vuln/detail/CVE-2023-23371 |
CVE-2023-32971 | A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2425 build 20230609 and later QTS 5.1.0.2444 build 20230629 and later QTS 4.5.4.2467 build 20230718 and later QuTS hero h5.0.1.2515 build 20230907 and later QuTS hero h5.1.0.2424 build 20230609 and later QuTS hero h4.5.4.2476 build 20230728 and later QuTScloud c5.1.0.2498 and later | – | https://nvd.nist.gov/vuln/detail/CVE-2023-32971 |
CVE-2023-44384 | Discourse-jira is a Discourse plugin allows Jira projects, issue types, fields and field options will be synced automatically. An administrator user can make an SSRF attack by setting the Jira URL to an arbitrary location and enabling the `discourse_jira_verbose_log` site setting. A moderator user could manipulate the request path to the Jira API, allowing them to perform arbitrary GET requests using the Jira API credentials, potentially with elevated permissions, used by the application. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44384 |
CVE-2023-45239 | A lack of input validation exists in tac_plus prior to commit 4fdf178 which, when pre or post auth commands are enabled, allows an attacker who can control the username, rem-addr, or NAC address sent to tac_plus to inject shell commands and gain remote code execution on the tac_plus server. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45239 |
CVE-2023-5366 | A flaw was found in Open vSwitch that allows ICMPv6 Neighbor Advertisement packets between virtual machines to bypass OpenFlow rules. This issue may allow a local attacker to create specially crafted packets with a modified or spoofed target IP address field that can redirect ICMPv6 traffic to arbitrary IP addresses. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5366 |
CVE-2023-21244 | In visitUris of Notification.java, there is a possible bypass of user profile boundaries due to a missing permission check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21244 |
CVE-2023-21252 | In validatePassword of WifiConfigurationUtil.java, there is a possible way to get the device into a boot loop due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21252 |
CVE-2023-21253 | In multiple locations, there is a possible way to crash multiple system services due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21253 |
CVE-2023-21266 | In killBackgroundProcesses of ActivityManagerService.java, there is a possible way to escape Google Play protection due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21266 |
CVE-2023-21291 | In visitUris of Notification.java, there is a possible way to reveal image contents from another user due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-21291 |
CVE-2023-45282 | In NASA Open MCT (aka openmct) 2.2.5 before 545a177, prototype pollution can occur via an import action. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45282 |
CVE-2023-45303 | ThingsBoard before 3.5 allows Server-Side Template Injection if users are allowed to modify an email template, because Apache FreeMarker supports freemarker.template.utility.Execute (for content sent to the /api/admin/settings endpoint). | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45303 |
CVE-2023-45311 | fsevents before 1.2.11 depends on the https://fsevents-binaries.s3-us-west-2.amazonaws.com URL, which might allow an adversary to execute arbitrary code if any JavaScript project (that depends on fsevents) distributes code that was obtained from that URL at a time when it was controlled by an adversary. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45311 |
CVE-2023-44860 | An issue in NETIS SYSTEMS N3Mv2 v.1.0.1.865 allows a remote attacker to cause a denial of service via the authorization component in the HTTP request. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44860 |
CVE-2023-5182 | Sensitive data could be exposed in logs of subiquity version 23.09.1 and earlier. An attacker in the adm group could use this information to find hashed passwords and possibly escalate their privilege. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5182 |
CVE-2023-43615 | Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43615 |
CVE-2023-45199 | Mbed TLS 3.2.x through 3.4.x before 3.5 has a Buffer Overflow that can lead to remote Code execution. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45199 |
CVE-2023-40631 | In Dialer, there is a possible missing permission check. This could lead to local information disclosure with System execution privileges needed | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40631 |
CVE-2023-40632 | In jpg driver, there is a possible use after free due to a logic error. This could lead to remote information disclosure no additional execution privileges needed | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40632 |
CVE-2023-40633 | In phasecheckserver, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40633 |
CVE-2023-40634 | In phasechecksercer, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40634 |
CVE-2023-40635 | In linkturbo, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40635 |
CVE-2023-40636 | In telecom service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with System execution privileges needed | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40636 |
CVE-2023-40637 | In telecom service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40637 |
CVE-2023-40638 | In Telecom service, there is a possible missing permission check. This could lead to local denial of service with System execution privileges needed | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40638 |
CVE-2023-40639 | In SoundRecorder service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40639 |
CVE-2023-40640 | In SoundRecorder service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40640 |
CVE-2023-40641 | In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40641 |
CVE-2023-40642 | In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40642 |
CVE-2023-40643 | In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40643 |
CVE-2023-40644 | In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40644 |
CVE-2023-40645 | In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40645 |
CVE-2023-40646 | In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40646 |
CVE-2023-40647 | In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40647 |
CVE-2023-40648 | In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40648 |
CVE-2023-40649 | In Messaging, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40649 |
CVE-2023-40650 | In Telecom service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges needed | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40650 |
CVE-2023-40651 | In urild service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40651 |
CVE-2023-40652 | In jpg driver, there is a possible out of bounds write due to improper input validation. This could lead to local denial of service with System execution privileges needed | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40652 |
CVE-2023-40653 | In FW-PackageManager, there is a possible missing permission check. This could lead to local escalation of privilege with System execution privileges needed | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40653 |
CVE-2023-40654 | In FW-PackageManager, there is a possible missing permission check. This could lead to local escalation of privilege with System execution privileges needed | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40654 |
CVE-2023-45349 | Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.34.7, 4000 Assistant V10 R1.42.0, 4000 Assistant V10 R0, 4000 Manager V10 R1 before V10 R1.34.7, 4000 Manager V10 R1.42.0, and 4000 Manager V10 R0 expose sensitive information that may allow lateral movement to the backup system via AShbr. This is also known as OSFOURK-23722. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45349 |
CVE-2023-45350 | Atos Unify OpenScape 4000 Manager V10 R1 before V10 R1.42.1 and 4000 Manager V10 R0 allow Privilege escalation that may lead to the ability of an authenticated attacker to run arbitrary code via AScm. This is also known as OSFOURK-24034. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45350 |
CVE-2023-45351 | Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.1, 4000 Assistant V10 R0, 4000 Manager V10 R1 before V10 R1.42.1, and 4000 Manager V10 R0 allow Authenticated Command Injection via AShbr. This is also known as OSFOURK-24039. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45351 |
CVE-2023-45352 | Atos Unify OpenScape Common Management Portal V10 before V10 R4.17.0 and V10 R5.1.0 allows an authenticated attacker to execute arbitrary code on the operating system via a Common Management Portal web interface Path traversal vulnerability allowing write access outside the intended folders. This is also known as OCMP-6592. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45352 |
CVE-2023-45353 | Atos Unify OpenScape Common Management Portal V10 before V10 R4.17.0 and V10 R5.1.0 allows an authenticated attacker to execute arbitrary code on the operating system by leveraging the Common Management Portal web interface for Authenticated remote upload and creation of arbitrary files affecting the underlying operating system. This is also known as OCMP-6591. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45353 |
CVE-2023-45354 | Atos Unify OpenScape Common Management Portal V10 before V10 R4.17.0 and V10 R5.1.0 allows an authenticated remote attacker to execute arbitrary code on the operating system by using the Common Management Portal web interface. This is also known as OCMP-6589. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45354 |
CVE-2023-45355 | Atos Unify OpenScape 4000 Platform V10 R1 before Hotfix V10 R1.42.2 and 4000 and Manager Platform V10 R1 before Hotfix V10 R1.42.2 allow command injection by an authenticated attacker into the platform operating system, leading to administrative access via the webservice. This is also known as OSFOURK-24120. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45355 |
CVE-2023-45356 | Atos Unify OpenScape 4000 Platform V10 R1 before Hotfix V10 R1.42.2 4000 and Manager Platform V10 R1 before Hotfix V10 R1.42.2 allow command injection by an authenticated attacker into the platform operating system, leading to administrative access, via dtb pages of the platform portal. This is also known as OSFOURK-23719. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45356 |
CVE-2023-45363 | An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service (unbounded loop and RequestTimeoutException) when querying pages redirected to other variants with redirects and converttitles set. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45363 |
CVE-2023-45364 | An issue was discovered in includes/page/Article.php in MediaWiki 1.36.x through 1.39.x before 1.39.5 and 1.40.x before 1.40.1. Deleted revision existence is leaked due to incorrect permissions being checked. This reveals that a given revision ID belonged to the given page title, and its timestamp, both of which are not supposed to be public information. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45364 |
CVE-2023-45367 | An issue was discovered in the CheckUser extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. A user can use a rest.php/checkuser/v0/useragent-clienthints/revision/ URL to store an arbitrary number of rows in cu_useragent_clienthints, leading to a denial of service. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45367 |
CVE-2023-45369 | An issue was discovered in the PageTriage extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. Usernames of hidden users are exposed. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45369 |
CVE-2023-45370 | An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. SportsTeams: Special:SportsManagerLogo and Special:SportsTeamsManagerLogo do not check for the sportsteamsmanager user right, and thus an attacker may be able to affect pages that are concerned with sports teams. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45370 |
CVE-2023-45371 | An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. There is no rate limit for merging items. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45371 |
CVE-2023-45372 | An issue was discovered in the Wikibase extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. During item merging, ItemMergeInteractor does not have an edit filter running (e.g., AbuseFilter). | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45372 |
CVE-2023-45373 | An issue was discovered in the ProofreadPage extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. XSS can occur via formatNumNoSeparators. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45373 |
CVE-2023-45374 | An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It does not check for the anti-CSRF edit token in Special:SportsTeamsManager and Special:UpdateFavoriteTeams. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45374 |
CVE-2023-39854 | The web interface of ATX Ucrypt through 3.5 allows authenticated users (or attackers using default credentials for the admin, master, or user account) to include files via a URL in the /hydra/view/get_cc_url url parameter. There can be resultant SSRF. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-39854 |
CVE-2023-3589 | A Cross-Site Request Forgery (CSRF) vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x allows an attacker to send a specifically crafted query to the server. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-3589 |
CVE-2023-44231 | Cross-Site Request Forgery (CSRF) vulnerability in NickDuncan Contact Form plugin <= 2.0.10 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44231 |
CVE-2023-44232 | Cross-Site Request Forgery (CSRF) vulnerability in Huseyin Berberoglu WP Hide Pages plugin <= 1.0 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44232 |
CVE-2023-44260 | Cross-Site Request Forgery (CSRF) vulnerability in Mikk Mihkel Nurges, Rebing OÜ Woocommerce ESTO plugin <= 2.23.1 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44260 |
CVE-2023-44236 | Cross-Site Request Forgery (CSRF) vulnerability in Devnath verma WP Captcha plugin <= 2.0.0 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44236 |
CVE-2023-44237 | Cross-Site Request Forgery (CSRF) vulnerability in Moriyan Jay WP Site Protector plugin <= 2.0 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44237 |
CVE-2023-44238 | Cross-Site Request Forgery (CSRF) vulnerability in Joakim Ling Remove slug from custom post type plugin <= 1.0.3 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44238 |
CVE-2023-44246 | Cross-Site Request Forgery (CSRF) vulnerability in Matias s Shockingly Simple Favicon plugin <= 1.8.2 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44246 |
CVE-2023-44240 | Cross-Site Request Forgery (CSRF) vulnerability in Peter Butler Timthumb Vulnerability Scanner plugin <= 1.54 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44240 |
CVE-2023-44473 | Cross-Site Request Forgery (CSRF) vulnerability in Michael Tran Table of Contents Plus plugin <= 2302 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44473 |
CVE-2023-44993 | Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud AI ChatBot plugin <= 4.7.8 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44993 |
CVE-2023-45612 | In JetBrains Ktor before 2.3.5 default configuration of ContentNegotiation with XML format was vulnerable to XXE | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45612 |
CVE-2023-45613 | In JetBrains Ktor before 2.3.5 server certificates were not verified | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45613 |
CVE-2023-5330 | Mattermost fails to enforce a limit for the size of the cache entry for OpenGraph data allowing an attacker to send a specially crafted request to the /api/v4/opengraph filling the cache and turning the server unavailable. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5330 |
CVE-2023-5331 | Mattermost fails to properly check the creator of an attached file when adding the file to a draft post, potentially exposing unauthorized file information. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5331 |
CVE-2023-5333 | Mattermost fails to deduplicate input IDs allowing a simple user to cause the application to consume excessive resources and possibly crash by sending a specially crafted request to /api/v4/users/ids with multiple identical IDs. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5333 |
CVE-2023-43696 | Improper Access Control in SICK APU allows an unprivileged remote attacker to download as well as upload arbitrary files via anonymous access to the FTP server. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43696 |
CVE-2023-43699 | Improper Restriction of Excessive Authentication Attempts in RDT400 in SICK APU allows an unprivileged remote attacker to guess the password via trial-and-error as the login attempts are not limited. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43699 |
CVE-2023-43700 | Missing Authorization in RDT400 in SICK APU allows an unprivileged remote attacker to modify data via HTTP requests that no not require authentication. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43700 |
CVE-2023-45247 | Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 36497. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45247 |
CVE-2023-45248 | Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Agent (Windows) before build 36497. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45248 |
CVE-2023-43697 | Modification of Assumed-Immutable Data (MAID) in RDT400 in SICK APU allows an unprivileged remote attacker to make the site unable to load necessary strings via changing file paths using HTTP requests. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43697 |
CVE-2023-43698 | Improper Neutralization of Input During Web Page Generation (’Cross-site Scripting’) in RDT400 in SICK APU allows an unprivileged remote attacker to run arbitrary code in the clients browser via injecting code into the website. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43698 |
CVE-2023-5100 | Cleartext Transmission of Sensitive Information in RDT400 in SICK APU allows an unprivileged remote attacker to retrieve potentially sensitive information via intercepting network traffic that is not encrypted. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5100 |
CVE-2023-5101 | Files or Directories Accessible to External Parties in RDT400 in SICK APU allows an unprivileged remote attacker to download various files from the server via HTTP requests. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5101 |
CVE-2023-5102 | Insufficient Control Flow Management in RDT400 in SICK APU allows an unprivileged remote attacker to potentially enable hidden functionality via HTTP requests. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5102 |
CVE-2023-5103 | Improper Restriction of Rendered UI Layers or Frames in RDT400 in SICK APU allows an unprivileged remote attacker to potentially reveal sensitive information via tricking a user into clicking on an actionable item using an iframe. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5103 |
CVE-2022-35950 | OroCommerce is an open-source Business to Business Commerce application. In versions 4.1.0 through 4.1.13, 4.2.0 through 4.2.10, 5.0.0 prior to 5.0.11, and 5.1.0 prior to 5.1.1, the JS payload added to the product name may be executed at the storefront when adding a note to the shopping list line item containing a vulnerable product. An attacker should be able to edit a product in the admin area and force a user to add this product to Shopping List and click add a note for it. Versions 5.0.11 and 5.1.1 contain a fix for this issue. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-35950 |
CVE-2023-25822 | ReportPortal is an AI-powered test automation platform. Prior to version 5.10.0 of the `com.epam.reportportal:service-api` module, corresponding to ReportPortal version 23.2, the ReportPortal database becomes unstable and reporting almost fully stops except for small launches with approximately 1 test inside when the test_item.path field is exceeded the allowable `ltree` field type indexing limit (path length>=120, approximately recursive nesting of the nested steps). REINDEX INDEX path_gist_idx and path_idx aren't helped. The problem was fixed in `com.epam.reportportal:service-api` module version 5.10.0 (product release 23.2), where the maximum number of nested elements were programmatically limited. A workaround is available. After deletion of the data with long paths, and reindexing both indexes (path_gist_idx and path_idx), the database becomes stable and ReportPortal works properly. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25822 |
CVE-2023-36820 | Micronaut Security is a security solution for applications. Prior to versions 3.1.2, 3.2.4, 3.3.2, 3.4.3, 3.5.3, 3.6.6, 3.7.4, 3.8.4, 3.9.6, 3.10.2, and 3.11.1, IdTokenClaimsValidator skips `aud` claim validation if token is issued by same identity issuer/provider. Any OIDC setup using Micronaut where multiple OIDC applications exists for the same issuer but token auth are not meant to be shared. This issue has been patched in versions 3.1.2, 3.2.4, 3.3.2, 3.4.3, 3.5.3, 3.6.6, 3.7.4, 3.8.4, 3.9.6, 3.10.2, and 3.11.1. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-36820 |
CVE-2023-41660 | Cross-Site Request Forgery (CSRF) vulnerability in WPSynchro WP Synchro plugin <= 1.9.1 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-41660 |
CVE-2023-43643 | AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. Prior to version 1.7.4, there is a potential for a mutation XSS (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the `preserveComments` directive must be enabled in your policy file and also allow for certain tags at the same time. As a result, certain crafty inputs can result in elements in comment tags being interpreted as executable when using AntiSamy's sanitized output. This issue has been patched in AntiSamy 1.7.4 and later. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43643 |
CVE-2023-44378 | gnark is a zk-SNARK library that offers a high-level API to design circuits. Prior to version 0.9.0, for some in-circuit values, it is possible to construct two valid decomposition to bits. In addition to the canonical decomposition of `a`, for small values there exists a second decomposition for `a+r` (where `r` is the modulus the values are being reduced by). The second decomposition was possible due to overflowing the field where the values are defined. Upgrading to version 0.9.0 should fix the issue without needing to change the calls to value comparison methods. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44378 |
CVE-2023-44393 | Piwigo is an open source photo gallery application. Prior to version 14.0.0beta4, a reflected cross-site scripting (XSS) vulnerability is in the` /admin.php?page=plugins&tab=new&installstatus=ok&plugin_id=[here]` page. This vulnerability can be exploited by an attacker to inject malicious HTML and JS code into the HTML page, which could then be executed by admin users when they visit the URL with the payload. The vulnerability is caused by the insecure injection of the `plugin_id` value from the URL into the HTML page. An attacker can exploit this vulnerability by crafting a malicious URL that contains a specially crafted `plugin_id` value. When a victim who is logged in as an administrator visits this URL, the malicious code will be injected into the HTML page and executed. This vulnerability can be exploited by any attacker who has access to a malicious URL. However, only users who are logged in as administrators are affected. This is because the vulnerability is only present on the `/admin.php?page=plugins&tab=new&installstatus=ok&plugin_id=[here]` page, which is only accessible to administrators. Version 14.0.0.beta4 contains a patch for this issue. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44393 |
CVE-2023-30910 | HPE MSA Controller prior to version IN210R004 could be remotely exploited to allow inconsistent interpretation of HTTP requests. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30910 |
CVE-2023-41047 | OctoPrint is a web interface for 3D printers. OctoPrint versions up until and including 1.9.2 contain a vulnerability that allows malicious admins to configure a specially crafted GCODE script that will allow code execution during rendering of that script. An attacker might use this to extract data managed by OctoPrint, or manipulate data managed by OctoPrint, as well as execute arbitrary commands with the rights of the OctoPrint process on the server system. OctoPrint versions from 1.9.3 onward have been patched. Administrators of OctoPrint instances are advised to make sure they can trust all other administrators on their instance and to also not blindly configure arbitrary GCODE scripts found online or provided to them by third parties. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-41047 |
CVE-2023-44400 | Uptime Kuma is a self-hosted monitoring tool. Prior to version 1.23.3, attackers with access to a user's device can gain persistent account access. This is caused by missing verification of Session Tokens after password changes and/or elapsed inactivity periods. Version 1.23.3 has a patch for the issue. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44400 |
CVE-2023-5365 | HP LIFE Android Mobile application is potentially vulnerable to escalation of privilege and/or information disclosure. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5365 |
CVE-2023-42455 | Wazuh is a security detection, visibility, and compliance open source project. In versions 4.4.0 and 4.4.1, it is possible to get the Wazuh API administrator key used by the Dashboard using the browser development tools. This allows a logged user to the dashboard to become administrator of the API, even if their dashboard role is not. Version 4.4.2 contains a fix. There are no known workarounds. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42455 |
CVE-2023-39189 | A flaw was found in the Netfilter subsystem in the Linux kernel. The nfnl_osf_add_callback function did not validate the user mode controlled opt_num field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-39189 |
CVE-2023-39192 | A flaw was found in the Netfilter subsystem in the Linux kernel. The xt_u32 module did not validate the fields in the xt_u32 structure. This flaw allows a local privileged attacker to trigger an out-of-bounds read by setting the size fields with a value beyond the array boundaries, leading to a crash or information disclosure. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-39192 |
CVE-2023-39193 | A flaw was found in the Netfilter subsystem in the Linux kernel. The sctp_mt_check did not validate the flag_count field. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, leading to a crash or information disclosure. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-39193 |
CVE-2023-39194 | A flaw was found in the XFRM subsystem in the Linux kernel. The specific flaw exists within the processing of state filters, which can result in a read past the end of an allocated buffer. This flaw allows a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read, potentially leading to an information disclosure. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-39194 |
CVE-2023-41667 | Cross-Site Request Forgery (CSRF) vulnerability in Ulf Benjaminsson WP-dTree plugin <= 4.4.5 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-41667 |
CVE-2023-41668 | Cross-Site Request Forgery (CSRF) vulnerability in Leadster plugin <= 1.1.2 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-41668 |
CVE-2022-3431 | A potential vulnerability in a driver used during manufacturing process on some consumer Lenovo Notebook devices that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-3431 |
CVE-2023-41669 | Cross-Site Request Forgery (CSRF) vulnerability in DAEXT Live News plugin <= 1.06 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-41669 |
CVE-2023-41670 | Cross-Site Request Forgery (CSRF) vulnerability in Palasthotel (in person: Edward Bock) Use Memcached plugin <= 1.0.4 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-41670 |
CVE-2023-41672 | Cross-Site Request Forgery (CSRF) vulnerability in Rémi Leclercq Hide admin notices – Admin Notification Center plugin <= 2.3.2 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-41672 |
CVE-2023-5459 | A vulnerability has been found in Delta Electronics DVP32ES2 PLC 1.48 and classified as critical. This vulnerability affects unknown code of the component Password Transmission Handler. The manipulation leads to denial of service. The exploit has been disclosed to the public and may be used. VDB-241582 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5459 |
CVE-2023-5460 | A vulnerability was found in Delta Electronics WPLSoft up to 2.51 and classified as problematic. This issue affects some unknown processing of the component Modbus Data Packet Handler. The manipulation leads to heap-based buffer overflow. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-241583. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5460 |
CVE-2023-44392 | Garden provides automation for Kubernetes development and testing. Prior tov ersions 0.13.17 and 0.12.65, Garden has a dependency on the cryo library, which is vulnerable to code injection due to an insecure implementation of deserialization. Garden stores serialized objects using cryo in the Kubernetes `ConfigMap` resources prefixed with `test-result` and `run-result` to cache Garden test and run results. These `ConfigMaps` are stored either in the `garden-system` namespace or the configured user namespace. When a user invokes the command `garden test` or `garden run` objects stored in the `ConfigMap` are retrieved and deserialized. This can be used by an attacker with access to the Kubernetes cluster to store malicious objects in the `ConfigMap`, which can trigger a remote code execution on the users machine when cryo deserializes the object. In order to exploit this vulnerability, an attacker must have access to the Kubernetes cluster used to deploy garden remote environments. Further, a user must actively invoke either a `garden test` or `garden run` which has previously cached results. The issue has been patched in Garden versions `0.13.17` (Bonsai) and `0.12.65` (Acorn). Only Garden versions prior to these are vulnerable. No known workarounds are available. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44392 |
CVE-2023-44467 | langchain_experimental 0.0.14 allows an attacker to bypass the CVE-2023-36258 fix and execute arbitrary code via the PALChain in the python exec method. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44467 |
CVE-2023-44811 | Cross Site Request Forgery (CSRF) vulnerability in MooSocial v.3.1.8 allows a remote attacker to execute arbitrary code and obtain sensitive information via the admin Password Change Function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44811 |
CVE-2023-5461 | A vulnerability was found in Delta Electronics WPLSoft 2.51. It has been classified as problematic. Affected is an unknown function of the component Modbus Handler. The manipulation leads to cleartext transmission of sensitive information. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-241584. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5461 |
CVE-2022-36228 | Nokelock Smart padlock O1 Version 5.3.0 is vulnerable to Insecure Permissions. By sending a request, you can add any device and set the device password in the Nokelock app. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-36228 |
CVE-2022-3728 | A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under specific circumstances which could allow unauthorized access. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-3728 |
CVE-2022-48182 | A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under specific circumstances which could allow unauthorized access. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48182 |
CVE-2022-48183 | A vulnerability was reported in ThinkPad T14s Gen 3 and X13 Gen3 that could cause the BIOS tamper detection mechanism to not trigger under specific circumstances which could allow unauthorized access. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-48183 |
CVE-2023-43271 | Incorrect access control in 70mai a500s v1.2.119 allows attackers to directly access and delete the video files of the driving recorder through ftp and other protocols. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43271 |
CVE-2023-44812 | Cross Site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the admin_redirect_url parameter of the user login function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44812 |
CVE-2023-44813 | Cross Site Scripting (XSS) vulnerability in mooSocial v.3.1.8 allows a remote attacker to execute arbitrary code via a crafted payload to the mode parameter of the invite friend login function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44813 |
CVE-2023-43641 | libcue provides an API for parsing and extracting data from CUE sheets. Versions 2.2.1 and prior are vulnerable to out-of-bounds array access. A user of the GNOME desktop environment can be exploited by downloading a cue sheet from a malicious webpage. Because the file is saved to `~/Downloads`, it is then automatically scanned by tracker-miners. And because it has a .cue filename extension, tracker-miners use libcue to parse the file. The file exploits the vulnerability in libcue to gain code execution. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43641 |
CVE-2023-43899 | hansun CMS v1.0 was discovered to contain a SQL injection vulnerability via the component /ajax/ajax_login.ashx. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43899 |
CVE-2023-5462 | A vulnerability was found in XINJE XD5E-30R-E 3.5.3b. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Modbus Handler. The manipulation leads to denial of service. The exploit has been disclosed to the public and may be used. The identifier VDB-241585 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5462 |
CVE-2023-5463 | A vulnerability was found in XINJE XDPPro up to 3.7.17a. It has been rated as critical. Affected by this issue is some unknown functionality in the library cfgmgr32.dll. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. VDB-241586 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5463 |
CVE-2023-44846 | An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_ notify.php component. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44846 |
CVE-2023-44847 | An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_ Weixin.php component. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44847 |
CVE-2023-44848 | An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_template.php component. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44848 |
CVE-2023-5471 | A vulnerability, which was classified as critical, was found in codeprojects Farmacia 1.0. Affected is an unknown function of the file index.php. The manipulation of the argument usario/senha leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-241608. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5471 |
CVE-2023-40310 | SAP PowerDesigner Client - version 16.7, does not sufficiently validate BPMN2 XML document imported from an untrusted source. As a result, URLs of external entities in BPMN2 file, although not used, would be accessed during import. A successful attack could impact availability of SAP PowerDesigner Client. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40310 |
CVE-2023-41365 | SAP Business One (B1i) - version 10.0, allows an authorized attacker to retrieve the details stack trace of the fault message to conduct the XXE injection, which will lead to information disclosure. After successful exploitation, an attacker can cause limited impact on the confidentiality and no impact to the integrity and availability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-41365 |
CVE-2023-42473 | S/4HANA Manage (Withholding Tax Items) - version 106, does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges which has low impact on the confidentiality and integrity of the application. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42473 |
CVE-2023-42474 | SAP BusinessObjects Web Intelligence - version 420, has a URL with parameter that could be vulnerable to XSS attack. The attacker could send a malicious link to a user that would possibly allow an attacker to retrieve the sensitive information. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42474 |
CVE-2023-42475 | The Statutory Reporting application has a vulnerable file storage location, potentially enabling low privileged attacker to read server files with minimal impact on confidentiality. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42475 |
CVE-2023-42477 | SAP NetWeaver AS Java (GRMG Heartbeat application) - version 7.50, allows an attacker to send a crafted request from a vulnerable web application, causing limited impact on confidentiality and integrity of the application. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42477 |
CVE-2020-18336 | Cross Site Scripting (XSS) vulnerability found in Typora v.0.9.65 allows a remote attacker to obtain sensitive information via the PDF file exporting function. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-18336 |
CVE-2023-42189 | Insecure Permissions vulnerability in Connectivity Standards Alliance Matter Official SDK v.1.1.0.0 , Nanoleaf Light strip v.3.5.10, Govee LED Strip v.3.00.42, switchBot Hub2 v.1.0-0.8, Phillips hue hub v.1.59.1959097030, and yeelight smart lamp v.1.12.69 allows a remote attacker to cause a denial of service via a crafted script to the KeySetRemove function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42189 |
CVE-2023-44826 | Cross Site Scripting vulnerability in ZenTaoPMS v.18.6 allows a local attacker to obtain sensitive information via a crafted script. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44826 |
CVE-2023-44827 | An issue in ZenTao Community Edition v.18.6 and before, ZenTao Biz v.8.6 and before, ZenTao Max v.4.7 and before allows an attacker to execute arbitrary code via a crafted script to the Office Conversion Settings function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44827 |
CVE-2023-44959 | An issue found in D-Link DSL-3782 v.1.03 and before allows remote authenticated users to execute arbitrary code as root via the Router IP Address fields of the network settings page. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44959 |
CVE-2023-45208 | A command injection in the parsing_xml_stasurvey function inside libcgifunc.so of the D-Link DAP-X1860 repeater 1.00 through 1.01b05-01 allows attackers (within range of the repeater) to run shell commands as root during the setup process of the repeater, via a crafted SSID. Also, network names containing single quotes (in the range of the repeater) can result in a denial of service. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45208 |
CVE-2023-41684 | Cross-Site Request Forgery (CSRF) vulnerability in Felix Welberg SIS Handball plugin <= 1.0.45 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-41684 |
CVE-2023-41694 | Cross-Site Request Forgery (CSRF) vulnerability in Realbig Team Realbig For WordPress plugin <= 1.0.3 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-41694 |
CVE-2023-41697 | Cross-Site Request Forgery (CSRF) vulnerability in Nikunj Soni Easy WP Cleaner plugin <= 1.9 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-41697 |
CVE-2023-41730 | Cross-Site Request Forgery (CSRF) vulnerability in SendPress Newsletters plugin <= 1.22.3.31 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-41730 |
CVE-2023-41850 | Cross-Site Request Forgery (CSRF) vulnerability in Morris Bryant, Ruben Sargsyan Outbound Link Manager plugin <= 1.2 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-41850 |
CVE-2023-41851 | Cross-Site Request Forgery (CSRF) vulnerability in Dotsquares WP Custom Post Template <= 1.0 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-41851 |
CVE-2023-41852 | Cross-Site Request Forgery (CSRF) vulnerability in MailMunch MailMunch – Grow your Email List plugin <= 3.1.2 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-41852 |
CVE-2023-41853 | Cross-Site Request Forgery (CSRF) vulnerability in WP iCal Availability plugin <= 1.0.3 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-41853 |
CVE-2023-41854 | Cross-Site Request Forgery (CSRF) vulnerability in Softaculous Ltd. WpCentral plugin <= 1.5.7 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-41854 |
CVE-2023-41858 | Cross-Site Request Forgery (CSRF) vulnerability in Ashok Rane Order Delivery Date for WP e-Commerce plugin <= 1.2 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-41858 |
CVE-2023-41876 | Cross-Site Request Forgery (CSRF) vulnerability in Hardik Kalathiya WP Gallery Metabox plugin <= 1.0.0 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-41876 |
CVE-2023-44257 | Cross-Site Request Forgery (CSRF) vulnerability in Hometory Mang Board WP plugin <= 1.7.6 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44257 |
CVE-2023-44259 | Cross-Site Request Forgery (CSRF) vulnerability in Mediavine Mediavine Control Panel plugin <= 2.10.2 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44259 |
CVE-2023-44261 | Cross-Site Request Forgery (CSRF) vulnerability in Dinesh Karki Block Plugin Update plugin <= 3.3 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44261 |
CVE-2023-5498 | Cross-Site Request Forgery (CSRF) in GitHub repository chiefonboarding/chiefonboarding prior to v2.0.47. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5498 |
CVE-2023-44763 | Concrete CMS v9.2.1 is affected by Arbitrary File Upload vulnerability via the Thumbnail" file upload, which allows Cross-Site Scripting (XSS). | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44763 |
CVE-2023-43785 | A vulnerability was found in libX11 due to a boundary condition within the _XkbReadKeySyms() function. This flaw allows a local user to trigger an out-of-bounds read error and read the contents of memory on the system. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43785 |
CVE-2023-43786 | A vulnerability was found in libX11 due to an infinite loop within the PutSubImage() function. This flaw allows a local user to consume all available system resources and cause a denial of service condition. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43786 |
CVE-2023-43787 | A vulnerability was found in libX11 due to an integer overflow within the XCreateImage() function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43787 |
CVE-2023-43788 | A vulnerability was found in libXpm due to a boundary condition within the XpmCreateXpmImageFromBuffer() function. This flaw allows a local to trigger an out-of-bounds read error and read the contents of memory on the system. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43788 |
CVE-2023-30801 | All versions of the qBittorrent client through 4.5.5 use default credentials when the web user interface is enabled. The administrator is not forced to change the default credentials. As of 4.5.5, this issue has not been fixed. A remote attacker can use the default credentials to authenticate and execute arbitrary operating system commands using the "external program" feature in the web user interface. This was reportedly exploited in the wild in March 2023. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30801 |
CVE-2023-44241 | Cross-Site Request Forgery (CSRF) vulnerability in Keap Keap Landing Pages plugin <= 1.4.2 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44241 |
CVE-2023-44470 | Cross-Site Request Forgery (CSRF) vulnerability in Kvvaradha Kv TinyMCE Editor Add Fonts plugin <= 1.1 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44470 |
CVE-2023-44487 | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44487 |
CVE-2023-4966 | Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA ?virtual?server. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-4966 |
CVE-2023-5488 | A vulnerability was found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. It has been rated as critical. Affected by this issue is some unknown functionality of the file /sysmanage/updatelib.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-241640. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5488 |
CVE-2023-5499 | Information exposure vulnerability in Shenzhen Reachfar v28, the exploitation of which could allow a remote attacker to retrieve all the week's logs stored in the 'log2' directory. An attacker could retrieve sensitive information such as remembered wifi networks, sent messages, SOS device locations and device configurations. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5499 |
CVE-2023-30802 | The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to a source code disclosure vulnerability. A remote and unauthenticated attacker can obtain PHP source code by sending an HTTP request with an invalid Content-Length field. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30802 |
CVE-2023-30803 | The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can bypass authentication and access administrative functionality by sending HTTP requests using a crafted Y-forwarded-for header. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30803 |
CVE-2023-30804 | The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authenticated file disclosure vulnerability. A remote and authenticated attacker can read arbitrary system files using the svpn_html/loadfile.php endpoint. This issue is exploitable by a remote and unauthenticated attacker when paired with CVE-2023-30803. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30804 |
CVE-2023-30805 | The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /LogInOut.php endpoint. This is due to mishandling of shell meta-characters in the "un" parameter. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30805 |
CVE-2023-30806 | The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an operating system command injection vulnerability. A remote and unauthenticated attacker can execute arbitrary commands by sending a crafted HTTP POST request to the /cgi-bin/login.cgi endpoint. This is due to mishandling of shell meta-characters in the PHPSESSID cookie. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-30806 |
CVE-2023-44471 | Cross-Site Request Forgery (CSRF) vulnerability in Bernhard Kau Backend Localization plugin <= 2.1.10 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44471 |
CVE-2023-44475 | Cross-Site Request Forgery (CSRF) vulnerability in Michael Simpson Add Shortcodes Actions And Filters plugin <= 2.0.9 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44475 |
CVE-2023-44476 | Cross-Site Request Forgery (CSRF) vulnerability in Andres Felipe Perea V. CopyRightPro plugin <= 2.1 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44476 |
CVE-2023-44994 | Cross-Site Request Forgery (CSRF) vulnerability in Bainternet ShortCodes UI plugin <= 1.9.8 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44994 |
CVE-2023-5489 | A vulnerability classified as critical has been found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. This affects an unknown part of the file /Tool/uploadfile.php. The manipulation of the argument file_upload leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-241641 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5489 |
CVE-2023-5490 | A vulnerability classified as critical was found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. This vulnerability affects unknown code of the file /useratte/userattestation.php. The manipulation of the argument web_img leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-241642 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5490 |
CVE-2023-5491 | A vulnerability, which was classified as critical, has been found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. This issue affects some unknown processing of the file /sysmanage/updatelib.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-241643. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5491 |
CVE-2023-43896 | A buffer overflow in Macrium Reflect 8.1.7544 and below allows attackers to escalate privileges or execute arbitrary code. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-43896 |
CVE-2023-44995 | Cross-Site Request Forgery (CSRF) vulnerability in WP Doctor WooCommerce Login Redirect plugin <= 2.2.4 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44995 |
CVE-2023-44996 | Cross-Site Request Forgery (CSRF) vulnerability in Naresh Parmar Post View Count plugin <= 1.8.2 versions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44996 |
CVE-2023-5492 | A vulnerability, which was classified as critical, was found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928. Affected is an unknown function of the file /sysmanage/licence.php. The manipulation of the argument file_upload leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-241644. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5492 |
CVE-2023-5493 | A vulnerability has been found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /useratte/web.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-241645 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5493 |
CVE-2023-5494 | A vulnerability was found in Beijing Baichuo Smart S45F Multi-Service Secure Gateway Intelligent Management Platform up to 20230928 and classified as critical. Affected by this issue is some unknown functionality of the file /log/download.php. The manipulation of the argument file leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-241646 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5494 |
CVE-2020-27213 | An issue was discovered in Ethernut Nut/OS 5.1. The code that generates Initial Sequence Numbers (ISNs) for TCP connections derives the ISN from an insufficiently random source. As a result, an attacker may be able to determine the ISN of current and future TCP connections and either hijack existing ones or spoof future ones. While the ISN generator seems to adhere to RFC 793 (where a global 32-bit counter is incremented roughly every 4 microseconds), proper ISN generation should aim to follow at least the specifications outlined in RFC 6528. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-27213 |
CVE-2020-27630 | In Silicon Labs uC/TCP-IP 3.6.0, TCP ISNs are improperly random. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-27630 |
CVE-2020-27631 | In Oryx CycloneTCP 1.9.6, TCP ISNs are improperly random. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-27631 |
CVE-2020-27633 | In FNET 4.6.3, TCP ISNs are improperly random. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-27633 |
CVE-2020-27634 | In Contiki 4.5, TCP ISNs are improperly random. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-27634 |
CVE-2020-27635 | In PicoTCP 1.7.0, TCP ISNs are improperly random. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-27635 |
CVE-2020-27636 | In Microchip MPLAB Net 3.6.1, TCP ISNs are improperly random. | – | https://nvd.nist.gov/vuln/detail/CVE-2020-27636 |
CVE-2022-22298 | A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiIsolator version 1.0.0, FortiIsolator version 1.1.0, FortiIsolator version 1.2.0 through 1.2.2, FortiIsolator version 2.0.0 through 2.0.1, FortiIsolator version 2.1.0 through 2.1.2, FortiIsolator version 2.2.0, FortiIsolator version 2.3.0 through 2.3.4 allows attacker to execute arbitrary OS commands in the underlying shell via specially crafted input parameters. | – | https://nvd.nist.gov/vuln/detail/CVE-2022-22298 |
CVE-2023-25604 | An insertion of sensitive information into log file vulnerability in Fortinet FortiGuest 1.0.0 allows a local attacker to access plaintext passwords in the RADIUS logs. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25604 |
CVE-2023-25607 | An improper neutralization of special elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78 ] in FortiManager 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions, FortiAnalyzer 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions and FortiADC 7.1.0, 7.0.0 through 7.0.3, 6.2 all versions, 6.1 all versions, 6.0 all versions management interface may allow an authenticated attacker with at least READ permissions on system settings to execute arbitrary commands on the underlying shell due to an unsafe usage of the wordexp function. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-25607 |
CVE-2023-33301 | An improper access control vulnerability in Fortinet FortiOS 7.2.0 - 7.2.4 and 7.4.0 allows an attacker to access a restricted resource from a non trusted host. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-33301 |
CVE-2023-34985 | A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-34985 |
CVE-2023-34986 | A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-34986 |
CVE-2023-34987 | A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-34987 |
CVE-2023-34988 | A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-34988 |
CVE-2023-34989 | A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-34989 |
CVE-2023-34992 | A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.0.0 and 6.7.0 through 6.7.5 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.1 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via crafted API requests. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-34992 |
CVE-2023-34993 | A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-34993 |
CVE-2023-36478 | Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, an integer overflow in `MetaDataBuilder.checkSize` allows for HTTP/2 HPACK header values to exceed their size limit. `MetaDataBuilder.java` determines if a header name or value exceeds the size limit, and throws an exception if the limit is exceeded. However, when length is very large and huffman is true, the multiplication by 4 in line 295 will overflow, and length will become negative. `(_size+length)` will now be negative, and the check on line 296 will not be triggered. Furthermore, `MetaDataBuilder.checkSize` allows for user-entered HPACK header value sizes to be negative, potentially leading to a very large buffer allocation later on when the user-entered size is multiplied by 2. This means that if a user provides a negative length value (or, more precisely, a length value which, when multiplied by the 4/3 fudge factor, is negative), and this length value is a very large positive number when multiplied by 2, then the user can cause a very large buffer to be allocated on the server. Users of HTTP/2 can be impacted by a remote denial of service attack. The issue has been fixed in versions 11.0.16, 10.0.16, and 9.4.53. There are no known workarounds. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-36478 |
CVE-2023-36547 | A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-36547 |
CVE-2023-36548 | A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-36548 |
CVE-2023-36549 | A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-36549 |
CVE-2023-36550 | A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-36550 |
CVE-2023-36555 | An improper neutralization of script-related html tags in a web page (basic xss) in Fortinet FortiOS 7.2.0 - 7.2.4 allows an attacker to execute unauthorized code or commands via the SAML and Security Fabric components. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-36555 |
CVE-2023-36556 | An incorrect authorization vulnerability [CWE-863] in FortiMail webmail version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.5 and below 6.4.7 allows an authenticated attacker to login on other users accounts from the same web domain via crafted HTTP or HTTPs requests. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-36556 |
CVE-2023-36637 | An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiMail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated attacker to inject HTML tags in FortiMail's calendar via input fields. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-36637 |
CVE-2023-37935 | A use of GET request method with sensitive query strings vulnerability in Fortinet FortiOS 7.0.0 - 7.0.12, 7.2.0 - 7.2.5 and 7.4.0 allows an attacker to view plaintext passwords of remote services such as RDP or VNC, if the attacker is able to read the GET requests to those services. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-37935 |
CVE-2023-37939 | An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiClient for Windows 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions, Linux 7.2.0, 7.0 all versions, 6.4 all versions, 6.2 all versions and Mac 7.2.0 through 7.2.1, 7.0 all versions, 6.4 all versions, 6.2 all versions, may allow a local authenticated attacker with no Administrative privileges to retrieve the list of files or folders excluded from malware scanning. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-37939 |
CVE-2023-40718 | A interpretation conflict in Fortinet IPS Engine versions 7.321, 7.166 and 6.158 allows attacker to evade IPS features via crafted TCP packets. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-40718 |
CVE-2023-41675 | A use after free vulnerability [CWE-416] in FortiOS version 7.2.0 through 7.2.4 and version 7.0.0 through 7.0.10 and FortiProxy version 7.2.0 through 7.2.2 and version 7.0.0 through 7.0.8 may allow an unauthenticated remote attacker to crash the WAD process via multiple crafted packets reaching proxy policies or firewall policies with proxy mode alongside SSL deep packet inspection. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-41675 |
CVE-2023-41679 | An improper access control vulnerability [CWE-284] in FortiManager management interface 7.2.0 through 7.2.2, 7.0.0 through 7.0.7, 6.4.0 through 6.4.11, 6.2 all versions, 6.0 all versions may allow a remote and authenticated attacker with at least "device management" permission on his profile and belonging to a specific ADOM to add and delete CLI script on other ADOMs | – | https://nvd.nist.gov/vuln/detail/CVE-2023-41679 |
CVE-2023-41838 | An improper neutralization of special elements used in an os command ('os command injection') in FortiManager 7.4.0 and 7.2.0 through 7.2.3 may allow attacker to execute unauthorized code or commands via FortiManager cli. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-41838 |
CVE-2023-41841 | An improper authorization vulnerability in Fortinet FortiOS 7.0.0 - 7.0.11 and 7.2.0 - 7.2.4 allows an attacker belonging to the prof-admin profile to perform elevated actions. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-41841 |
CVE-2023-42782 | A insufficient verification of data authenticity vulnerability [CWE-345] in FortiAnalyzer version 7.4.0 and below 7.2.3 allows a remote unauthenticated attacker to send messages to the syslog server of FortiAnalyzer via the knoweldge of an authorized device serial number. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42782 |
CVE-2023-42787 | A client-side enforcement of server-side security [CWE-602] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 may allow a remote attacker with low privileges to access a privileged web console via client side code execution. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42787 |
CVE-2023-42788 | An improper neutralization of special elements used in an os command ('OS Command Injection') vulnerability [CWE-78] in FortiManager & FortiAnalyzer version 7.4.0, version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.8, version 6.4.0 through 6.4.12 and version 6.2.0 through 6.2.11 may allow a local attacker with low privileges to execute unauthorized code via specifically crafted arguments to a CLI command | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42788 |
CVE-2023-44249 | An authorization bypass through user-controlled key [CWE-639] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 allows a remote attacker with low privileges to read sensitive information via crafted HTTP requests. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44249 |
CVE-2023-44399 | ZITADEL provides identity infrastructure. In versions 2.37.2 and prior, ZITADEL administrators can enable a setting called "Ignoring unknown usernames" which helps mitigate attacks that try to guess/enumerate usernames. While this settings was properly working during the authentication process it did not work correctly on the password reset flow. This meant that even if this feature was active that an attacker could use the password reset function to verify if an account exist within ZITADEL. This bug has been patched in versions 2.37.3 and 2.38.0. No known workarounds are available. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-44399 |
CVE-2023-5495 | A vulnerability was found in QDocs Smart School 6.4.1. It has been classified as critical. This affects an unknown part of the file /course/filterRecords/ of the component HTTP POST Request Handler. The manipulation of the argument searchdata[0][title]/searchdata[0][searchfield]/searchdata[0][searchvalue] leads to sql injection. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-241647. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5495 |
CVE-2023-5496 | A vulnerability was found in Translator PoqDev Add-On 1.0.11 on Firefox. It has been rated as problematic. This issue affects some unknown processing of the component Select Text Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-241649 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5496 |
CVE-2023-42794 | Incomplete Cleanup vulnerability in Apache Tomcat. The internal fork of Commons FileUpload packaged with Apache Tomcat 9.0.70 through 9.0.80 and 8.5.85 through 8.5.93 included an unreleased, in progress refactoring that exposed a potential denial of service on Windows if a web application opened a stream for an uploaded file but failed to close the stream. The file would never be deleted from disk creating the possibility of an eventual denial of service due to the disk being full. Users are recommended to upgrade to version 9.0.81 onwards or 8.5.94 onwards, which fixes the issue. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42794 |
CVE-2023-42795 | Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fixes the issue. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-42795 |
CVE-2023-45129 | Synapse is an open-source Matrix homeserver written and maintained by the Matrix.org Foundation. Prior to version 1.94.0, a malicious server ACL event can impact performance temporarily or permanently leading to a persistent denial of service. Homeservers running on a closed federation (which presumably do not need to use server ACLs) are not affected. Server administrators are advised to upgrade to Synapse 1.94.0 or later. As a workaround, rooms with malicious server ACL events can be purged and blocked using the admin API. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45129 |
CVE-2023-4309 | Election Services Co. (ESC) Internet Election Service is vulnerable to SQL injection in multiple pages and parameters. These vulnerabilities allow an unauthenticated, remote attacker to read or modify data for any elections that share the same backend database. ESC deactivated older and unused elections and enabled web application firewall (WAF) protection for current and future elections on or around 2023-08-12. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-4309 |
CVE-2023-5497 | A vulnerability classified as critical has been found in Tongda OA 2017 11.10. Affected is an unknown function of the file general/hr/salary/welfare_manage/delete.php. The manipulation of the argument WELFARE_ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-241650 is the identifier assigned to this vulnerability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-5497 |
CVE-2023-31096 | An issue was discovered in Broadcom) LSI PCI-SV92EX Soft Modem Kernel Driver through 2.2.100.1 (aka AGRSM64.sys). There is Local Privilege Escalation to SYSTEM via a Stack Overflow in RTLCopyMemory (IOCTL 0x1b2150). An attacker can exploit this to elevate privileges from a medium-integrity process to SYSTEM. This can also be used to bypass kernel-level protections such as AV or PPL, because exploit code runs with high-integrity privileges and can be used in coordinated BYOVD (bring your own vulnerable driver) ransomware campaigns. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-31096 |
CVE-2023-45648 | Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.81 and from 8.5.0 through 8.5.93 did not correctly parse HTTP trailer headers. A specially crafted, invalid trailer header could cause Tomcat to treat a single request as multiple requests leading to the possibility of request smuggling when behind a reverse proxy. Users are recommended to upgrade to version 11.0.0-M12 onwards, 10.1.14 onwards, 9.0.81 onwards or 8.5.94 onwards, which fix the issue. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45648 |
CVE-2023-45312 | In the mtproto_proxy (aka MTProto proxy) component through 0.7.2 for Erlang, a low-privileged remote attacker can access an improperly secured default installation without authenticating and achieve remote command execution ability. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-45312 |
CVE-2023-36126 | There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of preview.php in PHPJabbers Appointment Scheduler v3.0 | – | https://nvd.nist.gov/vuln/detail/CVE-2023-36126 |
CVE-2023-36127 | User enumeration is found in in PHPJabbers Appointment Scheduler 3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-36127 |
CVE-2023-26220 | The Spotfire Library component of TIBCO Software Inc.'s Spotfire Analyst and Spotfire Server contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s Spotfire Analyst: versions 11.4.7 and below, versions 11.5.0, 11.6.0, 11.7.0, 11.8.0, 12.0.0, 12.0.1, 12.0.2, 12.0.3, and 12.0.4, versions 12.1.0 and 12.1.1 and Spotfire Server: versions 11.4.11 and below, versions 11.5.0, 11.6.0, 11.6.1, 11.6.2, 11.6.3, 11.7.0, 11.8.0, 11.8.1, 12.0.0, 12.0.1, 12.0.2, 12.0.3, 12.0.4, and 12.0.5, versions 12.1.0 and 12.1.1. | – | https://nvd.nist.gov/vuln/detail/CVE-2023-26220 |